Privacy Specialist 6999-0515

HM Note: This hybrid role is three (3) days in office and commences April 2 2024

Responsibilities: and nbsp;

Required to lead or support the development of a privacy impact assessment that evaluates whether new technologies information systems or proposed programs or policies meet legal and policy privacy requirements determine and mitigate risks and address clients concerns.

These requirements include ensuring that the program complies with provincial municipal federal and private sector access and privacy legislation as well as relevant regulations statutes OPS policies Directives standards guidelines and internationally accepted Fair Information Practices.

General Skills:

Excellent knowledge of privacy and security concepts trends and issues. This will include an understanding of their impact on business processes as well as skill with interpretation and communication of principles and compliance requirements

Knowledge of and experience in researching and applying relevant information privacy laws regulations jurisprudence (particularly as it relates to the Information and Privacy Commissioner of Ontario) and risk countermeasures

Experience in conducting Privacy Impact Assessments in public sector context

Knowledge of and experience with privacy enhancing best practices

Knowledge and ability to interpret and apply Ontarios Freedom of Information and Protection of Privacy Act (FIPPA) and its municipal equivalent the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) Personal Health Information Protection Act (PHIPA) their respective regulations and related jurisprudence

Familiarity with federal Personal Information Protection and Electronic Documents Act (PIPEDA) and US PATRIOT Act

Policy Knowledge

Familiarity with OPS Privacy Impact Assessment Process and Tools released by the Ontario Ministry of Government Services;

Good understanding of related disciplines such as IT security IT system design policy development (privacy or security) business architecture legal processes Freedom of Information administration business analysis risk management project management.

Operational Program and Business Design Skills

Ability to lead mange or support the development of a PIA either independently or as part of a team by directing and gathering input from specific individuals within the organization

Knowledge and ability to create and understand data flow diagrams and business process diagrams

Ability to recognize the need for and seek input from external experts as required

Excellent communication skills with technical and business audiences and non access and privacy experts.

Technology and Systems Knowledge

Analytical skills to understand the current and future access and privacy implications of policies decisions and business initiatives

Knowledge of Information Technology concepts and processes that impact the protection of personal information including (but not limited to) Internet tools system interfaces information security information architecture and data flows

Information and Record Keeping Knowledge

Experience in developing risk assessment tools methodologies policies and procedures to effectively manage personal information

Knowledge of policies directives standards business rules procedures and guidelines relating to records management including classification retention and disposition of information

Knowledge and understanding of Accessibility for Ontarians with Disability Act (AODA) and related regulations and standards

Desirable Skills:

Professional certification from a related discipline such as IT security architecture

Experience providing education and training related to privacy

Knowledge of and experience with the policies and procedures of the Ontario government (e.g. business case development project approvals and policy development)

Skills

Experience and Skill Set Requirements

Musthave experience in:

• Conducting privacy impact assessments involving both PHIPA and FIPPA citing examples in resume
• Conducting PIAs involving mobile app solutions and the unique security and privacy challenges associated with such platforms
• Experience and understanding of digital credential platforms and decentralized models for credentials (selfsovereign identitySSI)
• Develop privacyenhancing tools and techniques
• Develop KPIs and report metrics
• Developing ways and means to align with broader government programs and practices
• Developing designs and architectures to inform a privacy/data governance function that can be implemented for the DI Program and potentially all of ODS
• Experience in developing and implementing Consent management frameworks policy and supporting business practices.

In addition must have the ability to:

• Provide privacy and data governance advisory services
• and nbsp;Assist with development of statutory and regulatory instruments to address digital identity and related privacy matters

and nbsp; and nbsp;Experience with Verifiable Credentials specifically SSI model approaches.

and nbsp; Knowledge and ability to create and understand data flow diagrams and business process diagrams;

Ability to recognize the need for and seek input from external experts as required;

and nbsp;Conduct PIAs as required

and nbsp;Develop privacyenhancing tools and techniques

and nbsp;Develop KPIs and report metrics

and nbsp;Develop ways and means to align with broader government programs and practices and nbsp;

and nbsp;Develop designs and architectures to inform a privacy/data governance function for the DI Program and potentially all of ODS

and nbsp;Provide privacy and data governance advisory services and nbsp;

and nbsp;Assist with development of statutory and regulatory instruments to address digital credentials and related privacy matters

Nice to have:

• Public Sector experience
• Current OPS security clearance is highly desirable.

and nbsp;

In addition to responsibilities and skills noted previously the following requirements will be evaluated: and nbsp;

and nbsp;

35% Privacy Assessment Consent Management Policy and Legislative Requirements

• Experienced in privacy legislation including Freedom of Information and Protection of Privacy Act (FIPPA) Personal Health Information Protection Act (PHIPA) the Personal Information Protection and Electronic Documents Act (PIPEDA)
• Experienced in conducting privacy assessments involving personal information and personal health information citing examples in resume.
• Experienced in leading and conducting privacy assessments involving online and/or mobile digital solutions that handle personal and health related information
• Experience and understanding of credential holder centric ecosystems (decentralized identity models like SSI) supporting platforms and digital wallets
• Lead and conducted assessments involving personal health information involving third party solutions (e.g. private sector or nonprofit application solutions) and/or service integration providers
• Experienced working with legal council and/or policy development teams; reviewing and comparing policies and legislation to make informed recommendations to ensure adequate legal and/or statutory authorities privacy protections and record keeping considerations are addressed in support of program and project specific objectives.
• SME and experienced in developing approaches for consent management; developing conceptual and logical models identifying system and business requirements

and nbsp;

and nbsp;25% Technical understanding

• Experience with privacy risks and conducting PIAs associated with integration between legacy systems web applications mobile and cloud based solutions to obtain retrieve and synchronize information.
• Experience with privacy risks and conducting PIAs involving mobile app solutions and the unique security and privacy challenges associated with such platforms
• Demonstrated experience and familiarity with strong security encryption and privacy protection approaches to digital solutions including mobile; web based and backend integrations via API or similar approaches.
• Experience with decentralized credential systems supporting platforms/technologies and digital wallets that can secure a Holders personal information and protect their privacy through selective disclosure and zeroknowledge proofs.
• Familiar with Digital Wallet technologies (native within OS or third party) including the security and privacy considerations limitations and best practices for local data protection on mobile devices
• Familiar with cloud based digital wallet technologies including the security and privacy considerations limitations and best practices for data protection
• Experience knowledge and understanding of privacy protection standards and best practices business information and security architecture principles and emerging technology related to the protection of privacy and personal information

and nbsp;

and nbsp;25% Leadership and Communications

• Demonstrated strong communication and engagement skills with ability to lead teams in discovery sessions to elicit details of technical solutions business processes and/or policies; strong writing skills to document findings recommendation etc.
• Demonstrated ability to interpret both technical (e.g. architecture design documents process flows state transition diagrams etc.) and non technical documentation to conduct assessment of impacts and to develop mitigation strategies
• Strong organizational and time management skills to manage multiple and concurrent requests in an agile and highly dynamic work environment setting.
• Strong presentation abilities to communicate findings recommendations etc. to senior management and executives to inform decision making; able to communicate complex problems/issues in a simple terms

and nbsp;

15% Digital Credential Frameworks and Standards

• Experience in developing applying and/or evaluating trust frameworks such as the PCTF eIDAS or similar.
• Experience with digital credential standards such as NIST W3C etc.
• Experience with and understanding of SSI models how they relate/impact privacy consent data governance.

Must Haves:

• Experience and understanding of credential holder centric ecosystems (decentralized identity models like SSI) supporting platforms and digital wallets
• Experienced in leading and conducting privacy assessments involving online and/or mobile digital solutions that handle personal and health related information
• Demonstrated experience and familiarity with strong security encryption and privacy protection approaches to digital solutions including mobile; web based and backend integrations via API or similar approaches
• Experience with decentralized credential systems supporting platforms/technologies and digital wallets that can secure a Holders personal information and protect their privacy through selective disclosure and zeroknowledge proofs.