Under the direction of the Manager, Records and Information Services, this position will handle highly sensitive and far-reaching access to information requests, effectively manage organizational privacy-related matters and conduct privacy / security audits to guard the integrity of internal as well as external / resident information.

The Officer will be responsible for developing, implementing and overseeing access to information and privacy policies, procedures and practices across all departments.

They will design, implement and deliver privacy training to subject matter specialists, ensuring orientation and ongoing awareness campaigns, and communicate with staff to support town-wide privacy awareness, identification and minimization of privacy-related risks.

The Officer will prepare privacy impact assessments (PIA) and will review new or changing projects, initiatives, technology and agreements affecting both internal and external constituents.

Additionally, they will act as a senior subject matter expert, providing advice and guidance on the application of MFIPPA and PIPEDA, including response to privacy related inquiries, incidents, breaches and access requests.

As a part of their role, they will assume oversight of incoming requests, assigns and provide guidance to FOI Coordinators and Clerk’s Staff.

Finally, they will also conduct research, maintain up-to-date knowledge of emerging privacy issues, relevant jurisprudence and developments and will interpret and analyze complex information in order to provide advice and recommendations on specific issues and on trends, risks and opportunities.

What can I expect to do in this role?

• Builds a strategic and comprehensive privacy framework that defines, develops, maintains and implements policies and processes that enable consistent, effective privacy practices which minimize risk and ensure the confidentiality of personal information (PI), paper and / or electronic, across all media types.
• Ensures privacy forms, policies, standards and procedures are up-to-date. This includes conducting and overseeing privacy impact assessments, corporate audits, providing guidance on data handling practices, and ensuring compliance with international, federal, provincial and municipal privacy laws and regulations.
• Works closely with external resources, ITS, Legal, HR and Purchasing staff to develop and maintain robust data privacy and security measures.

Implementation of the 7 key principals of Access by Design. Applies Routine Disclosure / Active Dissemination Best Practices.

Monitors and coordinates response to emerging threats and vulnerabilities, conducts regular audits, and oversees incident response and recovery plans.

Designs and delivers specialized training programs and workshops to educate employees and vendors on access and privacy obligations and the data minimization concept, raising awareness of best practices and promoting a culture of data protection throughout the municipality.

This position will make recommendations and provide guidance on how personal information, privacy and data is handled throughout its lifecycle.

• Manages, assigns and processes requests for access to information from the public, ensuring compliance with statutory timelines and coordinating with relevant departments to gather and disseminate requested information.
• Represents, negotiates and defends Town’s position in appeals, mediations and adjudication with the Information Privacy Commissioner and appellants.
• Primary point of contact for privacy-related complaints and inquiries, investigating and resolving issues and breaches in a timely and professional manner.

This includes liaising with relevant authorities, such as the Information and Privacy Commissioner’s Office.

Accountable for creating and maintaining Corporate policies, procedures and standards that are consistent with legislative requirements, best practices, emerging security threats.

Collaborates and guides internal stakeholders to develop, train and maintain access and privacy policies, procedures and protocols.

Performs other duties as assigned.

How do I qualify?

• Successful completion of a degree in Records and Information Management, Business Law, Public Administration or a related discipline (or a combination of education, training and experience deemed equivalent).
• Access and Privacy Professional Certification is an asset.
• 4-5 years of directly related experience working with the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) or other related access and privacy legislation, including experience in policy / procedure development and analysis.
• Experience in conducting Privacy Impact Assessments (PIAs) and handling Privacy Breaches.
• Sound knowledge of creating and delivering training and development, change management, risk management and an understanding of information systems.
• Excellent mediation / negotiation skills.
• Strong verbal and written communication skills with the ability to communicate complex, legal and technical information to a wide variety of audiences.
• Sound investigative and technical research skills.
• Strong attention to detail, prioritization, and time management skills.

We offer :

• A hybrid work schedule
• A defined benefit pension plan (OMERS)
• Comprehensive health plan complemented with life and disability insurance
• A progressive work environment that promotes a work / life balance and strives to be a great place for great people to do great things

Closing Date : 11 : 59 pm (ET) on April 4, 2024