Information Privacy Analyst

Overview

The incumbent represents the Mission and Values of Legal & Immigration Services (LIS) and the University of Waterloo. The Information Privacy Analyst is responsible for the management and analysis of sensitive data to ensure compliance with privacy and access regulations and guidelines.

This role involves designing and implementing technical solutions for data privacy, conducting privacy audits, and collaborating with various departments to ensure the secure handling of personal and confidential information.

The Information Privacy Analyst will work closely with the Secretariat, Information Security Services team and with the departments of Information Systems & Technology, Institutional Analysis and Planning, and other stakeholders to uphold data protection principles within the organization.

Reporting directly to Legal Counsel, this position is accountable for risk identification and assessment for compliance of the University’s responsibilities under the provincially mandated Freedom of Information and Protection of Privacy Act (FIPPA).

The LIS team fulfills the University’s obligations under the relevant privacy legislation.

Responsibilities

Data Management and Governance

• Offer guidance to the university community on information and privacy related legislation and organizational policies
• Ensure proper data access controls and usage guidelines align with privacy requirements
• Collaborate with Legal Counsel, Privacy, on the enhancement of processes to monitor, audit, and improve information and privacy practices
• Oversee the maintenance of up-to-date records of documents, including inquiries, incidents, and resolutions
• Accrue accurate and confidential data and statistics for reporting purposes
• Coordinate and develop reports for Legal Counsel, Privacy, and General Counsel to inform senior leadership of information and privacy related activities at the University
• Collaborate with Legal Counsel, Privacy, to provide strategic recommendations and development of policies and procedures related to information and privacy
• Perform environmental scans across the sector to be well-informed of information and privacy trends
• Maintain best practices for file and information management using the electronic data management system

Privacy Policy and Procedure Development

• Consult with Legal Counsel and relevant stakeholders to develop and update privacy policies, procedures, and guidelines in compliance with provincial laws and regulations
• Collaborate with departments to identify and classify sensitive data, ensuring proper protection and retention
• Collaborate with cross-functional teams to identify and address data interdependencies that impact privacy compliance
• Develop and maintain strong relationships with departmental experts to understand their data usage while aligning with privacy guidelines
• Design and maintain data dashboards that provide insights into privacy compliance metrics
• Assess reporting tools that uphold privacy mandates and contribute to back-end architecture decisions
• Contribute to the development of advanced privacy analytics methodologies and tools
• Identify opportunities to leverage technology for enhanced privacy self-assessments and decision support
• Promote a culture of continuous improvement in terms of efficiency and leveraging systems capacities and technologies

Privacy Audits and Compliance

• Monitor the University’s compliance with relevant laws and regulations
• Conduct regular audits to identify and mitigate information and privacy risks
• Partner with departments to identify areas for improving data handling processes while ensuring compliance with access and privacy regulations
• Facilitate Privacy Impact Assessments and provide guidance in consultation with Legal Counsel to ensure University projects and processes consider and address privacy issues
• Address gaps and overlaps within data sets, proposing methods to enhance data collection and processing, ensuring data integrity and compliance are maintained
• Using knowledge of best practices, assist in the development of incident response procedures related to data breaches and or privacy incidents, facilitating communication with affect parties and regulatory bodies as required

Develop and Promote Information and Privacy Practices

• Responsible for a University culture of privacy and information awareness in collaboration with other stakeholders
• Develop and maintain a communication and education strategy for academic and academic support units to promote and develop privacy protection
• Provide training on access and privacy, breach awareness, and privacy-promoting work habits
• Coach and train constituents on record-keeping obligations
• Design and execute privacy-related employee surveys to gauge awareness and concerns
• Liaise and consult with other post-secondary Privacy Offices to share access and privacy best practices

Qualifications

• University degree in relevant field such as Information Management, Privacy, Legal Studies, Data Science, or related field, or equivalent combination of education and experience
• Relevant professional designation from the International Association of Privacy Professionals (IAPP) or other recognized professional body is an asset
• Minimum of 2 years of experience performing significant data analysis, privacy compliance, or work of a related field
• Familiarity with data governance and privacy regulations is highly preferred
• Knowledge of relevant data analysis tools and privacy compliance frameworks
• Project management experience in a complex environment
• Demonstrated experience using Microsoft PowerBI and / or Tableau
• Experience with the Freedom of Information and Protection of Privacy Act and with the Information and Privacy Commissioner of Ontario
• Familiarity with the University of Waterloo’s policies and guidelines an asset
• Understanding access to information and privacy protection matters, and related legislation and policy in a university or public sector setting
• Strong critical thinking, problem-solving, and professional judgment with excellent writing and reasoning skills
• Proficient in project management, business analysis, and advanced data analysis
• Skilled in translating complex privacy regulations into clear, understandable terms for education and awareness
• Meticulous attention to detail in reviewing data and ensuring compliance with formal business practices
• Advanced ability to build standardized reports of relevant data using real-time integrations and in enterprise-grade toolsets such as Microsoft PowerBI and / or Tableau
• Adapts readily and effectively to changing priorities and demands
• Highly competent in maintaining a high level of professionalism, ethical standards, and confidentiality
• Effective influential and consultative skills with the ability to build strong interpersonal relationships
• Stays updated on evolving privacy laws and emerging technologies impacting higher education, and adapts accordingly
• Proven ability to work independently and resourcefully
• Driven by equitable, diverse, and inclusive practices
24 days ago