Program Consultant, Privacy and Legal Services

At CIHI, we recognize what matters to our employees.

Some of the benefits of working at CIHI include

• Retirement Planning Program
• Generous vacation days for permanent and long-term contracts
• Work-life balance
• Learning and Professional Development Program
• Flexible benefits program from your first day on the job for permanent and long-term contracts

Why is this role important?

Reporting to the Senior Privacy Consultant the Program Consultant, Privacy and Legal Services works with team members in the Privacy Office as well as organizational leaders to ensure the organization develops, implements and maintains a comprehensive privacy program in compliance with legislative and legal requirements, as well as industry best practices.

What you'll do

1. Acts as the subject matter expert providing strategic privacy advice to program areas as well as internally to the department on matters relating to the collection, use, disclosure, retention and disposition of personal information and personal health information, and the amendment, implementation and application of privacy policies within CIHI.

2. Provides strategic advice and recommendations to Privacy and Legal senior management on a broad range of key privacy issues and priorities to support CIHI’s Privacy Program. Conducts research on privacy topics, related legislation, privacy commissioners’ investigative results and guidance, gathers information from diverse sources and develops business cases as required.

3. Responds to privacy incidents and breaches as part of the Privacy and Security Incident Management Protocol, by investigating, and making recommendations for corrective action to senior management.

4. Guides program areas in the drafting of Privacy Impact Assessments (PIA) by providing advice, guidance and privacy expertise to program areas and projects, including the application of Privacy and Security risk management methodology.

5. Leads planned external audits and other related ongoing compliance monitoring activities, analyzes and presents results to senior management.

6. Consults, in collaboration with the Information Security office, on CIHI’s Third-party Data Request program to ensure compliance with CIHI’s privacy policies and that data destruction requirements are met by third parties.

7. Work with internal stakeholders to promote awareness and increase adoption of privacy best practices, by leading aspects of the annual privacy training, development resources and awareness campaigns.

8. Collaborates with Information Security to ensure alignment between security and privacy practices.

9. Monitors emerging issues, trends and developments in the area of privacy protection of interest to CIHI, including decisions of federal, provincial / territorial Privacy Commissioners / Ombudsmen, and identifies and advises on implications for CIHI.

10. Leads and participates in other relevant Privacy projects and initiatives as required.

What you'll bring to the table

• Undergraduate degree in Health Information Management, Public Policy, Business Administration, Information Security, or another related field. An equal combination of education and related experience may be considered.
• Certified Information Privacy Professional (CIPP) required, another related Privacy certification including CIPP / C CIPM may be considered.
• 5 – 7 years’ recent job-related experience
• Previous operational experience applying Privacy by Design, the Personal Health Information Protection Act (PHIPA) legislation in the health care sector
• Demonstrated experience in writing policies and supporting documents or procedures.
• Knowledge of the health sector, research, AI and information technology
• Experience with annual reviews by the Information and Privacy Commissioner / Ontario for prescribed entities and persons is an asset.
• Experience in preparing education materials and facilitating training.
• Excellent analytical, organizational, research, and presentation skills.
• Evidence of ongoing commitment to continuous quality improvement
• Excellent interpersonal and communication skills, both written and oral with the ability to communicate complex ideas in simple terminology.
• Ability to collaborate as part of a team.
• Experience with conducting audits is an asset.
• Fluency in English is required, bilingualism in both official languages is an asset.