Legal Counsel, Privacy
Job details
Overview
Reporting to General Counsel, the Legal Counsel, Privacy will provide a full range of legal services and legal guidance to senior leaders, faculties, schools, and administrative units to manage legal risks and enhance the University of Waterloo's mission, with a focus on information and privacy related services.
The Information and Privacy Office and related responsibilities and accountabilities fulfill the University's obligations under the Freedom of Information and Protection of Privacy Act (FIPPA).
Responsibilities
Privacy Leadership and Strategic Development
Leads a University culture of information and privacy awareness in collaboration with other stakeholders
Provides expertise and instruction related to access and privacy information for university-wide projects, policies, and processes, delivering recommendations for ongoing improvement
Fosters effective working relationships within the University to support the promotion and development of access to information and privacy protection
Communicates sound and consistent advice and guidance to the campus community regarding access and privacy legislation and policies based on established principles and processes
Represents the University before the Information and Privacy Commissioner of Ontario (IPC)
Conducts regular environmental scans of the regulatory landscape and assess their impact on the University's privacy program
Reviews and analyzes records and jurisprudence, case law, and precedents
Proactively develops strategies while exercising due diligence to avoid unnecessary legal challenges regarding privacy issues
Creates and maintains University processes, procedures, and policies that apply to the collection, use, and disclosure of personal information
Privacy Compliance and Legal Guidance
Provides legal expertise related to applicable provincial, federal, and international privacy law
Investigates, analyzes, and interprets applicable privacy laws and their interaction with university policy to ensure compliance
Reviews agreements and project charters related to the collection, use and disclosure of personal information, providing advice and guidance on best practices and potential privacy implications
Continually research, identify, and provide updates on privacy case law, legislative requirements and legal trends
Collaborates with General Counsel, legal counsel, and other senior leaders to initiate, develop, implement, and evaluate policies and procedures that support the University's compliance with privacy legislation and best practices
Responsibilities under FIPPA
Develops and maintains processes and systems that will ensure effective responses to requests for access to records submitted under FIPPA
Completed all privacy access requests, applications, queries, assessments, breaches, training, and reporting. This includes internal, external, and third-party requests received by another institutions or Ministry
Assesses third-party requests in collaboration with the Secretariat, VP Academic and Provost, VP Administration and Finance, VP Research and International, Institutional Analysis and Planning, Communications, and various other departments on a regular basis
Advises and supports committees and working groups related to compliance and data breaches
Manages requests under departmental routine access policies and facilitate proactive disclosure where appropriate
Privacy Review and Response to complaints and privacy breaches
Investigates complaints and privacy breaches, working with various stakeholders
Consults with the General Counsel regarding access and privacy matters and concerns, and present recommendations regarding decisions
Directs any communication of breach responses according to the response protocols and process
Provides all mandated reports to the Office of Information and Privacy Commissioner (IPC) of Ontario
Leads on-going, concise communication with the Secretariat, VP Academic and Provost, VP Administration and Finance, along with departmental leadership when breaches occur
Consults with relevant stakeholders to establish complaint and breach guidelines and documentation (Information Security Services, Information Stewards, LIS, Communications, Secretariat etc.)
Risk Identification, Assessment, and Training
Audits and assess privacy risks associated with university activities and data processing practices
Reviews risk assessment requests and manage Privacy Impact Assessments for new projects, systems, and processes
Identifies and evaluates the level and likelihood of risks to determine their potential impact on providing recommendations
Reviews and interprets privacy regulations to ensure the risk assessment process aligns with relevant privacy laws, regulations, and institutional policies
Develops strategies to mitigate privacy risks, including technical, administrative, and university-level measures
Oversees the education and development of training and awareness programs and material for staff, faculty, and students, fostering a culture of knowledge and accountability surrounding data protection and recognition
Operations & Systems Management
Provides direct supervision of the Information Privacy Analyst and the Information Privacy Coordinator, including training, development, and coaching
Maintains up-to-date knowledge and understanding of relevant privacy legislation, updating processes and procedures as changes occur
Creates and maintains written privacy guidance for the University
Leads revisions and proposed new policies and procedures through the approval process
Oversees the development and maintenance of data frameworks that allow for data-driven decisions
Supervises the collection and recording of program statistics as required for reporting and prepare annual report for the Information and Privacy Commissioner (IPC) of Ontario
Maintains accountability  for records management
Qualifications
Bachelor of Laws (L.L.B) or Juris Doctor (J.D.) or equivalent law degree is required.
Licensed to practice law in Ontario and must be a member in good standing of the Law Society of Ontario.
Relevant professional designation from the International Association of Privacy Professionals (IAPP) or other recognized professional body
Minimum of 3-5 years' experience, practicing law and providing legal advice to complex organizations
Strong working knowledge of provincial and federal information and privacy laws
3+ years' experience working with access to information and protection privacy responding to access requests, privacy complaints, information breaches, and inquiries from the community
Project management experience in a complex environment
Higher education or other public sector experience is an asset.
Knowledge of a broad range of legal matters and of statutory law affecting universities
Extensive knowledge and interpretation of the Personal Information Protection and Electronic Documents Act, the Freedom of Information and Protection of Privacy Act, and the Information and Privacy Commissioner of Ontario, including regulations and legislation, and their interplay between them and other related and relevant legislation
Significant breadth of knowledge related to university operations; ability to understand university guidelines, policies, and practices
Understanding of access to information and privacy protection matters, and of related legislation and policy in a university or public sector setting
Knowledge of the legislative and procedural framework related to the development, amendment, and implementation of statutes, regulations, and by-laws
Clear and critical thinking, with superior writing and reasoning skills, persuasiveness
Can effectively initiate, drive, and manage change initiatives that align with organizational strategies, support legal risk mitigation, and enhance operational legal efficiencies related to privacy and data
Conflict resolution skills with an ability to proactively identify potential conflicts and support actions to facilitate its resolution
Competent in providing guidance and direction to support others in solving complex situations affecting the University's business
Sound decision maker based on a mixture of analysis, wisdom, experience and judgement, balancing risk with the likelihood of occurrence.
Ability to collaborate across internal and external boundaries to meet common objectives, improve outcomes, and support work beyond the unit
Ability to make decisions and recommendations that are clearly linked to the university's strategic plan
Effective influential and consultative skills with the ability to build strong interpersonal relationships
Ability to adapt to evolving privacy laws and technologies affecting higher education
Proven ability to work independently and resourcefully
Driven by equitable, diverse, and inclusive practices
Equity Statement
The University of Waterloo acknowledges that much of our work takes place on the traditional territory of the Neutral, Anishinaabeg and Haudenosaunee peoples. Our main campus is situated on the Haldimand Tract, the land granted to the Six Nations that includes six miles on each side of the Grand River. Our active work toward reconciliation takes place across our campuses through research, learning, teaching, and community building, and is co-ordinated within our Office of Indigenous Relations.
The University values the diverse and intersectional identities of its students, faculty, and staff. The University regards equity and diversity as an integral part of academic excellence and is committed to accessibility for all employees. The University of Waterloo seeks applicants who embrace our values of equity, anti-racism and inclusion. As such, we encourage applications from candidates who have been historically disadvantaged and marginalized, including applicants who identify as First Nations, Métis and/or Inuk (Inuit), Black, racialized, a person with a disability, women and/or 2SLGBTQ+.
All qualified candidates are encouraged to apply; however, Canadians and permanent residents will be given priority.
The University of Waterloo is committed to accessibility for persons with disabilities. If you have any application, interview, or workplace accommodation requests, please contact Human Resources at hrhelp@uwaterloo.ca  or 519-888-4567, ext. 45935.
#J-18808-Ljbffr
Apply safely
To stay safe in your job search, information on common scams and to get free expert advice, we recommend that you visit SAFERjobs, a non-profit, joint industry and law enforcement organization working to combat job scams.