Overview
Reporting to General Counsel, the Legal Counsel, Privacy will provide a full range of legal servicesand legal guidance to senior leaders, faculties, schools, and administrative units to manage legal risks and enhance the University of Waterloo’s mission, with a focus on information and privacy related services.The Information and Privacy Office and related responsibilities and accountabilities fulfill the University’s obligations under the Freedom of Information and Protection of Privacy Act (FIPPA).Responsibilities
Privacy Leadership and Strategic DevelopmentLeads a University culture of information and privacy awareness in collaboration with other stakeholdersProvides expertise and instruction related to access and privacy information for university-wide projects, policies, and processes, delivering recommendations for ongoing improvementFosters effective working relationships within the University to support the promotion and development of access to information and privacy protectionCommunicates sound and consistent advice and guidance to the campus community regarding access and privacy legislation and policies based on established principles and processesRepresents the University before the Information and Privacy Commissioner of Ontario (IPC)Conducts regular environmental scans of the regulatory landscape and assess their impact on the University’s privacy programReviews and analyzes records and jurisprudence, case law, and precedentsProactively develops strategies while exercising due diligence to avoid unnecessary legal challenges regarding privacy issuesCreates and maintains University processes, procedures, and policies that apply to the collection, use, and disclosure of personal informationPrivacy Compliance and Legal GuidanceProvides legal expertise related to applicable provincial, federal, and international privacy lawInvestigates, analyzes, and interprets applicable privacy laws and their interaction with university policy to ensure complianceReviews agreements and project charters related to the collection, use and disclosure of personal information, providing advice and guidance on best practices and potential privacy implicationsContinually research, identify, and provide updates on privacy case law, legislative requirements and legal trendsCollaborates with General Counsel, legal counsel, and other senior leaders to initiate, develop, implement, and evaluate policies and procedures that support the University’s compliance with privacy legislation and best practicesResponsibilities under FIPPADevelops and maintains processes and systems that will ensure effective responses to requests for access to records submitted under FIPPACompleted all privacy access requests, applications, queries, assessments, breaches, training, and reporting. This includes internal, external, and third-party requests received by another institutions or MinistryAssesses third-party requests in collaboration with the Secretariat, VP Academic and Provost, VP Administration and Finance, VP Research and International, Institutional Analysis and Planning, Communications, and various other departments on a regular basisAdvises and supports committees and working groups related to compliance and data breachesManages requests under departmental routine access policies and facilitate proactive disclosure where appropriatePrivacy Review and Response to complaints and privacy breachesInvestigates complaints and privacy breaches, working with various stakeholdersConsults with the General Counsel regarding access and privacy matters and concerns, and present recommendations regarding decisionsDirects any communication of breach responses according to the response protocols and processProvides all mandated reports to the Office of Information and Privacy Commissioner (IPC) of OntarioLeads on-going, concise communication with the Secretariat, VP Academic and Provost, VP Administration and Finance, along with departmental leadership when breaches occurConsults with relevant stakeholders to establish complaint and breach guidelines and documentation (Information Security Services, Information Stewards, LIS, Communications, Secretariat etc.)Risk Identification, Assessment, and TrainingAudits and assess privacy risks associated with university activities and data processing practicesReviews risk assessment requests and manage Privacy Impact Assessments for new projects, systems, and processesIdentifies and evaluates the level and likelihood of risks to determine their potential impact on providing recommendationsReviews and interprets privacy regulations to ensure the risk assessment process aligns with relevant privacy laws, regulations, and institutional policiesDevelops strategies to mitigate privacy risks, including technical, administrative, and university-level measuresOversees the education and development of training and awareness programs and material for staff, faculty, and students, fostering a culture of knowledge and accountability surrounding data protection and recognitionOperations & Systems ManagementProvides direct supervision of the Information Privacy Analyst and the Information Privacy Coordinator, including training, development, and coachingMaintains up-to-date knowledge and understanding of relevant privacy legislation, updating processes and procedures as changes occurCreates and maintains written privacy guidance for the UniversityLeads revisions and proposed new policies and procedures through the approval processOversees the development and maintenance of data frameworks that allow for data-driven decisionsSupervises the collection and recording of program statistics as required for reporting and prepare annual report for the Information and Privacy Commissioner (IPC) of OntarioMaintains accountabilityfor records managementQualificationsBachelor of Laws (L.L.B) or Juris Doctor (J.D.) or equivalent law degree is required.Licensed to practice law in Ontario and must be a member in good standing of the Law Society of Ontario.Relevant professional designation from the International Association of Privacy Professionals (IAPP) or other recognized professional bodyMinimum of 3-5 years’ experience, practicing law and providing legal advice to complex organizationsStrong working knowledge of provincial and federal information and privacy laws3+ years’ experience working with access to information and protection privacy responding to access requests, privacy complaints, information breaches, and inquiries from the communityProject management experience in a complex environmentHigher education or other public sector experience is an asset.Knowledge of a broad range of legal matters and of statutory law affecting universitiesExtensive knowledge and interpretation of the Personal Information Protection and Electronic Documents Act, the Freedom of Information and Protection of Privacy Act, and the Information and Privacy Commissioner of Ontario, including regulations and legislation, and their interplay between them and other related and relevant legislationSignificant breadth of knowledge related to university operations; ability to understand university guidelines, policies, and practicesUnderstanding of access to information and privacy protection matters, and of related legislation and policy in a university or public sector settingKnowledge of the legislative and procedural framework related to the development, amendment, and implementation of statutes, regulations, and by-lawsClear and critical thinking, with superior writing and reasoning skills, persuasivenessCan effectively initiate, drive, and manage change initiatives that align with organizational strategies, support legal risk mitigation, and enhance operational legal efficiencies related to privacy and dataConflict resolution skills with an ability to proactively identify potential conflicts and support actions to facilitate its resolutionCompetent in providing guidance and direction to support others in solving complex situations affecting the University’s businessSound decision maker based on a mixture of analysis, wisdom, experience and judgement, balancing risk with the likelihood of occurrence.Ability to collaborate across internal and external boundaries to meet common objectives, improve outcomes, and support work beyond the unitAbility to make decisions and recommendations that are clearly linked to the university’s strategic planEffective influential and consultative skills with the ability to build strong interpersonal relationshipsAbility to adapt to evolving privacy laws and technologies affecting higher educationProven ability to work independently and resourcefullyDriven by equitable, diverse, and inclusive practicesEquity Statement
The University of Waterloo acknowledges that much of our work takes place on the traditional territory of the Neutral, Anishinaabeg and Haudenosaunee peoples. Our main campus is situated on the Haldimand Tract, the land granted to the Six Nations that includes six miles on each side of the Grand River. Our active work toward reconciliation takes place across our campuses through research, learning, teaching, and community building, and is co-ordinated within our Office of Indigenous Relations.The University values the diverse and intersectional identities of its students, faculty, and staff. The University regards equity and diversity as an integral part of academic excellence and is committed to accessibility for all employees. The University of Waterloo seeks applicants who embrace our values of equity, anti-racism and inclusion.As such, we encourage applications from candidates who have been historically disadvantaged and marginalized, including applicants who identify as First Nations, Métis and/or Inuk (Inuit), Black, racialized, a person with a disability, women and/or 2SLGBTQ+.All qualified candidates are encouraged to apply; however, Canadians and permanent residents will be given priority.The University of Waterloo is committed to accessibility for persons with disabilities. If you have any application, interview, or workplace accommodation requests, please contact Human Resources at
[email protected] 519-888-4567, ext. 45935.#J-18808-Ljbffr