The Director, Privacy Compliance is responsible for the organization’s Privacy Program including but not limited to daily operations of the program; privacy advisory services; development, implementation and maintenance of policies and procedures; privacy risk assessments; monitoring program compliance; training; investigation and tracking of incidents and breaches. The Director, Privacy Compliance will be involved in not only data security and privacy issues relating to member data but also on corporate and employee data and agreements with third-party business partners and the individual’s span of responsibility covers all OTPP offices (Toronto, London, Hong Kong).
Who you’ll work with
You will provide advice across all business lines including senior management, security, procurement, and legal to establish governance for our privacy program. You will also have the opportunity to collaborate with the information security team to ensure alignment between security and privacy compliance program, including policies, practices, investigations, and act as a liaison to the information systems department.
What you’ll do
- You will build a strategic and comprehensive privacy program that defines, develops, maintains and implements policies and processes that enable consistent, effective privacy practices which minimize risk, balance operational imperatives, and ensures the confidentiality of protected personal information across all media types.
- Serve in a leadership role for privacy compliance within the organization and as a thought leader in the industry representing OTPP in various forum.
- Initiate, facilitate and promote activities to champion information privacy awareness within OTPP and develop and implement standard methodologies.
- Perform initial and periodic information privacy risk assessments, analysis, mitigation and remediation.
- Lead, direct, deliver, initial and ongoing privacy training and orientation to all employees and other appropriate third parties.
- Take a lead role, to ensure the organization has and maintains appropriate privacy and confidentiality consents, authorization forms and information notices and materials reflecting current organization and legal practices and requirements.
- Establish and administer a process for receiving, documenting, tracking, investigating, and taking action on all complaints concerning OTPP’s privacy policies and procedures or privacy breaches in coordination with other similar functions and, when necessary external legal counsel.
- Establish, with information security, an ongoing process to track, investigate, and report on inappropriate disclosure of information within OTPP’s custody and control.
- Serve as an information privacy resource to the organization regarding release of information and to all departments for all privacy related issues.
- Maintain current knowledge of applicable Canadian and international privacy laws and related case law developments.
- Monitor advancements in information privacy technologies to ensure organizational awareness, adaptation and compliance where applicable
- Report on a periodic basis regarding the status of the privacy program to the Board, CEO or other responsible individual or committee.
- You will have decision-making authority for privacy matters and be the subject matter expert in this area within Corporate Affairs. Decisions carry the weight of the Legal Compliance department and are binding
- Accountable to deliver on integrated advisory services as part of Corporate Affairs’ strategic objective to deliver a “one stop shop” experience to clients. As a senior leader within the team, you will be expected to model behavior across the division that is consistent with our values and operating principles.