Deadline September 16, 2013
Job ID: 13-0125
Public Health Ontario (PHO) is a Crown corporation dedicated to protecting and promoting the health of all Ontarians and reducing inequities in health. As a hub organization, PHO links public health practitioners, front-line health workers and researchers to the best scientific intelligence and knowledge from around the world.
PHO provides expert scientific and technical support relating to infection prevention and control; surveillance and epidemiology; health promotion, chronic disease and injury prevention; environmental and occupational health; health emergency preparedness; and public health laboratory services to support health providers, the public health system and partner ministries in making informed decisions and taking informed action to improve the health and security of Ontarians.
For more information about PHO, visit http://www.oahpp.ca.
Position Title: Privacy Officer
Department: Legal/General Counsel and Corporate Secretary
Duration: Permanent Full-Time
Location: 480 University Avenue, Toronto
Compensation Group: OPSEU
Position Status: Open
Job Code: 20AGA - General Administration
Salary: $70,765 - $91,741
Hours of Work: 36.25 per week
Posting Date: August 30, 2013
Closing Date: September 16, 2013
To provide expertise in information privacy and access legislation across PHO including the development, implementation, maintenance and monitoring for compliance of PHO policies and procedures covering the privacy of, and access to, information (including personal health information) in compliance with applicable provincial and federal laws and the PHO’s information privacy practices.
To provide functional leadership to staff across the PHO assigned as members of the privacy and security community of practice group to ensure coordination of activities and advice in the resolution of privacy protection and data security issues and the management of access requests.
- Drafts, recommends, implements, and maintains PHO information privacy policies and procedures in coordination with PHO senior management and administration, and legal counsel.
- Works with General Counsel, key departments and committees to ensure that PHO has and maintains appropriate privacy and confidentiality consent, authorization forms, and information notices and materials reflecting current organization and legal practices and requirements.
- Leads the development, implementation and maintenance of strategies and tactics to ensure process efficiencies in receiving, documenting, tracking, processing, and rendering decisions on Freedom of Information requests under the Freedom of Information & Protection of Privacy Act (FIPPA) and the Personal Health Information Protection Act, 2004 (PHIPA).
- Performs initial and periodic privacy risk assessments and evaluations and conducts ongoing related compliance monitoring.
- Works with General Counsel on the timely and detailed receipt, review and triage of issues.
- Plans, leads and/or conducts Privacy Impact Assessments (PIA’s) as required.
- Establishes with management and operations a mechanism to track access to confidential information, especially protected health information.
- Provides expertise and leadership in privacy across the PHO and oversees compliance with privacy practices and consistent application of sanctions for failure to comply with privacy policies for all who deal with or have access to PHO information, including PHO staff, extended workforce, and all business associates, in cooperation with Human Resources, the Chief Information Officer, Network Security Specialist, Administration and General Counsel as applicable.
- Provides functional leadership to Portfolio Privacy Representatives and Information Security Representatives assigned as part of a community of practice to ensure coordination of efforts, resolution of elevated issues and consistent interpretation and application of legislation, policies and PHO practices;
- Ensures that appropriate privacy protections are included in data-sharing agreements with multiple scientific partners, including hospital, institutes, individual physicians and other organizations collaborating on projects with PHO.
- Oversees, delivers, or ensures delivery of privacy training and orientation to all employees, adjunct/associate scientists, and other third parties.
- Participates and provides advice in the development, implementation, and ongoing compliance monitoring of all partner and business associate agreements, to ensure all privacy, confidentiality and non-disclosure concerns, requirements, and responsibilities are addressed.
- Prepares submissions to the Information and Privacy Commissioner (IPC) respecting privacy and FIPPA matters and coordinates with IPC staff in any compliance reviews or investigations.
- Establishes and administers a process for receiving, documenting, tracking, investigating, and taking action on all privacy issues or complaints, in coordination and collaboration with senior management and, as appropriate, General Counsel.
- Maintains current knowledge of applicable federal/provincial laws, privacy expectations and information privacy technologies to ensure PHO is up-to-date and compliant with current and emerging requirements and standards.
- Initiates and facilitates and promotes activities to foster information privacy awareness as an important value and expectation within the organization.
- Reviews all system related information security plans throughout the organization’s network, working together with IT and security personnel to ensure effective protection of privacy and confidentiality at PHO.
- Works with personnel involved with any aspect of release of customer information to ensure full coordination and cooperation under the organization’s policies, procedures and legal requirements, including privacy protection, secure communication and releases of customer information through appropriate channels to the correct parties.
- Reviews contracts and agreements to ensure third-party compliance with appropriate privacy expectations and applicable privacy legislation.
- Develops written and verbal responses to issues, and prepares reports, briefing materials and draft risk assessments and evaluations, including policy analyses/policy options, discussion papers, briefing notes, presentations and other documents, in a timely manner.
- Other related duties as assigned.
Knowledge and Skills
- Knowledge of contract law and techniques for drafting legal agreements in order to perform responsibilities such as developing and/or reviewing data sharing agreements.
- Knowledge and understanding of the Personal Health Information Protection Act, 2004 (PHIPA) and the Freedom of Information and Protection of Privacy Act (FIPPA) in order to develop, implement, maintain, and ensure adherence to PHO policies and procedures covering the privacy of, and access to, health information in compliance with applicable provincial and federal laws and the PHO’s information privacy practices.
- Working knowledge of tri-council and research guidelines.
- Knowledge of privacy practices, concepts, trends and issues, and an understanding of their impact on business processes, as well as expertise in the interpretation and communication of principles and compliance requirements.
- Knowledge of, and expertise in policy development and analysis in order to draft, recommend, implement, and maintain PHO information privacy policies and procedures in coordination with organization management and administration, and legal counsel.
- Familiarity with information and information technology security matters, in order to review all systems-related information security plans throughout the organization’s network, and to work together with IT and security personnel to ensure effective protection of privacy and confidentiality at PHO, and to ensure that appropriate privacy protections are included in data-sharing agreements with multiple scientific partners, including hospital, institutes, individual physicians and other organizations collaborating on projects with PHO.
- Knowledge of, and expertise in, applying privacy enhancing best practices in order to ensure compliance in PHO with privacy practices and consistent application of sanctions for failure to comply with privacy policies for all who deal with or have access to PHO information, including PHO staff, extended workforce, and all business associates, in cooperation with Human Resources, the Chief Information Officer, Network Security Specialist, Administration and General Counsel as applicable.
- Knowledge of applicable federal/provincial laws, privacy expectations and information privacy technologies in order to ensure that PHO is up-to-date and compliant with current and emerging requirements and standards.
- Knowledge of, and expertise in, freedom of information processes and decisions. Knowledge of, and expertise in, conducting Privacy Impact Assessments (PIA).
- Computer skills with proficiency in MS Office (Word, Excel, PowerPoint, Visio, and Project) and skill in accessing databases for legal searches, legislation searches, FOI precedents, and issues analysis.
- Education and Experience
- Bachelor’s degree in a related field (e.g. public administration, business administration) and a minimum of 10 years’ experience together with knowledge of, and expertise in the application of information privacy laws, access, release of information, and release control technologies as well as information security.
- Recognized privacy certification such as Certified Information Privacy Professional of Canada preferred. Information Security accreditation is preferred.
If you are interested in applying for this position, please visit http://www.publichealthontario.ca/en/About/Careers/Pages/Current-Job-Opp... and click on the job title.
Your cover letter and resume must clearly indicate how you meet the qualifications/competencies.
Thank you for your interest in this position. Only qualified candidates will be contacted for an interview.