Public Interest Advisory
Fifteen years in the making.
Built for this moment.
The convergence of data, artificial intelligence, and institutional accountability is not a future challenge. It is the defining governance question of the present. Privicy Advisory Services exists because we saw it coming — and spent fifteen years building the knowledge to advise on it.
Our Background
Where this practice comes from.
Most advisory firms in this space began as legal practices or IT consultancies that added a privacy line when GDPR created a market. Privicy began differently — at the policy table, before most organisations knew they needed to care.
The foundation of this practice was laid long before "data protection" became a compliance industry. Rishi Maharaj was involved in the drafting and final passage of the Data Protection Act of Trinidad and Tobago — not as an outside observer, but as a project lead within the public service. At the same time, he was contributing to the ITU HIPCAR Project, developing model legislation on freedom of information and data protection for the Caribbean region.
That work instilled something that still defines this practice: an understanding that data governance is fundamentally a question of power — who holds information, who controls it, and who is accountable when it is misused.
Before advising organisations, Rishi spent over a decade inside government — understanding how institutions actually work, how policy is made and unmade, and how the gap between what legislation says and what organisations do gets bridged in practice. His work included co-leading the design and implementation of TTConnect, one of the region's most ambitious e-government service delivery initiatives.
This background means we advise on governance with an understanding of what it actually looks like from the inside — the pressures, the constraints, and the moments where good intentions and poor systems produce real harm.
Privicy Advisory Services was formally established as the Caribbean data protection landscape began to accelerate. The practice was built to offer something the market was not providing: advisory grounded in Caribbean law, Caribbean institutional context, and Caribbean regulatory culture — not GDPR frameworks with a regional veneer applied on top.
Today the practice serves as External Group DPO to major financial and insurance conglomerates across multiple jurisdictions, advising boards on compliance architecture, breach management, regulatory engagement, and the governance of AI systems.
The rebrand to a public interest advisory practice reflects something that has become impossible to ignore: the challenges organisations face around data, AI, and accountability cannot be separated from each other. An AI system making decisions that affect people's access to credit, insurance, or public services is simultaneously a data protection issue, an AI governance issue, and a human rights issue.
The breadth of this practice — data protection, AI governance, ethics, transparency, and the political dimensions of digital systems — is not a feature of our branding. It reflects the actual shape of the problems our clients bring to us.
The Technology Moment
AI is not arriving. It is already inside your organisation — and most governance frameworks are not ready for what that means.
The gap between deployment and governance
Organisations across the Caribbean are adopting AI tools faster than the governance frameworks meant to oversee them are being built. That gap is where liability accumulates quietly until it becomes visible all at once.
Data protection and AI are the same question
Every AI system that processes personal data is a data protection matter. Every consequential automated decision is a human rights matter. The organisations that treat these as separate compliance workstreams are building frameworks with structural blind spots.
The Caribbean is not exempt from what comes next
Global AI governance frameworks — the EU AI Act, NIST AI RMF, ISO 42001 — are reshaping expectations for organisations operating internationally. Advisors who can translate those frameworks into Caribbean context are rare.
Qualifications & Expertise
The credentials that underpin the practice.
CIPM — Certified Information Privacy Manager
International Association of Privacy Professionals. Covers privacy programme management, accountability frameworks, and operational privacy governance.
CIPP/E — Certified Information Privacy Professional
European privacy law and practice, including GDPR — the global benchmark against which Caribbean legislation is increasingly aligned and interpreted.
AI Governance Architect
Specialist credential in responsible AI deployment and algorithmic accountability — one of the first in the Caribbean to hold this designation.
BSc & MSc in Government, University of the West Indies
A political science foundation that shapes how this practice approaches governance — not as a compliance exercise, but as a question of institutional design, power, and public accountability.
How We Work
The principles that guide our counsel.
Integrity
We give clients our honest assessment, not the answer they want to hear. Advisory that confirms existing decisions is not advisory — it is expensive validation. We are direct, even when it is uncomfortable.
Accountability
We hold ourselves to the same standards we recommend to clients. Our advice is documented, our reasoning is explained, and we are accountable for the quality of our work.
Trust
The name Privicy carries the meaning of the Privy Council — the trusted advisor to those who govern. Trust is not claimed. It is earned through consistency, competence, and the willingness to be present when the difficult decisions are made.
Work With Us
If the questions keep you up at night, we should talk.
We work with boards, legal counsel, CISOs, and senior government officials who are thinking seriously about what it means to govern data and AI responsibly. Schedule a free 30-minute consultation.