top of page
AI.Privacy.Security.Logo-Centered.png

About

Schinn & Burgess is a low-volume boutique consulting firm providing fractional DPO and CISO services, including expertise and thought leadership in areas of AI oversight, privacy compliance, and security governance. We primarily support early-seed startups or nonprofits who don't have budget for full privacy programs but need help to get started while avoiding the risks of living in the digital age.

Light on Concrete Wall

Our Services

1

AI Governance Program Development

Design practical AI governance frameworks covering acceptable use, accountability, oversight, documentation, testing, and monitoring. Help organizations manage legal, ethical, operational, and reputational risks while enabling responsible adoption of AI tools and automated decision systems.

2

Privacy Compliance Assessments

Evaluate current data practices against laws such as GDPR, CCPA, and other privacy frameworks. Identify compliance gaps, document risks, and provide a prioritized roadmap to improve policies, procedures, notices, consent practices, and internal controls.

3

Website Privacy & Cookie Compliance Reviews

Assess websites for privacy notice accuracy, cookie disclosures, consent banners, and tracking technologies. Help businesses align website practices with GDPR, CCPA, and other privacy requirements while reducing regulatory and reputational risk.

Our Thoughts

The Unintended Inefficiencies of Giving Everyone AI

Garbage In, Overconfidence Out: The Regulatory Burden Nobody Counted in Their AI ROI

Read More

What the New EDPB Scientific Research Guidelines Mean for Innovation

The EDPB’s Scientific Research Guidelines offer a pragmatic, research‑friendly interpretation of the GDPR—one that recognises the societal value of science while reinforcing the protection of individuals’ rights.

Read More

When Pseudonymised Data May Not Be “Personal”: Key Takeaways from EDPS v SRB

The EDPS v SRB judgment confirms what many privacy professionals have long argued: pseudonymised data is not inherently personal data in every context.

Read More
bottom of page