13 minute read

Ritchie Po: Cybersecurity & Data Privacy Lawyer | PORTFOLIO.YVR Business & Entrepreneurs Magazine | Volume 2 | Issue 4 | 2024

Ritchie Po is a privacy and technology lawyer who can be independently hired for a contract, fixed-term, time-and-materials, or consultancy basis.

Ritchie holds both Canadian (CIPP/C) and European / GDPR (CIPP/E) privacy professional designations He provides global data privacy consulting advice to institutional clients and help small businesses manage data privacy breaches.

Ritchie's practice focuses on enabling businesses to create efficiencies to enhance product development and service delivery in compliance with privacy legislation

He has acted as legal counsel to a major Telecom, a multinational corporate trust agency, two Fortune 500 companies, and the WorkSafeBC.

Ritchie's extensive experience in privacy consulting is a testament to his expertise.

He has reviewed the privacy programs for major organizations, identifying opportunities for improvement to ensure legislative compliance in all aspects of the business.

He conducts privacy impact assessments, responds to privacy complaints and breaches, provides education and training, and represents clients before the Office of the Privacy Commissioner of British Columbia.

His prompt and accurate responses to queries from stakeholders, and his collaborative approach with business groups, further highlight his professional capabilities.

Ritchie is a rare lawyer who ' speaks geek.' That is, he works heavily with IT clients to understand complex systems and is able to translate this knowledge so that executives can comprehend and make informed business decisions when assuming privacy risks.

His professional volunteering experiences include serving as the Chair for the Canadian Bar Association (CBA) BC's FOI & Privacy Law subsection, the IAPP's Canadian Advisory Board, Reboot Communications, and the Digital Governance Council of Canada.

Ritchie Po, a published legal editor, is also a Contributing Editor to the commercial retail trade publication Retail Insider, assisting its founder Craig Patterson at its inception.

IN HIS WORDS

"It was in 2011 that I realized I was an entrepreneur when I was already in my early 30s. I had been Called to the Bar for about five years at that point, and they say in the first five years you figure out what you are and your area of focus.

"I recognized early on that I wanted to be the person who calls in to resolve issues as an impartial outsider outside the traditional law firm model. Businesses were only then starting to realize how critical data privacy would be for their operations. There was a lot of untapped market for individual legal practitioners since not all entities championed privacy management as a priority and business driver I saw the opportunity for a sole practitioner to position myself in the market.

"There was general dissatisfaction with the type of work I did. In the first few years of my legal career, I focused on the more "traditional" areas of practice, such as insurance litigation, real estate conveyancing, securities, and other corporate/commercial law areas. I did not see myself doing anything innovative in these fields while competing with others who are partner-track in large multinational firms or trying to leave that track and go into in-house jobs.

"Another motivating factor was that law is not always the big globe-trotting career people think it is. I wanted to practice in a field where I could effect change not only for individual clients but also - and this is where I get idealistic - effect large-scale positive change. Once I started to work with data privacy and understood that the map of AI is global and touches every industry in the world, I began to picture myself as an SME in one corner of the world with the ability to reach a potential global and outward-facing audience.

"It was the lightbulb moment when I realized that organizations may not need that kind of advice full-time but need an external consultant to help them build their data privacy management program. Some needed it for long-term projects.

"I transitioned from an in-house general counsel role to data privacy as that was the one area in which I had done some work I had enjoyed but only got to do part-time.

"It was the moment when I completed my first major fixed- term contract with Telus in 2012. It was intended to be a 90-day contract. But when they said they wanted to renew me, it was for another year, with the opportunity to make it a multi-year consultancy.

"I knew I was doing great work for them, but I needed that validation. They were not just saying they needed someone to do a job; they were saying that they were investing in me, which speaks to my skill set and my worth as a professional. So, that initial three-month trial contract turned into a full-time consultancy that lasted well over four years!

"It was then that I took a detour in 2016 when that long-term contract ended and became a public servant with WorkSafeBC for the next four years.

"While that is not necessarily entrepreneurial, it allowed me to see the business from a public sector point of view, and I came to understand the challenges from the other side of the fence. It was a great experience because I now know their specific challenges regarding data privacy compliance when I meet with public sector clients. Now that I can speak to them directly about them and let them know how I can provide advice and support in a way that enables them to meet their legislative mandate, they appreciate my knowledge of their business. It's how I win long-term contracts.

"There was this moment at the start of the pandemic when I was laid off from my government job, like millions of other people. Human resources put me in a cab and sent me home.

"In that short cab ride back, I remembered that my former Telus colleagues banded together and started an IT security consulting firm and asked me occasionally if I was interested in doing some privacy work on the side That is when I texted the CEO, "I have been sacked! You got anything for me?" he texted me within seconds, asking for a meeting. It was the last in-person business meeting I took before the world shut down, but that is how I ended up as the Privacy Lead at Kobalt.io, where I built the privacy consultancy and am still working today as an external consultant. So, if anyone asks me for the fastest time I got a job after losing one, I always say "about five minutes." And for this, I will always be grateful to them.

"When I think of the key people in my career, Garry Hawkings immediately comes to mind. He hired me for the role at Telus Security Solutions. I would also go on to work with him a decade later when I went back out on my own during the pandemic. Gary had written a job description thinking no one would ever fill that role, and he hired me because I was the only "unicorn" applicant with every required skill When the pandemic hit and I was laid off, Michael Argast took me on at Kobalt io, and we collaborated on some genuinely great ventures "

"Michael was never one to let me rest on my laurels, so when he asked me to consult on new and emerging laws, I simultaneously expanded my skill set and evolved into a better professional."

"I recently joined OpenRep AI as their new AI Ethics & Data Privacy Officer. Their CEO, Anthony Green, initially approached me to speak as a data privacy subject matter expert at conferences, which helped me emerge from my shell. I had become complacent as a background player and not as a lead We will be collaborating on several worthwhile projects well into the future.

"I have always been fortunate to be mentored by Ray Everett, the world's first privacy officer (look it up on his Wikipedia, it is true), who has always been a great sounding board and has always been the model of an accomplished privacy lawyer consultant who thrives in every aspect of his life.

"There's also D. Stuart Gray, my mentor from early in my legal career, who saw my potential early on and has always looked after me. Through him I learned integrity and how to always be impeccable with your word.

And lastly, there is Craig Patterson, my longtime friend from law school who started Retail Insider (I may have nagged him into it) and appointed me as the first member of his editorial board. I occasionally receive some great swag from RI events, so he helps me bring couture to legal and IT security events.

"Now I am known as the go-to cybersecurity, data privacy, and AI lawyer who can "translate" legal and technical requirements into sound business advice.

"I am dedicated to helping my clients grow their businesses while becoming innovative, ethical leaders in the tech space Only a few lawyers are dedicated to this area of practice, so my combined legal experience and long history of working within the technology industry is what you need to go from the pre-revenue stage into a ten-figure company.

"You can count on me as your de facto Asian Tiger Dad to keep you in line and hold you accountable, but it is for your own good!

"I am also the child of Chinese-Filipino immigrants, and my family did not uproot our lives overseas when we were young just so I could be average and not excel. Like all immigrant parents, they wanted their children to not only succeed but to improve upon what they accomplished. I am from a family of academics, business conglomerates, and professionals, which was the real motivation behind my desire to seek new practice avenues.

"I also realize that the tech space can still heavily skew towards cishet white men, but there is a huge, diverse community in the industry that is innovating faster than we can fathom. They are the leaders now and for the future I would, therefore, like to collaborate with more businesses owned and operated by women and by those in the BIPOC and queer-friendly communities "

"True innovation cannot happen unless everyone has a seat at a table in the room where it happens.

"My advice for those considering a change: Always level up!

"When I first started in data privacy, I worked primarily with provincial and national legislation When I started working with more private sector clients with an international customer profile, I used my time during lockdown to get certified as an EU data privacy law expert (working mainly with the General Data Protection Regulation or "GDPR")."

"I had to take that test while social distancing in a test centre, and there wasn't even a vaccine available, so I took a gamble on both my skill set and my health!

"Eventually, I started working with American-based clients and became knowledgeable in California data privacy and health industry privacy (HIPAA) as well. I still work with all these legislative regimes today and advise my clients on them. So I went from a local focus to a thousand-yard stare on the privacy legislative and compliance landscape has gone global. I cannot wait to become more heavily involved in the EU AI legal requirements and working with Asia- Pacific privacy law requirements.

"You can only push to the next level once you raise the bar on yourself so that you have new goals to achieve That is how you become better in any profession.

"The words I live by are on that poster you may have seen on Pinterest: " Drink some coffee, put on some gangsta rap, and handle it."

"In terms of my personal life, I have always looked after myself, but I have added several new habits in the last few years to keep my mind, body, and soul together. Hopefully, I am not only older but also growing wiser.

"The significant change is that I no longer see myself as a younger lawyer. I am solidly middle age but have already planned for retirement That means I am no longer trying to prove myself but have psychologically positioned myself as a truly experienced SME, not merely an "aspiring" or "emerging" one.

"For my physical health, I do small group weight training three times a week and can deadlift over 200 pounds regularly! I still swim, run, and practice yoga. I have also calmed my "monkey brain" by incorporating meditation into my daily life Sometimes, I will not take a call or answer my phone because I need five minutes to re-center myself and re-enter the world.

"I have also made more thoughtful and ethical decisions with my diet and have gone partially plant-based as a way of harm reduction. My doctor is thrilled with my bloodwork as a result (Although you can always tempt me with my weakness, bubble tea.) Also, do not underestimate the power of K- beauty masks!"

"Looking back, I do not see my business development as a five-year plan but as a four-year cycle or quadrennial

"It included university, law school, early practice, fixed contract engagements, and ongoing employment. I see myself setting up for the next four years with a specific goal like every Olympic athlete hoping to win gold or get on the podium. That is the only way to become a champion. When the next summer Olympics come around in Los Angeles in 2028 (after Paris this year), check in again with me.

"As of now, I am an independent contractor working primarily with institutional clients. While I have a solid book of business and some large-scale contracts on the go, I am always looking for my next challenge, which will be in the AI field.

"Having worked in health tech, fintech, retail, and other sectors, I know that the next challenge is in machine learning. I want to work with clients in that field but understand their obligations to society and the world at large by developing ethical AI.

"Therefore, I want to connect with innovative firms that prioritize data privacy so I can develop and implement it organically into their organization.

"I will only work with entities that understand this and share my philosophy. Data privacy is not going away anytime soon, and lip service is not a firm commitment

"I should also mention that I am also part of the technical panel for the Digital Governance Council of Canada, where we are collaborating on developing national standards governing IT security and data protection measures. I am also occasionally still working on legislative submissions on developing legislation, which I have done before through the Canadian Bar Association.

"While it is hard to predict what will happen, I will continue contributing to the development of AI and data privacy as a national legal expert and present on the topic globally

"I see myself continuing to be the go-to data privacy, subject matter expert Do you remember that show 'Better Call Saul?' In this case, if you have an issue, you better call Po (Ritchie Po). It is no accident that the initials for " privacy officer" spell "PO."

"No matter what happens, I intend to be dressed impeccably for it!"

RITCHIE PO, CYBERSECURITY & DATA PRIVACY LAWYER

@STYLEDLEGALLY

This article is from: