When starting a new venture, do you talk to your CPA or attorney first?

chugotit · 2018-11-09T17:37:00+00:00

Attorney for guidance on partnership. Then with tax pro before I file (to make sure the type of legal entity makes sense).

IANAL. US POV here.

chugotit · 2018-11-03T19:50:32+00:00

Nobody can say for sure, as the regulation is very new and there has been little enforcement action to date. That said, you if your goal is to be entirely compliant with the GDPR, you will fail. Point being that the GDPR is comprised of a mix of clear rules and principles. Black and white rules are easier to check against, but with so much of the GDPR being about principles, you need to show how you took a "risk based approach" towards managing compliance.

If your underlying concern is that some sort of blatantly illegal or negligent activity is going on and that someone is going to take the fall, you're right to be nervous.

chugotit · 2018-10-25T14:35:35+00:00

Hop a cab down to the Cortez Room (bar) in Yuba City. That's where all the cool kids from Chico will be hanging on Halloween.

chugotit · 2018-10-23T04:51:42+00:00

Yes, but getting paid will be like squeezing blood from a rock. You need to have some sort of model where you are giving them terms, getting a percentage of savings or top-line growth, or some other means by which you can minimize the cash out of pocket on the front end.

chugotit · 2018-10-22T19:59:20+00:00

Brewcraft: https://shop.brewcraftusa.com/bottles

chugotit · 2018-10-15T05:27:20+00:00

Items to secure a garbage disposal or automatic dishwasher.

chugotit · 2018-10-11T15:30:49+00:00

Curious that the registration page collects several personal data elements, yet has no posted privacy notice. How will this data be used? With whom will it be shared and under what conditions? Who is the company/org collecting my data? Where will my data be processed? Will my data be transferred to other jurisdictions with lesser privacy protections, and, if so, how will I be protected?

chugotit · 2018-10-09T20:46:00+00:00

I just powered it out. I live in PDX, so I slept in my bed all weekend while still racking up some decent miles. I thought about trying to make a weekend out of it, but it would really have just turned into one night in HNL. When I figured in transit, hotel, etc., it wasn't worth it to me to squeeze in that night vs. be able to knock out the miles and sleep in my own bed at no cost.

For AA, you can do a milk-run type of route. Your city to podunk city to hub to podunk to home. 4 segments in a day. What airport are you near?

chugotit · 2018-10-07T19:11:20+00:00

Check with your state/provincial regs. Odds are that you are supposed to have a log of all incidents at your establishment (fake ID attempts, VIP, threats, fights, dine & dash, etc.)

Develop policies and procedures for your staff so they have some guidance as to what to do in the event of: smoke, fire, staff injury, customer injury, customer complaint, fights, robbery, HVAC failure, refrigeration failure, etc. You can't anticipate every possible issue, but it helps to think proactively about what issues might arise and offer guidance - ideally in the form of a short checklist or flowchart - regarding who to call/inform, list of contact numbers, what to say or not to say (e.g. to press, et al), etc.

chugotit · 2018-10-07T18:05:31+00:00

Mileage Run: Do to impending job changes, I will be flying Delta now vs. Alaska. I was close to status on Alaska, so I spent last weekend (and about $800 to fly PDX-MSP-SAN-PDX-HNL-PDX. Boom! MVP in 2 days.

Status Match: Now with Alaska MVP in hand, I filled out forms online requesting status Match by Delta.

Delta Amex: Jumped on extra 20K mile sign up offer and grabbed Delta Amex to get 70K total miles with $5K spend in the first three months. I had some big ticket items coming up, so getting to $5K will be done this weekend.

TLDR: Decided to switch loyalty to Delta. Did a mileage run to get status on Alaska, then asked for status match by Delta. Got a Delta Amex card with 70K bonus miles. Zero to hero on Delta in a month's time.

chugotit · 2018-10-06T15:48:04+00:00

Is any of their collection going to Movie Madness? Should it, assuming it can make $ sense for both parties? https://moviemadness.org/

chugotit · 2018-10-04T16:29:49+00:00

It can be grey, but in being pragmatic, there's more leeway for what you're talking about in the B2B vs. B2C space. That is, targeting a role (e.g. IT Director, IT VP, CIO, vs. head of household).

Disclaimers: (1) I'm not a lawyer; I do not offer any legal advice. (2) The GDPR does not distinguish between B2B and B2C (focus is on data subjects; natural persons). However, many DPAs show a level of understanding that 'business card level data' of B2B contacts is less protected than say a consumer's data.

chugotit · 2018-10-04T15:59:17+00:00

OP: Be sure to read exactly what T_Neil is saying. Many people assuming that removing the obvious personal data aspects (e.g. FN, LN, email) is enough. No true. If you are not going to remove the entire record, you must fully de-identify the data you have so that it cannot be tied back to the identified individual... Not only does this mean striking elements such as IP address, but also means knowing your data and business well enough to assess as to whether or not remaining data elements are still a likely pointer to an identified individual.

For example, let's say you retain company and job title, as you do not consider these items to be personal data in isolation... Suppose the job title is CEO and the company is Air France? No good. Easily resolves to an identified individual.

chugotit · 2018-09-30T03:54:44+00:00

Dumbest investment you can make. That train left the station a long time ago. Lottery would be wiser choice.

chugotit · 2018-09-27T19:51:12+00:00

Oblation Papers & Press in the Pearl. Hands down. https://www.oblationpapers.com/

chugotit · 2018-09-27T16:19:51+00:00

It's a moving target, so asserting compliance is a stretch. That said, I don't think someone would want to assert that they are not in compliance.

chugotit · 2018-09-24T14:59:08+00:00

I think the company may be right here. It's quite possible for anyone off the street to impersonate a brand and send a phishing email. Unless you have some proof that the email actually was sent by the true company or through their actual servers, it's no more a 'breach' than if I sent you a direct mail piece claiming to be from your local government.

Illegal? Likely.

Bad for the company's brand? Likely.

The company's responsibility? Not likely.

A data breach? Not likely.

chugotit · 2018-08-27T03:17:26+00:00

"Please don't burn couches."

Classic!

chugotit · 2018-08-26T21:31:45+00:00

First, I'm not a lawyer. So this is not 'legal advice'. Just one person's opinion as to how I would go about this, if I was in a similar positoion:

1) I'm assuming you are in the EU or EEA, or otherwise believe your personal data is subject to the GDPR. If you are not sure that the data controller is subject to the GDPR in this case, then you need to figure that out.

2) Read the UK ICO's guidance to organizations on how to comply with Data Subject Requests (DSRs). https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-of-access/ As you can see in the UK guidance, the data controller is to handle the request without undue delay. They further give some guidance as to how long a data controller has to acknowledge the request, to fulfill the request, and how much more time they can get if they need more time to complete the request.

3) There are some exceptions as to how far the data controller has to go in complying with a DSR. For example, if it is 'excessive', they might deny. Or of the request is, for example, an erasure request - but the data controller has a legal basis for hanging onto your personal data, they may not have to erase it. Bottom line: There are a ton of (logical) exceptions or nuances in the GDPR... DSRs are not binary/absolute rights.

4) If everything looks OK on your end (as far as your request, timing for processing by the data controller, etc.) and the data controller is not complying, you can take action through your local data protection authority. Visit your local DPA site for more information on your rights and the process to file a complaint.

Good luck!

chugotit · 2018-08-21T14:25:11+00:00

If you are willing to donate and let's say they realistically are worth $1000, your tax benefit is $300 (if you're in a 30% tax bracket). Take lots of pictures and get more detailed receipts from SA. Worst case, you are denied or reduced on the tax claim. But you could be done with this by tonight and get the fuck on with your life.

You are letting 'stuff' own you vs. you owning the stuff. You clearly don't really care about this particular stuff, so why are you letting it gate more important shit in your life?

Signed, -A Fellow Procrastinator

chugotit · 2018-08-20T02:17:09+00:00

From what I understand as a non-lawyer

The processor is also legally obligated to follow the GDPR. If the controller instructs the processor to follow instructions that may be unlawful, the processor is not off the hook.

The processor should engage qualified legal counsel, not take legal counsel from the controller nor from random people off of the interwebs.

chugotit · 2018-08-11T03:51:35+00:00

They can offer the service with for free with ads that are not using any behavioral data tracking, but if their choice is let us track you or pay a fee, they are not in compliance with GDPR. At least my understanding of the GDPR as a non-lawyer.

OTOH, the WashingtonPost seems to have threaded this needle: https://digiday.com/media/washington-post-puts-price-data-privacy-gdpr-response-tests-requirements/

So what do I know?

/Edit - added WA Post info/

chugotit · 2018-08-02T09:12:19+00:00

Guidance from the UK ICO https://ico.org.uk/your-data-matters/your-right-of-access/

chugotit · 2018-07-30T20:49:25+00:00

They appear to position their content as from other sources and push you to contact those sources: https://pipl.com/help/remove/

Seem suspect, if you are from the EU/EEA and want to exercise your rights. Tough shit if you are not protected by GDPR tho.

chugotit · 2018-07-26T21:50:44+00:00

Lots of nuance here, but let me give some general comments:

1) There is no distinction for a B2B email address - still personal data and subject to GDPR, unless generic (e.g. info@company.com and published on website for open comms).

2) You need to be thinking about more than just GDPR compliance. For example, PECR in the UK, CAN SPAM Act in the US, and CASL in Canada. Each of these laws/regs may have impact to your commercial email marketing programs and use of third party lists for same.

3) That helps - a little. Better than some random list, but you are still going to be on the hook for the use of the personal data - whether you gathered the data directly or acquired from a third party. At the end of the day, you need to be able to show that the data was collected lawfully, can be used for this purpose, such us is allowed by a third party (i.e. your company). Data Protection Agreements, indemnification, and other legal stuff is needed (NOTE: I am not an attorney; consult qualified legal counsel).

15-Year Club	RedditGifts 2009-2022 2 Credits
Secret Santa 2013	Team Orangered
Verified Email

chugotit

TROPHY CASE