Privacy Officer

Privacy Officer

Location : Toronto-661 University

Department : Legal Office

The Role :

To provide expertise in information privacy and access legislation across PHO including the development, implementation, maintenance, and monitoring for compliance of PHO policies and procedures covering the privacy of, and access to, information (including personal health information) in compliance with applicable provincial and federal laws and the PHO's information privacy practices.

To provide functional leadership to staff across PHO to ensure coordination of activities and advice in the resolution of privacy protection and data security issues and the management of access requests.

Key Responsibilities-

• Provides expertise and leadership in privacy across PHO and oversees compliance with privacy practices and consistent application of sanctions for failure to comply with privacy policies for all who deal with or have access to PHO information, including PHO staff, extended workforce, and all business associates, in cooperation with PHO leadership, including Human Resources, Chief Information Officer, Technology Services, and Chief Legal & Privacy Officer, as applicable.
• Provides functional leadership to Portfolio Privacy Representatives assigned as part of Privacy Subcommittee and external to Privacy Subcommittee to ensure coordination of efforts, resolution of elevated issues, and consistent interpretation and application of legislation, policies, and PHO practices.
• Drafts, recommends, implements, and maintains PHO information privacy policies and procedures in coordination with PHO senior management and administration, and legal counsel.
• Maintains current knowledge of applicable federal / provincial / territorial laws, global standards, privacy expectations and information privacy technologies to ensure PHO is up-to-date and compliant with current and emerging requirements and standards.
• Initiates and facilitates and promotes activities to foster information privacy awareness as an important value and expectation within the organization.
• Oversees, delivers, or ensures delivery of privacy training and orientation to all employees, adjunct / associate scientists, and other third parties.
• Works with personnel involved with any aspect of release of personal information to ensure full coordination and cooperation under the organization's policies, procedures and legal requirements, including privacy protection, secure communication, and releases of personal information through appropriate channels to the correct parties.
• Works with Chief Legal & Privacy Officer, key departments, and committees to ensure that PHO has and maintains appropriate privacy and confidentiality consent, authorization forms, and information notices and materials reflecting current organization and legal practices and requirements.
• Leads the development, implementation and maintenance of strategies and tactics to ensure process efficiencies in receiving, documenting, tracking, processing, and rendering decisions on access to information requests under the Freedom of Information & Protection of Privacy Act (FIPPA) and the Personal Health Information Protection Act, 2004 (PHIPA).
• Prepares submissions to the Information and Privacy Commissioner (IPC) respecting PHIPA and FIPPA matters and coordinates with IPC staff in any compliance reviews or investigations.
• Performs initial and periodic privacy risk assessments and evaluations and conducts ongoing related compliance monitoring.
• Plans, reviews, leads and / or conducts Privacy Impact Assessments (PIAs).
• Establishes with management and operations a mechanism to track access to confidential information, especially personal health information.
• Establishes and administers a process for receiving, documenting, tracking, investigating, and taking action on all privacy issues or complaints, in coordination and collaboration with senior management and, as appropriate, Chief Legal & Privacy Officer.
• Reviews all system-related information security plans throughout the organization's network, working together with IT and security personnel to ensure effective protection of privacy and confidentiality at PHO.
• Reviews contracts and agreements to ensure third-party compliance with appropriate privacy expectations and applicable privacy legislation.
• Participates and provides advice in the development, implementation, and ongoing compliance monitoring of all partner and business associate agreements, to ensure all privacy, confidentiality and non-disclosure concerns, requirements, and responsibilities are addressed.
• Ensures that appropriate privacy protections are included in data-sharing agreements with multiple scientific partners, including hospitals, institutes, individual physicians, and other organizations collaborating on projects with PHO.
• Develops written and verbal responses to issues, and prepares reports, briefing materials, and draft risk assessments and evaluations, including policy analyses / policy options, discussion papers, briefing notes, presentations and other documents, in a timely manner.
• Other related duties as assigned.

Knowledge and Skills-

• Knowledge of contract law and techniques for drafting legal agreements in order to perform responsibilities such as developing and / or reviewing data sharing agreements.
• Knowledge and understanding of the Personal Health Information Protection Act, 2004 (PHIPA) and the Freedom of Information and Protection of Privacy Act (FIPPA) in order to develop, implement, maintain, and ensure adherence to PHO policies and procedures covering the privacy of, and access to, personal information and personal health information in compliance with applicable provincial and federal laws and the PHO's information privacy practices.
• Working knowledge of tri-council and research guidelines.
• Knowledge of privacy practices, concepts, trends and issues, and an understanding of their impact on business processes, as well as expertise in the interpretation and communication of principles and compliance requirements.
• Knowledge of, and expertise in policy development and analysis in order to draft, recommend, implement, and maintain PHO information privacy policies and procedures in coordination with organization management and administration, and legal counsel.
• Familiarity with information and information technology security matters, in order to review all systems-related information security plans throughout the organization's network, and to work together with IT and security personnel to ensure effective protection of privacy and confidentiality at PHO, and to ensure that appropriate privacy protections are included in data-sharing agreements with multiple scientific partners, including hospitals, institutes, individual physicians, and other organizations collaborating on projects with PHO.
• Knowledge of, and expertise in, applying privacy enhancing best practices in order to ensure compliance in PHO with privacy practices and consistent application of sanctions for failure to comply with privacy policies for all who deal with or have access to PHO information, including PHO staff, extended workforce, and all business associates, in cooperation with Human Resources, the Chief Information Officer, Technology Services, and the Chief Legal & Privacy Officer, as applicable.
• Knowledge of applicable federal / provincial / territorial laws, global standards, privacy expectations and information privacy technologies in order to ensure that PHO is up-to-date and compliant with current and emerging requirements and standards.
• Knowledge of, and expertise in, access to information processes and decisions. Knowledge of, and expertise in, conducting Privacy Impact Assessments (PIAs).
• Computer skills with proficiency in MS Office (Word, Excel, PowerPoint, Visio, and Adobe Acrobat) and skill in accessing databases for legal searches, legislation searches, privacy and access to information precedents, and issues analysis.

Education and Experience-

• Bachelor's degree in a related field (e.g. public administration, business administration) and a minimum of 10 years' experience together with knowledge of, and expertise in the application of information privacy laws, access, release of information, and release control technologies, as well as information security, or equivalent combination of education and experience.
• Recognized privacy certification such as Certified Information Privacy Professional of Canada is preferred.
• Information Security accreditation is preferred.

Attributes and Competencies-

• Written communication skills to develop policies, issues notes, training and other related materials.
• Oral and written communication skills, and presentation skills to oversee, direct, deliver, and ensure the delivery of privacy training and orientation to all employees, adjunct / associate scientists, and other third parties.
• Proactively develops and maintains client relationships to ensure that PHO has and maintains appropriate privacy and confidentiality consent, authorization forms, and information notices and materials.
• Works with personnel involved with any aspect of release of personal information to ensure full coordination and cooperation under the PHO's policies, procedures and legal requirements, including privacy protection, secure communication, and releases of personal information through appropriate channels to the correct parties.
• Anticipates clients' needs when independently investigating on matters related to privacy including the flexibility to design internal investigations and any resulting corrective action, if appropriate.
• Handles matters of a confidential and / or sensitive nature, which may also be contentious and / or politically sensitive, with judgement.
• Determine the steps to take to ensure the PHO's compliance with privacy practices and to ensure consistent application of sanctions for failure to comply with privacy policies for all who deal with or have access to PHO information, including PHO staff, extended workforce, and all business associates, in cooperation with Human Resources, the Chief Information Officer, Technology Services, and the Chief Legal & Privacy Officer.
• Determines the most effective and appropriate ways to ensure that appropriate privacy protections are included in data-sharing agreements with multiple scientific partners, including hospitals, institutes, individual physicians, and other organizations collaborating on projects with PHO.
• Accountable for the quality of research and policy analysis that is required to develop, implement, maintain, and ensure adherence to PHO policies and procedures covering the privacy of, and access to, personal information and personal health information in compliance with applicable provincial and federal laws and PHO's information privacy practices.
• Accountable for initiating, facilitating, and promoting activities in PHO to foster information privacy awareness as an important value and expectation within the organization;

failure to do so effectively, would bring the reputation of PHO in disrepute.

• Accountable for the quality of advice and participation in the development, implementation, and ongoing compliance monitoring of all partner and business associate agreements, to ensure that all privacy, confidentiality, and non-disclosure concerns, requirements, and responsibilities are addressed.
• Provides advice directly to senior management, up to and including the President and CEO.
• Provides functional leadership to staff across PHO assigned as members of the Privacy Subcommittee and Privacy Representatives.
• Works collaboratively with the Chief Legal & Privacy Officer and the other staff in the Office to assist them in the development of system enablers such as staff protocols and guides for dealing with legal warrants.
• Works closely with senior management to provide advice and technical leadership to ensure compliance with privacy practices.
• Serves as internal privacy subject matter expert to the organization for all departments.

Duration : Permanent

Hours of Work : Full time, 36.25 hours per week

Compensation Group : Association of Management, Administrative and Professional Crown Employees of Ontario

Salary : $105,121.00 - $147,158.00

Posting Date : 08-14-2024

Closing Date : 08-29-2024

Please note : applications will be received no later than 11 : 59pm on the date preceding the closing date as indicated on the Job Requisition.

Note : Internal candidates will be considered first.

While we thank all applicants for their interest, only those selected to move forward in the recruitment process will be contacted.

Any information obtained during the course of recruitment will be used for employment recruitment purposes only, and not for any other purpose.

PHO is committed to ensuring equity in employment. Our goal is to create a diverse, inclusive workforce that reflects the communities we serve and to ensure our services and communications are accessible to all individuals.

Any candidate who requires a job posting in an alternative format may email a request to HR I redacted . Once an applicant has been selected for an interview, they can inform PHO about any accommodations they may require at any stage of the interview process.