Position Profile


Job Title:  Privacy Specialist

Work Unit:  Corporate Services Division / Business Services / Information and Privacy Office

Ministry:  Alberta Human Services

Competition Number:  1039660

Date:  December 2016
 

Purpose

 

The Information and Privacy Office (IPO) In Human Services (HS) is responsible for the delivery of privacy related services on behalf of the public bodies under the Ministries of HS, Advanced Education (AE), and Status of Women (SW). Reporting to the Manager, Privacy Unit, IPO, the Privacy Specialist provides leadership in the completion of Privacy Impact Assessments and/or Privacy Scans for new programs, activities or databases. The Privacy Specialist completes assigned privacy breach investigations and privacy related consults. The Privacy Specialist also develops or assists in the development or review of policies, contracts, forms and Information sharing agreements to ensure legislative compliance and best practices on privacy matters for the supported ministries. The position ensures through proactive leadership, consultation, coordination and education that supported organization programs and activities operate in accordance with, and in the spirit of, the Freedom of Information and Protection of Privacy (FOIP) Act.

Responsibilities and Activities

 

Reporting to the Manager of the Privacy Unit:

  • As part of the organization's project management process, in consultation with the Manager determine whether a Privacy Impact Assessment (PIA) or Privacy Scan (PS) is required, based on an analysis of the collection and flow of personal information, and the need to mitigate potential privacy concerns. Takes the lead in the coordination, consultation, education (when required) of relevant parties such as the program lead, IT personnel or other public bodies or private agencies (when applicable) in order to successfully complete the PIA or PS and resolve or mitigate potential privacy issues. Submit the final PIA or PS to the Manager. The Privacy Specialist is the main contact for the Office of the Information and Privacy Commissioner (OIPC) once the PIA or PS is submitted to their office.
  • Be a protection of privacy and security expert to the above noted Ministries and their affiliated public bodies. This includes the following responsibilities:
    • Provide written responses to consultations assigned by the Manager related to privacy and security aspects of FOIP.
    • Provide verbal consultations and/or written consultation on inquiries received directly by the Privacy Specialist related to the privacy and security aspects of FOIP. Read and keep up to date on the written consults of other Privacy and Access Specialists, Managers and the Director of the IPO.
    • Represent the IPO and the Manager of the Privacy Unit on special cross-ministerial and intergovernmental projects, committees and working groups.
    • Assist in the development and/or review of policies, contracts, information sharing agreements and forms to ensure that they are compliant with the FOIP Act and/or other governing legislation.
    • Review and provide consultation on Privacy Readiness Reviews that are submitted to the IPO.
  • Conduct privacy investigation into formal complaints of an alleged privacy breach when assigned by the Manager. Where an OIPC reported privacy breach is assigned, act as the liaison between the OIPC and the program area where the breach is alleged to have occurred Submit a written report to the Manager on assigned complaints.
  • Develop or assist in the development, maintenance and communication of policies, procedures and best practices with respect to privacy and related security matters for the organizations supported by the Information and Privacy Office (HS, AE, and CHA). Provide advice, options and recommendations to the Managers or the Director of the /PO Unit for Incorporating a privacy awareness culture into supported organization programs and activities.
  • Keep current on legislative changes to the privacy and program legislation that supported Ministries operate under.
  • Keep current on all pertinent orders, investigations and practice notes issued by the OIPC. (Orders/investigations are assigned to a Privacy Specialist to review and summarize for the program areas who may be impacted by the order or investigation)
  • Review privacy and security issues, and provide analyses, options and recommendations to supported organization staff. This is accomplished by educating program areas on their responsibility to consider privacy/security issues and to involve the IPO In the early stages of program or database development.
  • Apply program management skills as the lead of information management in new Government of Alberta initiatives.
  • Provide specialized training when assigned requests from program areas.
  • Attend Provincial FOIP Specialists meetings and privacy related workshops and conferences.

Scope

 

The following provides a summary of who the Privacy Specialist deals with on an ongoing basis and the purpose of dealings, across some 80+ public bodies’ in3 ministries:

  • Through their collaborative work with an assembled team of program experts the Privacy Specialist must quickly gain a comprehensive understanding of the proposed program or database and any parent legislation that the program or service area operates under. The Privacy Specialist must be able to explain complex programs and databases in the PIA in plain English using visuals to assist the reader. It is common for the PIA to be posted on a GOA website once it has been accepted by the OIPC and it is therefore expected that the document be both well written and well presented.
  • The program lead assigned to work with the Privacy Specialist on a PIA is typically a senior manager or director from the program area. Consultation with legal counsel from the program area and IT personnel is also common when completing a PIA to discuss legal or security issues. The PIA is reviewed by the Privacy Manager and signed off by the IPO Director, ADM and the DM or CEO of the public body.
  • Consultation with other Federal, Provincial or Municipal jurisdictions or private organizations when PIAs are conducted on shared services or programs or when consults involve the disclosure of information to other jurisdictions.
  • Verbal and written consultations are completed for staff from the Deputy Minister through to front line staff. Questions from the general public relating to matters of privacy and access can be directed to the Privacy Specialist.
  • Staff from the OIPC to answer questions relating to a PIA/PS/FOIP statement or a privacy investigation. A Privacy Investigation can potentially involve staff members in any classification depending on the staff member/s alleged to have breached Part 2 of the Act.
  • Report to the Director of the Information and Privacy Office and the Privacy Manager for issues and problems including those not delegated to the Privacy Specialist.
  • Works collaboratively with Legislative Planning, Family Law and Justice to resolve legal issues that relate to privacy matters.
  • Consults with records and information management staff to resolve related issues.
  • Works collaboratively with staff from the IM/IT areas of the supported organizations to identify, coordinate and resolve overlapping areas of concern or interest.
  • Works collaboratively with FOIP Specialists and/or legal counsel from other public bodies when there is joint program or shared service provided by more than one public body.

Knowledge, Skills and Abilities

 
  • Overall working knowledge of the FOIP Act and a comprehensive knowledge on Part 2 of the Act.
  • Broad knowledge of other Privacy Legislation (i.e. Personal Information Protection Act, Personal Information Protection and Electronic Documents Act, Health Information Act, Access to Information Act, Privacy Act) and how they interact with FOIP and program legislation (e.g., Income and Employment Supports Act, Child, Youth and Family Enhancement Act, Employment Standards Cods, Post-Secondary Learning Act, Student Finance Act, Government Organization Act. Note that there are well over 75 pieces of program legislation that may need to be reviewed and understood at one time or another).
  • Expertise in writing a PIA or sufficient background to acquire the skill quickly.
  • The ability to apply project management skills as the information management lead in new Government of Alberta initiatives.
  • The ability to analyze and interpret any piece of legislation and apply this knowledge when completing a PIA or a consult for a program area.
  • The ability to be creative and concise in writing a PIA or PS on a complex program or electronic system.
  • Knowledge of general and specific privacy and security principles and practices.
  • Strongly developed facilitation, interpersonal and leadership skills to work effectively and professionally with staff at every level in an organization, other public bodies and the general public are essential.
  • Ability to learn about other environments such as information management, records management, contracting, IT, security, supported organization programs and activities, the organization's culture, and the ability to integrate these perspectives with privacy is desirable.
  • Practical knowledge of the application of privacy and security principles to different electronic media including computer applications, email, cell phones and emerging technologies is desirable.
  • Excellent writing and verbal communication skills are required.
  • An ability to analyze policy, procedural, system and legal issues, including problem solving skills and ability to make sound decisions on possible outcomes or solutions is critical.
  • The ability to provide meaningful input into the development of legislation, policy, strategic and operational planning.
  • Ability to work independently with minimal supervision and as a member of a team seeking consultation and guidance from Management when necessary and keeping them informed of sensitive issues.
  • Ability to articulate the rationale and defend the work being done by the Information and Privacy Office as when reviewed by the staff of the OIPC and others.
  • Ability to provide cover-off duty in the absence of the Manager of the Privacy Unit if required.
  • Previous experience related to FOIP legislation is required. Experience should include policy development, service delivery, and/or privacy or security issue analysis. Related experience (3-5 years) in information management, legal interpretation, and privacy and security areas is highly desirable.
  • Proven experience using the Microsoft Office Suite programs and the Internet is essential. Experience in using VISIO is desirable.

Contacts

Clients Nature and Purpose of Contact
Internal

Information and Privacy Office Director, Managers and other Privacy Specialists

Consultation on a PIA, Privacy Investigation or other privacy related matters.

Represent the IPO at government or intergovernmental meetings and exchange information.

Information Management and Application Support staff

Coordinate, consult and provide recommendations on security or collection issues that relate to the PIA or matters that relate to a privacy breach Investigation.

Program and Branch Heads

Meetings and regular contact with the assigned program lead throughout the development of the PIA.

Make recommendations for change when practices or procedures are deemed to not be in compliance with legislation.

Review and assist in the development of Privacy Readiness Reviews.

Legislative Services

Work collaboratively with legal counsel on matters that relate to access and privacy in the FOIP Act, other privacy legislation or Acts that programs operate under in writing the PIA.

Provide feedback and recommendations on contracts, Information Sharing Agreements or Memoranda of Understandings that relate to the PIA.

Senior Records Officer

Obtain records management advice with respect to retention schedules as they relate to a PIA or consult.

Provide a heads-up on projects that may have records management implications.

Any Ministry employee from front-line staff to the Deputy Minister's office

Provide verbal consults and recommend written consults where appropriate on matters that relate to privacy.

Provide written consults on assigned consults from Manager on matters that relate to privacy. Requests for written consults are usually received from Senior Managers, Program or Branch Heads.

External

General Public

Provide the supported organization's views with respect to privacy and security issues impacting the collection, use and disclosure of personal Information.

Answer questions on matters relating to privacy and refer to the appropriate office when necessary.

On occasion respond to alleged privacy breaches assigned by the Manager by completing a privacy Investigation and writing a report for submission to the Manager.

Office of the Information and Privacy Commissioner (OIPC)

Provide the supported organization's views on matters pertaining to the privacy and security of personal Information, by the preparation of a PIA or PS and submission to the OIPC after the review and sign-off process.

Act as the liaison between the OIPC and the program area when there are questions or concerns that relate to a submitted PIA or PS.

Act as the liaison between the OIPC and the program area on assigned OIPC privacy investigations into an alleged breach of privacy in the program area.

Privacy/security professionals and related organizations across government

Participate in joint PIA projects with other government FOIP offices and/or their legal counsel.

Represent the IPO on special cross-Ministerial and Intergovernmental projects, committees and working groups.

Federal, Provincial, Municipal Jurisdictions and/or Private Organizations

Consultation when a PIA is conducted on a shared program or service or when a consult involves the disclosure of information external to the Ministry.

Supervision Exercised

  N/A

 

Back to Top