Privacy Officer

Full-Time, Permanent (Benefitted)

This posting is a result of a current vacancy. London, ON. Application Deadline: February 11, 2026

As the Privacy Officer, you’ll play a vital role in protecting the trust that is at the heart of mental health and addictions care. The Privacy Officer is responsible for developing, and overseeing the organization’s privacy program, and provides guidance on privacy matters, influences organizational decision making in relation to privacy and ensures compliance with applicable privacy legislation and organizational policy. Every day, you’ll help safeguard the dignity, confidentiality, and rights of individuals seeking support, often at their most vulnerable moments. This work offers the opportunity to make a real difference by ensuring that privacy is not just a compliance requirement, but a reflection of compassion, respect, equity in action and overall privacy risk management.

In this role, you will provide leadership and oversight for the organization’s privacy management program, ensuring compliance with all applicable privacy legislation, including the Personal Health Information Protection Act, 2004 (PHIPA), the Freedom of Information and Protection of Privacy Act (FIPPA), and related standards governing the collection, use, disclosure, and safeguarding of personal health information.

You will act as the organization’s primary resource and subject matter expert on privacy, confidentiality, and information governance. This position is responsible for developing, implementing, and maintaining privacy policies, procedures, and training programs; monitoring compliance; investigating privacy breaches; and promoting a culture of privacy and accountability across all programs and services.

As a trusted member of the Leadership Team, you will ensure that privacy principles are integrated into operational decisions, client care practices, and organizational systems to protect the confidentiality, integrity, and trust of clients, staff and organizational information. High degree of discretion and professionalism is critical due to access to confidential and sensitive business information.

• What you'll be making – $31.76 to $39.01 per hour
  • The above are initial rates; with grid increases as per policy
  • Internal staff members will be placed on the appropriate grid based on their current rate of pay, up to Level 8 of the grid (see Intranet Policy - http://bit.ly/CompensationPolicyPg16)
• When you'll work – 70 hours over two-week period; Hours will be Monday to Friday 8:30am-4:30pm
• Your pension plan – Immediately enrolled in the Healthcare of Ontario Pension Plan (HOOPP)
• Your benefits – After a 90-day waiting period, will be enrolled in extended health care benefits

• Develop, implement, and maintain a comprehensive privacy management program, including policies, procedures, and standards in alignment with PHIPA, FIPPA, and other relevant legislation and in alignment with organizational mission and strategic priorities
• Provide leadership and consultative direction for all domains of privacy initiatives and breaches within the organization including but not limited to client services, vendor management, human resources/labour relations, organization and board governance, IT and finance management, donors, community system partners etc.
• Act as the organization’s liaison with the Information and Privacy Commissioner of Ontario
• Monitor and interpret changes in privacy legislation and make recommendations to ensure organizational compliance
• Conduct privacy impact assessments (PIAs) and risk assessments for new initiatives, technologies, or partnerships to identify and mitigate privacy risks
• Ensure that privacy considerations are embedded into organizational planning, service delivery, and information systems
• Contribute to organizational projects and initiatives to ensure privacy is integrated into systems, workflows, and communication practices
• Support compliance with accreditation standards related to privacy and confidentiality
• Maintain and oversee the privacy risk register, maintain Records of Processing Activities (ROPA) and data maps
• Develop and conduct vendor risk assessments and privacy impact assessment where applicable
• Responds to requests for access and correction including requests for records outside the traditional health record and release of information to third parties such as insurance companies, police, WSIB, Children's and Family Services, regulatory colleges etc.

• Oversee and manage all privacy breaches and complaints, ensuring timely investigation, containment, notification, and remediation in accordance with legislative requirements and organization’s policies and practices
• Support program managers, People Services, Senior and Executive leadership through the investigation process, consult or participate in discipline or litigation processes related to privacy breaches, as required
• Develop corrective action plans and recommendations to prevent recurrence and strengthen organizational privacy safeguards regarding performance program performance, emerging risks and regulatory developments
• Receives and responds to complaint from the public, clients and other stakeholders

• Develop and deliver privacy education and training programs for all staff members, volunteers, students, and contractors to ensure understanding of privacy obligations
• Provide coaching and consultation to staff members and leaders regarding privacy practices, data-sharing protocols, and documentation standards
• Create educational materials, communications, and presentations to build and sustain a culture of privacy and respect for confidentiality across the organization

• Oversee and respond to requests for access to or correction of personal health information in accordance with PHIPA
• Provide guidance and decisions related to the disclosure of information, ensuring adherence to privacy legislation, organization’s policies and ethical standards
• Maintain and update documentation for all access and disclosure requests, ensuring accurate tracking and reporting

• Collaborate with the Information Technology Team and program leadership to ensure secure storage, retention, and disposal of both electronic and paper-based records
• Support the development and maintenance of record retention schedules consistent with legal and operational requirements
• Ensure information management practices support confidentiality, integrity, and availability of client and staff member information

• Work collaboratively across departments to integrate privacy and confidentiality principles into all areas of the organization
• Maintain effective relationships with internal and external stakeholders, including the IPC, partner agencies, service providers, legal representatives
• Participate in professional development and networking opportunities to maintain current knowledge of privacy best practices
• Demonstrate a commitment to equity and inclusion by ensuring privacy practices are culturally sensitive, accessible, and respectful to all clients and staff members

Police Criminal Record Check Requirements Successful candidates must have a Police Criminal Record Check completed in the last six months. Interested applicants who reside in the City of London and are in need of a Police Criminal Record Check (CRC) are encouraged to apply for one as soon as possible as CRCs in the City of London are currently taking approximately 4 weeks to be processed and offers of employment cannot be made without receipt of a CRC.

• Bachelor’s degree in Health Information Management, Health Administration, Law, or a related field, or equivalent combination of education and experience (primary proof of credentials will be required during the hiring process i.e. original degree/diploma or official transcript)
• Driver's licence and access to a vehicle with adequate insurance to carry out job duties
• Current, satisfactory Police Criminal Record Check

• 3–5 years of progressive experience in privacy, compliance, or information governance, preferably within a healthcare or community mental health and addictions environment.
• Experience developing and implementing privacy programs, policies, and training.
• Experience interpreting and applying privacy legislation (PHIPA, FIPPA, etc.).
• Experience managing privacy breaches and conducting privacy impact assessments.
• Strong understanding of PHIPA, FIPPA, and related provincial and federal privacy legislation
• Knowledge of mental health and addictions service delivery contexts and client privacy needs
• Familiarity with information security principles and electronic health record systems

Internal applicants To be considered as an internal applicant, current staff members are reminded to apply using their @cmhatv.ca or @slwar.ca email address.

Get your application in by – February 11, 2026

Our recruitment process allows us to learn about your previous work experience, your qualifications and your commitment to fulfilling our vision. While we appreciate the interest of all applicants, only those individuals being considered for a position will be personally contacted by someone from the interview team.

We welcome and encourage applications from all members of our community including persons of any gender, gender identity, gender expression, or sexual orientation, persons with disabilities, Indigenous persons, and members of visible minorities. If you require accommodations related to a disability at any point during the recruitment process, please contact Human.Resources@cmhatv.ca.

• For legal purposes our full business name is: Canadian Mental Health Association Thames Valley Addiction and Mental Health Services
• Artificial Intelligence is not currently employed in our recruitment processes