The Privacy Officer assists in the development, oversight, implementation and management of the BORN privacy program. This includes management of BORN privacy and security policies and procedures ,compliance with the Personal Health Information Protection Act (PHIPA) and requirements of Prescribed Registries and best practices; advanced awareness of privacy and access to information programs and services; ensuring processes are in place to enable knowledge and opt-out and manage privacy and access, monitoring and compliance activities.
§ Assist in the Management of Privacy and Security Policies and Procedures
§ Development of the BORN privacy and security policies and procedures to comply with all applicable privacy legislation in Ontario, including detailed policies and procedures for specific areas of operations and activities.
§ Implementation and administration of the BORN privacy and security policies and procedures to ensure that all collections, uses or disclosures of personal information comply with applicable legislation.
§ Coordinate and conduct privacy and security monitoring activities including the following:
o ensuring that the BORN Ontario privacy and security policies and procedures are transparent
o facilitating compliance with PHIPA and its regulations
o ensuring BORN agents are aware of the Act and its regulation and their duties under the Act
o ensuring that BORN Agents are aware of the privacy and security policies, procedures and practices implemented by BORN and that Agent are appropriately informed of their duties and obligations.
o delivering privacy and security training as needed, as well as fostering a culture of privacy at BORN.
o conducting, reviewing and approving privacy impact assessments;
o receiving, documenting, tracking, investigating, remediating and responding to privacy complaints pursuant to the Policy and Procedures for Privacy Complaints;
o receiving and responding to privacy inquiries pursuant to the Policy and Procedures for Privacy Inquiries;
o receiving, documenting, tracking, investigating and remediating privacy breaches or suspected privacy breaches pursuant to the Policy and Procedures for Privacy Breach Management; and
o conducting privacy audits pursuant to the Policy and Procedures In Respect of Privacy Audits.
o conducting security audits pursuant to the Policy and Procedures in Respect of Security Audits
§ Administer and coordinate agreements and contracts; develop and execute agreements including privacy data sharing agreements, research agreements, acceptable use policies, third party service provider agreements, and contracts; maintain agreements/contracts files and provide related administrative support to the Senior BORN Ontario Privacy Officer as needed; consult on information and privacy practices, procedures and relevant jurisprudence
§ Support a Culture of Privacy within the organization
o Address Privacy questions and concerns. Provide ongoing advice and guidance to other managers and employees, as required, about specific privacy and legal issues and concerns.
o Demonstrate privacy leadership and contribute in a significant way to the development of and continued maintenance of an environment in which employees, suppliers, contractors and others demonstrate awareness of privacy rights and obligations and act accordingly.
o Promote awareness of privacy and access to information programs and services to internal and external stakeholders.
o Participate as a key member of the BORN team.
o Monitor the external privacy environment and provide threat-risk analysis and guidance to the organization as appropriate about privacy issues that may impact upon BORN, including the status of current or future laws.
o Assist in the development of communications materials, as required, for founding members, employees and others.
BORN Team Member
§ Monitor the external privacy environment on an ongoing basis and providing proactive advice and guidance to senior management on emerging privacy issues that could impact operations and activities.
§ Facilitate teams and committees required by Privacy Operations.
§ Coordinate and manage the interface between BORN and external organizations such as the Information and Privacy Commissioner of Ontario on any matter concerning compliance with privacy policies and legislation.
§ Work in collaboration with other program managers to ensure that program strategies are achieved.
Perform other related duties as assigned by supervisor.
Perform work in accordance with the provisions of the Children’s Hospital of Eastern Ontario’s Corporate Health and Safety Policies and Procedures.
· Degree in in Law, Business or Health Administration or related discipline (Essential)
· Minimum three (3) years of related experience working in law, access to information or privacy (Essential)
· Knowledge of applicable provincial legislation and its application (PHIPA, FIPPA) (Essential)
· Knowledge of information and privacy practices, procedures and relevant jurisprudence, as well as access to information and privacy concepts, principles, legislation and regulations (Essential)
· Certification in IAPP/CIPP (Essential)
· Strong interpersonal skills and ability to deal effectively with internal and external colleagues and stakeholders with a broad range of professional and non professional expertise and skill sets (Essential)
· Strong organizational and time management skills. Able to effectively adjust priorities as required (Essential)
· Advanced verbal and written communication skills in English (Essential)
· Police Record Check (PRC) (Essential)
· Bilingualism (English / French) (Preferred)