Spotlight On... Atty. Jon O. Bello CIPM CIPP/E, Associate General Counsel - Asia (Philippines, Japan, and China) at Alorica and IAPP KnowledgeNet Chapter Co-chair (Philippines)

In this edition, we feature Atty. Jon O. Bello CIPM CIPP/E, Associate General Counsel - Asia (Philippines, Japan, and China) at Alorica and IAPP KnowledgeNet Chapter Co-chair (Philippines)

Please share with our readers your background

I have been practicing law for more than 20 years. I started out as a labor and litigation lawyer before becoming an in-house counsel for a US BPO where I was exposed to different legal jurisdictions and privacy cultures particularly those in the US and Latin America. 

How is it that you got interested in data privacy/protection? When did you first get involved and exposed to the importance of data privacy?

It all started with a missing laptop sometime in 2009.  I was with my first US BPO company when we had a report that one of our US employees lost a company issued laptop.  I was part of the team involved in the investigation. I then realized how serious other countries  were with respect to the security of personal data which was not usual in the Philippine situation at that time.  I eventually became included in a team that ensured our company’s compliance with the Health Information Portability and Accountability Act and  Payment Card Data Industry Security Standard.

What data privacy courses did you take from Straits Interactive /DPEX network and why?

I  took two International Association Privacy Professional certification courses - CIPM and CIPP/E.

I have decided to take the  CIPP/E course  because EU GDPR is  the universal language of data protection.   Most data protection laws, including the Philippine Data Privacy Act of 2012, have been influenced if not patterned after the  EU GDPR.  As a lawyer, being knowledgeable and developing expertise on EU GDPR has helped me become a better advocate of data protection. 

The CIPM course helped me understand how to operationalize privacy compliance in a consistent and uniform manner considering that we have 4 Philippine companies employing 40,000 people in 19 different sites all over the Philippines.  I also took the CIPM course because it would help me prepare for an expanded privacy role in an international level as I now also cover Japan, China, and India.

How was that different from other courses you took?

I had  not taken similar courses elsewhere but  I did previously  attend several seminars on data protection.  Unfortunately, I did not learn much as the seminars’ approach was too legalistic and without practical application.  This motivated me to look for courses that met international standards and that was why how I found out about Straits Interactive.   

Which privacy functions are you involved in? (or what privacy opportunities do you hope to pursue and which specific functions)

I currently ensure  our company’s compliance with the Philippine Data Privacy of 2012 through a privacy program which includes among other things,  the conduct of privacy impact assessments,   training  and awareness,  internal audits, and assessments of third party vendors.  I am the company’s subject matter expert on privacy related issues and concerns.  I work with  the BPO Industry associations and government bodies to adopt or amend privacy legislation, standards, or guidance.

What advice do you have for others? (e.g. those wanting to follow your path, international certification. Or those who have not formally taken training)

 Anyway who wishes to be involved in privacy/data protection should have a solid foundation and one of the means to achieve this is to take internationally accredited certification courses.  Regardless of any new privacy challenge brought about by global trends and technological developments, you will be immovable as long as you have a solid foundation.