RQ00698 Sr. Privacy Impact Assessment Specialist

Source Code


Job Location:

Toronto - Canada

Monthly Salary: Not Disclosed
Posted on: 4 hours ago
Vacancies: 1 Vacancy

Job Summary

RQ00698 - Sr. Privacy Impact Assessment (PIA) Specialist

6-month contract (129 business days) - possible extension

ONSITE 5 days - 777 Bay St. 20th Floor

Must Haves:

  • Required to lead or support the development of a privacy impact assessment that evaluates whether the interactive website including user account setup collection of email addresses use of display names on a public portal classroom enrollment processes access codes and any additional current or future collection use disclosure or processing of personal information meets legal and policy privacy requirements determines and mitigates risks and addresses client concerns.
  • These requirements include ensuring that the program complies with applicable provincial municipal federal and private sector privacy legislation as well as relevant regulations statutes OPS policies Directives standards guidelines and internationally accepted Fair Information Practices.
  • Experience leading or supporting Privacy Impact Assessments for digital platforms websites online services or user account systems;
  • Strong knowledge of privacy laws privacy principles and privacy-by-design requirements that apply to websites collecting personal information;
  • Ability to review website features user journeys and account setup flows to identify where personal information is collected used displayed stored or shared;
  • Understanding that privacy messages may need to be placed in different locations and written differently depending on context such as footer links privacy policies just-in-time notices account setup screens and classroom onboarding flows;
  • Ability to distinguish between longer-form privacy policy content and shorter user-friendly notices shown at the point of collection or decision-making;
  • Experience drafting or advising on plain-language privacy notices consent wording and user-facing privacy explanations for different audiences including students teachers and parents or guardians;
  • Ability to assess privacy risks related to youth users public display names access codes teacher-managed accounts and student self-registration flows;
  • Demonstrated ability to interpret legal and policy requirements and translate them into clear practical guidance for compliance design and implementation

Responsibilities:

  • Required to lead or support the development of a privacy impact assessment that evaluates whether the interactive website including user account setup collection of email addresses use of display names on a public portal classroom enrollment processes access codes and any additional current or future collection use disclosure or processing of personal information meets legal and policy privacy requirements determines and mitigates risks and addresses client concerns.
  • These requirements include ensuring that the program complies with applicable provincial municipal federal and private sector privacy legislation as well as relevant regulations statutes OPS policies Directives standards guidelines and internationally accepted Fair Information Practices.

General Skills:

  • Experience leading or supporting Privacy Impact Assessments for digital platforms websites online services or user account systems;
  • Strong knowledge of privacy laws privacy principles and privacy-by-design requirements that apply to websites collecting personal information;
  • Ability to work closely with legal counsel to interpret privacy requirements and translate them into practical business and design decisions;
  • Ability to review website features user journeys and account setup flows to identify where personal information is collected used displayed stored or shared;
  • Ability to work with UX and design teams to identify where privacy notices consent language and key messages should appear within the user experience;
  • Understanding that privacy messages may need to be placed in different locations and written differently depending on context such as footer links privacy policies just-in-time notices account setup screens and classroom onboarding flows;
  • Ability to distinguish between longer-form privacy policy content and shorter user-friendly notices shown at the point of collection or decision-making;
  • Experience drafting or advising on plain-language privacy notices consent wording and user-facing privacy explanations for different audiences including students teachers and parents or guardians;
  • Ability to assess privacy risks related to youth users public display names access codes teacher-managed accounts and student self-registration flows;
  • Strong analytical skills to identify privacy risks recommend mitigations and document decisions clearly for legal business design and technical stakeholders;
  • Strong written and verbal communication skills with the ability to explain privacy requirements in practical non-legal language;
  • Excellent knowledge of privacy and security concepts trends and issues including their impact on digital services website features and business processes. Demonstrated ability to interpret legal and policy requirements and translate them into clear practical guidance for compliance design and implementation;
  • Knowledge of and experience in researching and applying relevant information privacy laws regulations jurisprudence (particularly as it relates to the Information and Privacy Commissioner of Ontario/Canada and US) and risk countermeasures ;
  • Experience in conducting Privacy Impact Assessments in public sector context;
  • Knowledge of and experience with privacy enhancing best practices;
  • Knowledge and ability to interpret and apply Ontarios Freedom of Information and Protection of Privacy Act (FIPPA) and its municipal equivalent the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) Personal Health Information Protection Act (PHIPA) their respective regulations and related jurisprudence;
  • Familiarity with federal Personal Information Protection and Electronic Documents Act (PIPEDA) and US PATRIOT Act.
  • Policy Knowledge
  • Familiarity with OPS Privacy Impact Assessment Process and Tools released by the Ontario Ministry of Government Services;
  • Good understanding of related disciplines such as IT security IT system design policy development (privacy or security) business architecture legal processes Freedom of Information administration business analysis risk management project management.
  • Operational Program and Business Design Skills
  • Ability to lead mange or support the development of a PIA either independently or as part of a team by directing and gathering input from specific individuals within the organization;
  • Knowledge and ability to create and understand data flow diagrams and business process diagrams;
  • Ability to recognize the need for and seek input from external experts as required;
  • Excellent communication skills with technical and business audiences and non- access and privacy experts.
  • Technology and Systems Knowledge
  • Analytical skills to understand the current and future access and privacy implications of policies decisions and business initiatives;
  • Knowledge of Information Technology concepts and processes that impact the protection of personal information including (but not limited to) Internet tools system interfaces information security information architecture and data flows;
  • Information and Record Keeping Knowledge;
  • Experience in developing risk assessment tools methodologies policies and procedures to effectively manage personal information;
  • Knowledge of policies directives standards business rules procedures and guidelines relating to records management including classification retention and disposition of information;
  • Knowledge and understanding of Accessibility for Ontarians with Disability Act (AODA) and related regulations and standards;

Desirable Skills:

  • Professional certification from a related discipline such as IT security architecture
  • Experience providing education and training related to privacy
  • Knowledge of and experience with the policies and procedures of the Ontario government (e.g. business case development project approvals and policy development)

Deliverables:

  1. A final Privacy Impact Assessment report for the interactive website and associated business processes;
  2. A documented data flow map or data inventory describing account setup classroom enrollment public display names teacher and student workflows and any current or future collection use disclosure storage or processing of personal information;
  3. A privacy requirements analysis document identifying applicable legal policy and compliance obligations for the website and related processes;
  4. A privacy risk assessment document identifying key privacy risks their impact and recommended mitigation measures;
  5. A privacy-by-design recommendations document covering account creation notices consent language display name practices access controls and public portal features;
  6. A review and recommendations summary for privacy notices privacy policy content and just-in-time messaging across the user experience;
  7. A stakeholder guidance document or briefing for legal business design communications and technical teams outlining privacy requirements to be incorporated into the solution;
  8. An issues decisions assumptions and action log documenting outstanding privacy matters requiring follow-up resolution or approval;
  9. A final findings and recommendations summary outlining next steps for implementation remediation and ongoing privacy compliance.

AI Disclaimer: Source Code may use artificial intelligence (AI) tools to assist in certain aspects of its recruiting and business operations.

Note: The higher end of the range is intended for absolutely exceptional candidates who meet all must-have requirements and most or all nice-to-have qualifications. The client will evaluate candidates based on both rate expectations and overall skill set when shortlisting.

INCORPORATED RATE RANGE (7.25 billable hours per day)

  • $93.27/hr - $112.00/hr Inc.

T4 RATE RANGE (7.25 billable hours per day)

  • $74.62/hr - $89.60/hr T4
RQ00698 - Sr. Privacy Impact Assessment (PIA) Specialist 6-month contract (129 business days) - possible extension ONSITE 5 days - 777 Bay St. 20th Floor Must Haves: Required to lead or support the development of a privacy impact assessment that evaluates whether the interactive website including...