Employment Status: Regular, Full Time (1.0 FTE)
Program Name: General Counsel
Number of Hours Bi-Weekly: 75
Work Schedule: Days
On Call: Yes
The Information Privacy Director provides compliance, risk mitigation and educational leadership across the organization in respect of the privacy and confidentiality of personal information of clients, employees, volunteers, and donors, including personal health information as well as with respect to sensitive corporate information across all the VON legal entities.
This role requires the ability to assess and mitigate risk, while meeting privacy requirements. As a result, the role requires the ability to appreciate the intersection of competing business priorities and the tact, diplomacy and sensitivity to reach consensus across business units with competing and sometimes conflicting priorities. The role requires balancing a practical approach to compliance with a thorough appreciation of legal requirements.
Strong familiarity with information technology systems and security measures is important to complement the ability to assess risk in response to privacy matters.
- Supports the CPO in the continued development of the VON Privacy Program
- Engages with Operations and Risk group contacts to assess mitigation strategies for privacy risks and provides recommendation to CPO on the optimal path forward
- Engages with information technology and security senior staff to assess implications of technology system options for privacy compliance means
- Monitors the developments in privacy laws in both provinces, and ensures compliance with regulatory and contractual requirements related to handling personal information
- Oversees the privacy impact assessment process for new technologies, systems, applications and business models
- Recommends business models that both meet service delivery needs, information technology systems capabilities and privacy requirements
- Oversees the process for, and content of, reporting obligations on privacy including reports to the Boards of Directors for VON entities, external funding entities, privacy commissioners and other stakeholders
- Ensures the privacy program is structured around compliance, with clear privacy policies and procedures
- Identifies and tracks performance of KPIs for privacy activities
- Maintains strong collaborative relationships with senior staff in the technology and security group, Operations and Corporate (risk) Services to support the privacy portfolio in both Ontario and Nova Scotia.
- Continually assesses the maturity of VON Privacy Program and make recommendations for improvement to the CPO
- Assesses and recommends improvements to privacy and cyber-security materials, in tandem with senior staff in the information technology and security group
- Supports the privacy portfolio in both Ontario and Nova Scotia and remains familiar with the provincial legislation and best practices in both provinces
- Conducts privacy training for senior staff and directors, as requested by CPO
- Presents status updates and recommendations regarding VON’s Privacy Program at regular intervals to CPO and as required to internal privacy governance bodies (i.e. board committees, senior management team)
External and Internal Relationships
- Works with internal operations, information technology/security and other corporate services groups, including human resources, finance, and risk
- Engages with funder and partner privacy officers, regulators, professional organizations, external legal counsel and home and community care associations in both Ontario and Nova Scotia
- Promotes the goals and values of VON and their role as an integrated community care provider
- Promotes a safe and healthy workplace ensuring workplace conduct and activities are in accordance with the provincial Occupational Health and Safety Act and Regulations.
- Abides by all VON policies and work practices
- Abides by all confidentiality and protection of personal information policies, regulations and practices and ensures appropriate safeguards are in place within their role
- Works in collaboration with other staff in a team approach to service delivery
Education, Designations and Experience:
- Post-secondary degree, in area related to privacy, health and/or business; Masters level or M.B.A. preferred
- Current privacy certification (CHIM, CIPP/C or CIPM)
- Minimum ten (10) years of relevant experience including 5 years’ experience in a leadership role and experience working directly with information technology and security staff
- Excellent knowledge of current technologies and systems relevant to electronic health information management and electronic health records
- Knowledge and experience with EHR implementation and project management
- Knowledge of privacy legislation in both Ontario and Nova Scotia
- Knowledge of current technology systems commonly used within the health sector
- Exceptional writing skills
- Strong verbal communication skills
- Ability to appreciate the intersection of competing business priorities and the tact, diplomacy and sensitivity to reach consensus across business units with competing and sometimes conflicting priorities
- Capacity to negotiate
- Superior interpersonal skills including the ability to relate effectively with people at all levels (internal and external)
- Ability to demonstrate and promote a strong commitment to teamwork
- Strong attention to detail
- A current and original copy of a satisfactory Criminal Records Check is required
- A Vulnerable Sector Search and/or Child Abuse Registry Check may be required.
- Ability to speak French is an asset in French Designated areas
Work Conditions and Physical Capabilities: fast-paced environment; attention to detail; lift and carry using appropriate lifting techniques; walk, sit, stand, and climb stairs; grip and fine hand movements.
VON Canada is committed to meeting the needs of persons with disabilities and to providing accessibility accommodations for candidates who require them. If you are in need of accessibility support, please visit our website at http://www.von.ca/en/accessibility for further details.