Chief Privacy Officer

**Job Type**:
Employee

**Duration in Months**(for fixed-term jobs):
12

**Job Family**:
Governance

**# of Open Positions**:
1

**Faculty/Service - Department**:
Office of the Secretary General

**Campus**:
Main Campus

**Union Affiliation**:
N/A

**Date Posted**:
January 22, 2025

**Applications must be received**BEFORE**:
March 01, 2025

**Hours per week**:
35

**Salary Grade**:
Non-Union Grade NM4

**Salary Range**:
$139,350.00 - $172,946.00

**Position Purpose**:
The Chief Privacy Officer and Legal Counsel is responsible for the University’s privacy and access to information program including but not limited to daily operations of the program, development, implementation, and maintenance of policies and procedures, monitoring program compliance, investigation and tracking of incidents and breaches. This role is the authority for making access to information and privacy-related decisions and protecting the interests of members of the University community and is responsible for providing legal advice on all matters related to access to information and privacy. The Chief Privacy Officer and Legal Counsel reports to the Secretary-General of the University. The Chief Privacy Officer and Legal Counsel operates with authority under the direct delegation from the President of the University of his/her statutory responsibilities under Ontario’s Freedom of Information and Protection of Privacy Act (FIPPA). The Chief Privacy Officer and Legal Counsel serves as a critical role in the management of both the University’s obligations and all applicable privacy and access to information legislation, including the Freedom of Information and Protection of Privacy Act (FIPPA), the Personal Information Protection and Electronic Documents Act (PIPEDA), the Personal Health Information Protection Act (PHIPA), and the General Data Protection Regulation (GDPR).

**Specific Accountabilities**:

- Builds a strategic and comprehensive privacy program that defines, develops, maintains and implements policies and processes that enable consistent and effective privacy practices which minimize risk and ensure the confidentiality of personal information across all media types (paper and/or electronic). Develops standardized protocols and policies in order to guide the University's actions and activities.
- Provides practical, timely and strategic legal advice and guidance relating to access to information and privacy issues.
- Provides leadership and support to the University's senior administration in privacy and access to information related questions, to ensure that their decisions are not only informed by expert advice and guidance but are also in compliance with Provincial and Federal and international legislation.
- Accountable for the University’s compliance with the Freedom of Information and Protection of Privacy Act (FIPPA) and other privacy and access to information legislation applicable to the University, including the University’s response to access to information requests, correction of personal information requests, privacy complaints, third party consultations, and other related inquiries from both internal and external stakeholders.
- Represents the University on all matters under review by the Office of the Information and Privacy Commissioner (IPC) of Ontario. Negotiates, develops, and implements strategies for the resolution of complaints and appeals under investigation by the IPC.
- Leads the University’s Privacy Breach Response Team to investigate and respond to suspected and confirmed large, and small, scale privacy breaches. Develops and maintains a privacy breach response contingency plan for responding to large and complex privacy breaches.
- Performs privacy assessment and provides privacy-related advice for the selection, development and implementation of new technological solutions, programs, projects and related processes.

**Knowledge, Experience and Skills**
- LL.B or J.D. and member in good standing of the Law Society of Ontario
- Minimum of 10 years of direct experience in the management of an access to information and privacy program in a large and complex organization.
- Minimum of 10 years of management experience, specifically in operations management and planning, project management, financial and human resources management.
- Certification in the field of privacy is considered an asset, such as Certified Information Privacy Professional/Canada (CIPP/C) and Certified Information Privacy Manager (CIPM) or other similar credentials.
- Asset: the incumbent needs to have a working knowledge of the Freedom of Information and Protection of Privacy Act (FIPPA), Personal Information Protection and Electronic Documents Act (PIPEDA), the Personal Health Information Protection Act (PHIPA), General Data Protection Regulation (GDPR) and other applicable privacy and access to information legislation.
- Knowledge and experience across a variety of areas of the law affecting the University
- Strong oral and wri