Privacy Impact Assessment (PIA) Specialist - Senior

Privacy Impact Assessment (PIA) Specialist

On behalf of our client in the Healthcare Sector, PROCOM is looking for a Privacy Impact Assessment (PIA) Specialist.

Privacy Impact Assessment (PIA) Specialist – Job Description

Required to lead or support the development of a privacy impact assessment that evaluates whether new technologies, information systems, or proposed programs or policies meet legal and policy privacy requirements, determine and mitigate risks, and address clients’ concerns

These requirements include ensuring that the program complies with provincial, municipal, federal and private sector access and privacy legislation, as well as relevant regulations, statutes, policies, Directives, standards, guidelines and internationally accepted Fair Information Practices

Privacy Impact Assessment (PIA) Specialist – Mandatory Skills

Excellent knowledge of privacy and security concepts, trends, and issues

This will include an understanding of their impact on business processes, as well as skill with interpretation and communication of principles and compliance requirements

Knowledge of, and experience in researching and applying relevant information privacy laws, regulations, jurisprudence (particularly as it relates to the Information and Privacy Commissioner of Ontario) and risk countermeasures

Experience in conducting Privacy Impact Assessments in public sector context

Knowledge of, and experience with privacy enhancing best practices

Knowledge and ability to interpret and apply Ontario’s Freedom of Information and Protection of Privacy Act (FIPPA) and its municipal equivalent the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA), Personal Health Information Protection Act (PHIPA) their respective regulations and related jurisprudence

Familiarity with federal Personal Information Protection and Electronic Documents Act (PIPEDA) and US PATRIOT Act

Policy Knowledge

Good understanding of related disciplines, such as IT security, IT system design, policy development (privacy or security), business architecture, legal processes, Freedom of Information administration, business analysis, risk management, project management.

Operational Program and Business Design Skills

Ability to lead, manage or support the development of a PIA either independently or as part of a team by directing and gathering input from specific individuals within the organization

Knowledge and ability to create and understand data flow diagrams and business process diagrams

Ability to recognize the need for, and seek input from external experts as required

Excellent communication skills with technical and business audiences and non- access and privacy experts.

Technology and Systems Knowledge

Analytical skills to understand the current and future access and privacy implications of policies, decisions and business initiatives

Knowledge of Information Technology concepts and processes that impact the protection of personal information, including (but not limited to) Internet tools, system interfaces, information security, information architecture and data flows

Information and Record Keeping Knowledge

Experience in developing risk assessment tools, methodologies, policies and procedures to effectively manage personal information

Knowledge of policies, directives, standards, business rules, procedures and guidelines relating to records management including classification, retention and disposition of information

Knowledge and understanding of Accessibility for Ontarians with Disability Act (AODA) and related regulations and standards

3+ years’ health privacy experience conducting privacy impact assessments (PIAs) on medium high complexity projects

5+ years’ direct operational level privacy experience in a health sector and / or IT environment or both

5+ years’ experience in developing privacy policies and procedures, requirements, or controls

5+ years’ experience drafting and reviewing privacy requirements for data sharing agreements

Familiarity with prescribed entity and prescribed person requirements under the Personal Health Information Protection Act (PHIPA), and the Ontario Information and Privacy Commissioner’s Manual for the Review and Approval of Prescribed Persons and Prescribed Entities

Privacy Impact Assessment (PIA) Specialist - Nice to Have Skills

Professional certification from a related discipline such as IT security, architecture

Experience providing education and training related to privacy

Knowledge of, and experience with the policies and procedures of the Ontario government (e.g., business case development, project approvals and policy development)

Privacy Impact Assessment (PIA) Specialist - Assignment Start Date

ASAP – 5 months to start

Privacy Impact Assessment (PIA) Specialist - Assignment Location

Toronto, ON - Work Hybrid