Privicy Insights
Weekly analysis and commentary written by Rishi Maharaj, CIPM · CIPP/E · AI Governance Architect. Jurisdiction-specific, practitioner-written, and built for the organisations actually navigating these questions in this region.
When foundational AI becomes infrastructure, accountability cannot be left to market forces. Six governance obligations — from utility regulation to civil society oversight — that no state, especially small ones, can afford to ignore.
Read the analysis →The Jamaica DPA 2020 has been in force long enough that "we're working on compliance" is no longer credible. Five gaps that appear most consistently — and where exposure is widest.
AI Governance · CaribbeanCaribbean businesses with European clients, partners, or operations are already within scope of the EU AI Act for certain AI system deployments. Here is what that means practically.
Trinidad & Tobago · Data ProtectionThe Data Protection Act of Trinidad and Tobago has been on the books for over a decade. Enforcement expectations have evolved significantly. This is what organisations need to be doing — and what regulators are now looking for.
Multi-Jurisdiction · Data ProtectionOrganisations operating across multiple Caribbean territories face overlapping — and sometimes conflicting — data protection obligations. This guide maps the key differences and explains how a group compliance programme should be structured.
AI Governance · BoardsMost Caribbean boards are not asking the right questions about the AI systems their organisations are deploying. These five questions are the starting point for meaningful governance oversight.
Topics We Cover