Lead, Privacy

At Ontario Health, we are committed to developing a strong organizational culture that connects and inspires all team members across the province. Our vision is that together, we will be a leader in health and wellness for all. Our mission is to connect the health system to drive improved and equitable health outcomes, experiences and value. How we work together is reflected through our five values: integrity, inspiration, tenacity, humility and care.

• Fully paid medical, dental and vision coverage from your first day

• a health care spending account

• a premium defined benefit pension plan

• three personal days and two float days annually

• three weeks' vacation to start (for individual contributors), increasing to four weeks after two years

• career development opportunities

• a collaborative values-based team culture

• a wellness program

• a hybrid working model

• participation in Communities of Inclusion

Want to make a difference in your career? Consider this opportunity.

Here is what you will be doing:

Reporting to the Manager, Privacy, the Privacy Lead is responsible for the continued development, operationalization and execution of Ontario Health's privacy program and in particular all relevant privacy activities specific to Health811 and the Digital Health Information Exchange (DHIEX) programs. The Privacy Lead will ensure the relevant business unit and programs meet all requirements, roles and obligations under the Personal Health Information Protection Act, 2004 (PHIPA), and ensure these and privacy best practices and Privacy by Design principles are embedded into business unit operations and oversight. The Privacy Lead is responsible for the continued monitoring of the privacy program activities to ensure they meet evolving regulatory and or business requirements.

The Privacy Lead will use their privacy program and operational experience and knowledge of privacy, legal and regulatory requirements to support the development, evolution and operationalization of the privacy program. This role is expected to primarily (but not exclusively) support the Health811 and DHIEX business teams in meeting their business needs and advance new initiatives by providing privacy advisory services and conducting or overseeing the conduct of complex privacy impact assessments (PIAs). The Privacy Lead will be the key point of privacy contact for all projects and programs within the assigned business units. This role will also review, update, and implement standard operating procedures (SOPs), practices, and other mechanisms to address identified risks, and advance privacy knowledge and understanding for all members of the business units or teams.

The Privacy Lead will work closely with the Manager, Privacy, Chief Privacy Officer and other Ontario Health leaders and contributors. The Privacy Lead is expected to build internal and external relationships and liaise extensively with members of the Privacy team and functional teams across OH, including the Information Security Office (ISO), Strategy, Planning, Privacy & Analytics teams, and Legal Services.

The Privacy Lead will play an important role in championing a culture of privacy at Ontario Health and enabling compliance with Ontario Health's complex privacy requirements.

Here is what you will need to be successful:

As a Privacy Lead, you will have the opportunity to:

• Support the continued development and management of Health811, DHIEX and other initiatives as assigned that:
  • Is fully aligned and harmonized with the Ontario Health enterprise privacy program.
  • Ensures compliance with complex legislative and contractual requirements/obligations.
  • Embeds privacy best practice and Privacy by Design principles into business unit operations as well as new initiatives/projects.
  • Includes agreement frameworks that aligns with Ontario Health' standardized contractual approaches and obligations.
  • Supports the triennial Information and Privacy Commissioner of Ontario (IPC) reporting processes for prescribed designations under PHIPA.
  • Tracks, monitors, and remediates identified risks.
  • Identifies and addresses privacy education needs of the business teams.
  • Includes up-to-date and relevant SOPs to support operational compliance.
• Monitor the effectiveness of the privacy program, identifying gaps and addressing newly identified areas of risk as required.
• Support the continued operationalization of the privacy program, adjusting and expanding the program as required to accommodate business needs.
• Conduct or oversee the conduct of end-to-end PIAs on the business unit's existing programs and services to identify risks and develop and execute risk treatment plans, engaging subject matter experts from other portfolios or functional teams (e.g., Information Security, etc.) as needed.
• Support new projects and initiatives for the business unit by providing expert privacy advisory services, conducting PIAs and leading risk mitigation efforts.
• Develop and implement strategies to effectively prioritize the management of competing areas of risk, while supporting business objectives.
• Perform incident management, investigation, containment, and remediation for the business unit.
• Liaise with Legal, Information Security, and other teams as required to inform agreement structures and ensure a harmonized and standardized approach to data protection and information management across the organization.
• Proactively and effectively engage members of the Strategy, Planning, Privacy & Analytics Portfolio Leadership team as required to address areas of high risk or sensitivity.
• Monitor and stay current on relevant privacy, legal, technology and other matters that may impact Ontario Health's privacy program and risk posture.

Education and Experience

• Completion of a university (bachelor) program; holds an undergraduate or master's degree in health, policy, IT, security, law or related disciplines, or equivalent education/experience with evidence of continuing professional development in privacy.
• Recognized access and privacy designation (Certified Information Privacy Professional (CIPP/C) or other relevant privacy designation) is preferred.
• Recognized security certification is an asset.
• Minimum 5 years of direct operational level privacy experience, with 2-3 recent years focused in public sector healthcare privacy. Experience in an organization also designated as a PHIPA Agent, Prescribed Person and/or Prescribed Entity under PHIPA is an asset.
• Experience conducting privacy impact assessments and interpreting complex legislation, developing recommendations for risk mitigation, assigning responsibility for risk mitigation tasks and activities, and monitoring to completion.
• Experience developing and/or leading privacy program and operational activities including, for example, privacy breach management, training and awareness, and privacy risk management.
• Experience leading working groups, projects, or programs.
• Experience or familiarity with Ontario Health and/or CorHealth Ontario's business processes, including Prescribed Person and/or Entity requirements.

Knowledge and Skills

• Extensive knowledge of Ontario's Freedom of Information and Protection of Privacy Act (FIPPA) and Personal Health Information Protection Act, 2004 (PHIPA), privacy best practices and industry standards.
• Understanding of PHIPA Agent, Prescribed Organization, Prescribed Entity and/or Prescribed Person roles under PHIPA and related compliance requirements.
• Broad understanding of privacy concepts, trends, legislative and regulatory requirements, and emerging issues (e.g., de-identification, event auditing and monitoring, AI, privacy maturity models, etc.) and their potential impacts.
• Demonstrated ability to plan, develop and implement strategies to achieve privacy compliance, identify and remediate risk, and develop and grow a culture of privacy.
• Proficient in Microsoft based work environment (i.e., Word, PowerPoint, Excel, Teams).
• Strong organizational skills and ability to establish and manage priorities with a superior commitment to follow-through, employing a risk-based approach where appropriate.
• Excellent interpersonal skills with ability to build collaborative relationships with internal and external stakeholders.
• Excellent written communication skills, including the ability to draft policies, briefing notes, and risk assessments.
• Ability to effectively communicate with and present to a diverse range of stakeholders, including executive leaders, portfolio leaders, and subject matter experts for functional areas such as Information Security, Legal and Architecture.

#LI-RN1

Location: Ontario (currently hybrid; subject to change)

All applicants must be a resident of Ontario to be considered for roles at Ontario Health.

Employment Type:

Contract Length:

Salary Band:

External Application Deadline Date: