Manager, Privacy

**Position Summary**

**The Manager, Privacy and Chief Privacy Officer** serves in a key leadership role for privacy compliance in the organization and is responsible for developing the organization’s privacy protection and compliance program, including drafting, and implementing policies and procedures, in alignment with the organization’s mission, vision, values and guiding principles. The incumbent is also responsible for monitoring program compliance, as well as the investigation and tracking of incidents and breaches.

**Primary Duties**

1. Ensures PBC Solutions has the appropriate privacy practices and controls with respect to the protection of personal information in its custody, and effectively and appropriately responds to privacy inquiries, information access requests, and potential and actual breaches.

2. Leads the privacy function in management committees and the incident response team.

3. Develops a strategic and comprehensive privacy management program in accordance with the privacy standards for a service provider to a public body in British Columbia pursuant to the _Freedom of Information and Protection of Privacy Act _with respect to the client’s information, as well as in accordance with the privacy standards under the _Personal Information Protection Act_ and the _Personal Information Protection and Electronic Documents Act, _as applicable, with respect to the organization’s information. The privacy management program includes developing a privacy compliance methodology to monitor unauthorized access and disclosure by employees; tracking transfers of personal information to third parties; developing a third party/vendor privacy compliance and monitoring program; developing and documenting a process to trigger privacy impact assessments for new and existing systems; and preparing responsibility assignment matrices for privacy-related duties for all job roles within the organization.

4. Develops, defines, maintains, and implements a set of policies and processes that enables consistent, effective privacy compliance across the organization and that ensures the confidentiality of the protected information of both the client and the organization, whether in paper and/or electronic format, and across all media types.

5. Conducts and reviews existing privacy impact assessments for complex technological systems and develops action plans for gap remediation. Conducts privacy impact assessments for new or materially changed systems processing the client’s information that meet the privacy standards for PIA submission to the Province of British Columbia.

6. Performs or oversees initial and periodic information privacy risk assessment/analysis, mitigation, and remediation.

7. Works with senior organization management, including the Director, Security Services/CISO and the Director, Information Management & Analytics, to establish the governance framework for the privacy management program.

8. Collaborates with the Director, Security Services/CISO to ensure alignment between security and privacy compliance programs, including policies, practices, and investigations. Acts as a privacy resource to the Information Management department.

9. Establishes, with the Director, Security Services/CISO, an ongoing process to track, investigate, and report inappropriate access and disclosure of protected information. Monitor patterns of improper access and/or disclosure of protected information.

10. Responsible for the development and administration of the privacy compliance monitoring and investigation program regarding the inappropriate access and disclosure of protected information.

11. Manages breach investigation and breach notification processes to the client, the regulatory authorities, and all individuals as required under the _Freedom of Information and Protection of Privacy Act, Personal Information Protection Act, _and the _Personal Information Protection and Electronic Documents Act, _as well as other applicable legislation and regulations.

12. Establishes and administers a process for investigating and acting on privacy complaints under _Freedom of Information and Protection of Privacy Act, Personal Information Protection Act, _and the _Personal Information Protection and Electronic Documents Act, _as well as other applicable legislation and regulations.

13. Develops, delivers, and oversees initial and ongoing privacy education and training to employees, contractors, and internal business units.

14. Works cooperatively with the Director, Security Services/CISO, and other applicable organization units in overseeing individuals’ rights to inspect, amend, and restrict access to protected information when appropriate.

15. Develop policies and procedures to ensure individuals’ exercise of their access and correction rights to their personal information under the _Freedom of Information and Protection of Privacy Act _and the _Personal Information Protection Act. S_erves a privac