The Chief Privacy Officer and General Counsel (CPO&GC) is a member of Senior Management and is primarily responsible and accountable for providing leadership, strategic direction and operational administration of CIHI’s privacy program and legal services.
The CPO&GC is responsible for developing the corporate privacy framework and coordinating the development, maintenance and implementation of CIHI’s Privacy Program in close collaboration with CIHI’s Security Program to ensure the organization’s privacy principles, policies, procedures and practices are aligned with existing legislation and best practices. In addition, the CPO&GC is responsible for fostering a culture of privacy by leading and supporting activities both internally and externally to increase awareness of CIHI’s privacy principles, policies and procedures.
The CPO&GC is also responsible for coordinating and managing the provision of high-quality and timely legal advice and drafting services in support of CIHI’s mandate, and to coordinate the provision of external legal services as required.
Duties and Responsibilities
- Ensure CIHI’s privacy principles, policies, procedures and practices are current and in harmony with existing legislation across the country, and best practices.
- Support the controlled access to and responsible use of health information under CIHI’s management by developing the corporate privacy framework and coordinating the development, maintenance and implementation of CIHI’s Privacy Program.
- Ensure effective policy and legal analysis and application by proactively monitoring privacy and data protection legislation, anticipating future requirements, conducting ongoing reviews of CIHI’s privacy and confidentiality principles and policies, and making recommendations regarding privacy elements in agreements relating to the use of health information.
- Foster a culture of privacy and increased awareness of CIHI’s privacy principles, policies and procedures by supporting activities to ensure privacy and data protection issues are addressed, working across the organization to enhance CIHI’s data protection practices and tools, conducting staff training and supporting staff in applying CIHI’s privacy and confidentiality policies and procedures.
- Ensure effective outreach and communication with stakeholders by developing user-friendly and accessible information about CIHI’s privacy program, participate on internal and external working groups on the protection of personal health information, and liaise with privacy officials in ministries of health, Privacy Commissioners’ offices, Statistics Canada, prescribed entities in Ontario and others.
- Oversee functions such as CIHI’s internal privacy audit program and the development of Privacy Impact Assessments. Lead CIHI’s Privacy breach management response protocol in the event of a privacy breach.
- Prepare submissions to legislative committees from across the country with regards to evolving privacy legislation – to ensure recognition of CIHI’s mandate in privacy laws across the country – and ensure lawful authority for data flows to CIHI.
- Negotiate data sharing agreements that are consistent with CIHI’s mandate and privacy and confidentiality principles.
- Lead the renewal of CIHI’s status as a Prescribed Entity in Ontario.
- Coordinate, manage and provide high-quality and timely legal advice and drafting services to all program areas and Senior Management in support of CIHI’s mandate, particularly in the areas of corporate, commercial, intellectual property, information and privacy law, as well as governance and other issues, and coordinate the provision of external legal services as required.
- Contribute to CIHI’s management of legal risk as part of its legal risk profile, including anticipating, advising and assisting program areas and Senior Management in developing strategies to reduce or minimize legal risk.
- Prepare relevant material as may be required by the CEO, Senior Management and the Board or for other partners/clients/stakeholders. Management Expectations.
The Chief Privacy Officer and General Counsel is responsible and accountable for:
- Developing and managing assigned programs and services in accordance with corporate priorities and program goals and objectives, standards, and expectations.
- Managing staff and providing appropriate leadership and direction.
- Creating and maintaining a positive working environment by fostering collaboration, staff development, engagement and retention of staff.
- Mentoring staff, providing and soliciting effective feedback, conducting Performance Management reviews, and ensuring that there are appropriate opportunities for staff development.
- Managing financial requirements and obligations in accordance with corporate policies and expectations.
- Contributing to corporate management through participation on CIHI’s Senior Management Committee and other corporate initiatives.
- Working collaboratively across CIHI.
- Promoting and marketing the vision and mandate of CIHI, and its staff, programs and services, with clients and partners.
Knowledge & Experience
- A degree from a recognized university in common and/or civil law, and membership in good standing with the Law Society of Upper Canada.
- Relevant experience in the areas of privacy law and corporate/commercial law.
- Minimum of 5 years’ experience working in a management position.
- Knowledge of health information privacy issues and challenges. Strong conceptual understanding of the organization and delivery of health services in Canada.
- Working knowledge of relevant federal/provincial privacy legislation.
- Strong analytical and problem-solving skills.
- Excellent verbal and written communication skills. Ability to communicate in both official languages is an asset.
- Experience working successfully across teams, convening multiple players and facilitating productive dialogue and problem resolution to identify and achieve common goals.
- Demonstrated ability for strategic thinking with the ability to influence and motivate others to bring about change in a manner consistent with the organization’s mission, vision and values.
- Certified Information Privacy Professional for Canada (CIPP/C) or Certified Privacy Manager (CIPM) an asset.
- Ability to meet travel requirements within Canada.