Bernard Woo is a Senior Director Analyst with a primary focus on data protection/privacy risk management and compliance programs. Additional coverage areas include data classification, operational technology (OT) security, and 5G security considerations.
Mr. Woo holds three privacy-related certifications: Fellow of Information Privacy [FIP], Certified Information Privacy Professional/Canada [CIPP] and Certified Information Privacy Manager [CIPM]. In addition, Mr. Woo holds the Lean/Six Sigma Yellow Belt designation and is a licensed Professional Engineer [P.Eng.] in the province of Ontario (Canada).
Throughout his career in privacy-related roles, Mr. Woo has excelled at working with stakeholders from various functions (e.g., IT, legal, marketing, security, HR) to devise innovative, efficient solutions that enable organizations to grow and achieve its objectives, while ensuring the protection of individual privacy rights.
Mr. Woo has over 14 years of privacy-related experience across multiple industries in both the private and public sectors. Experienced at embedding "Privacy by Design (PbD)" principles into daily operations, Mr. Woo has expert knowledge in conducting privacy impact assessments, as well as leading privacy risk management and compliance programs in organizations operating in multiple jurisdictions.
Director, Privacy Programs Lead
Wells Fargo Bank (Canada / Latin America Regions)
AVP, Regional Privacy Lead / Canada Branch Privacy Officer
Ontario Lottery and Gaming Corporation
Senior Manager, Information Access and Privacy Services
Security and Risk Management Leaders
Technology, Information and Resilience Risk
Privacy Program Management
Masters of Business Administration, Schulich School of Business, York University
Bachelor of Applied Science, Electrical Engineering, University of Waterloo
1Build and mature privacy management / compliance programs.
2Embed privacy and data protection into operations / products (Privacy by Design / Privacy Engineering).
3Review privacy policies, procedures and guidelines.
4Multi-jurisdictional privacy considerations (e.g. GDPR, CCPA, CPRA, PIPEDA, LGPD etc.)