Source Code - 159 emplois
Toronto, ON
Détails de l'emploi :
RQ00698 - Sr. Privacy Impact Assessment (PIA) Specialist
6-month contract (129 business days) - possible extension
ONSITE 5 days - 777 Bay St. 20th Floor
Must Haves:
- Required to lead or support the development of a privacy impact assessment that evaluates whether the interactive website, including user account setup, collection of email addresses, use of display names on a public portal, classroom enrollment processes, access codes, and any additional current or future collection, use, disclosure, or processing of personal information, meets legal and policy privacy requirements, determines and mitigates risks, and addresses client concerns.
- These requirements include ensuring that the program complies with applicable provincial, municipal, federal, and private sector privacy legislation, as well as relevant regulations, statutes, OPS policies, Directives, standards, guidelines, and internationally accepted Fair Information Practices.
- Experience leading or supporting Privacy Impact Assessments for digital platforms, websites, online services, or user account systems;
- Strong knowledge of privacy laws, privacy principles, and privacy-by-design requirements that apply to websites collecting personal information;
- Ability to review website features, user journeys, and account setup flows to identify where personal information is collected, used, displayed, stored, or shared;
- Understanding that privacy messages may need to be placed in different locations and written differently depending on context, such as footer links, privacy policies, just-in-time notices, account setup screens, and classroom onboarding flows;
- Ability to distinguish between longer-form privacy policy content and shorter, user-friendly notices shown at the point of collection or decision-making;
- Experience drafting or advising on plain-language privacy notices, consent wording, and user-facing privacy explanations for different audiences, including students, teachers, and parents or guardians;
- Ability to assess privacy risks related to youth users, public display names, access codes, teacher-managed accounts, and student self-registration flows;
- Demonstrated ability to interpret legal and policy requirements and translate them into clear, practical guidance for compliance, design and implementation
Responsibilities:
- Required to lead or support the development of a privacy impact assessment that evaluates whether the interactive website, including user account setup, collection of email addresses, use of display names on a public portal, classroom enrollment processes, access codes, and any additional current or future collection, use, disclosure, or processing of personal information, meets legal and policy privacy requirements, determines and mitigates risks, and addresses client concerns.
- These requirements include ensuring that the program complies with applicable provincial, municipal, federal, and private sector privacy legislation, as well as relevant regulations, statutes, OPS policies, Directives, standards, guidelines, and internationally accepted Fair Information Practices.
General Skills:
- Experience leading or supporting Privacy Impact Assessments for digital platforms, websites, online services, or user account systems;
- Strong knowledge of privacy laws, privacy principles, and privacy-by-design requirements that apply to websites collecting personal information;
- Ability to work closely with legal counsel to interpret privacy requirements and translate them into practical business and design decisions;
- Ability to review website features, user journeys, and account setup flows to identify where personal information is collected, used, displayed, stored, or shared;
- Ability to work with UX and design teams to identify where privacy notices, consent language, and key messages should appear within the user experience;
- Understanding that privacy messages may need to be placed in different locations and written differently depending on context, such as footer links, privacy policies, just-in-time notices, account setup screens, and classroom onboarding flows;
- Ability to distinguish between longer-form privacy policy content and shorter, user-friendly notices shown at the point of collection or decision-making;
- Experience drafting or advising on plain-language privacy notices, consent wording, and user-facing privacy explanations for different audiences, including students, teachers, and parents or guardians;
- Ability to assess privacy risks related to youth users, public display names, access codes, teacher-managed accounts, and student self-registration flows;
- Strong analytical skills to identify privacy risks, recommend mitigations, and document decisions clearly for legal, business, design, and technical stakeholders;
- Strong written and verbal communication skills, with the ability to explain privacy requirements in practical, non-legal language;
- Excellent knowledge of privacy and security concepts, trends, and issues including their impact on digital services, website features, and business processes. Demonstrated ability to interpret legal and policy requirements and translate them into clear, practical guidance for compliance, design and implementation;
- Knowledge of, and experience in researching and applying relevant information privacy laws, regulations, jurisprudence (particularly as it relates to the Information and Privacy Commissioner of Ontario/Canada and US) and risk countermeasures ;
- Experience in conducting Privacy Impact Assessments in public sector context;
- Knowledge of, and experience with privacy enhancing best practices;
- Knowledge and ability to interpret and apply Ontario's Freedom of Information and Protection of Privacy Act (FIPPA) and its municipal equivalent the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA), Personal Health Information Protection Act (PHIPA) their respective regulations and related jurisprudence;
- Familiarity with federal Personal Information Protection and Electronic Documents Act (PIPEDA) and US PATRIOT Act.
- Policy Knowledge
- Familiarity with OPS Privacy Impact Assessment Process and Tools released by the Ontario Ministry of Government Services;
- Good understanding of related disciplines, such as IT security, IT system design, policy development (privacy or security), business architecture, legal processes, Freedom of Information administration, business analysis, risk management, project management.
- Operational Program and Business Design Skills
- Ability to lead, mange or support the development of a PIA either independently or as part of a team by directing and gathering input from specific individuals within the organization;
- Knowledge and ability to create and understand data flow diagrams and business process diagrams;
- Ability to recognize the need for, and seek input from external experts as required;
- Excellent communication skills with technical and business audiences and non- access and privacy experts.
- Technology and Systems Knowledge
- Analytical skills to understand the current and future access and privacy implications of policies, decisions and business initiatives;
- Knowledge of Information Technology concepts and processes that impact the protection of personal information, including (but not limited to) Internet tools, system interfaces, information security, information architecture and data flows;
- Information and Record Keeping Knowledge;
- Experience in developing risk assessment tools, methodologies, policies and procedures to effectively manage personal information;
- Knowledge of policies, directives, standards, business rules, procedures and guidelines relating to records management including classification, retention and disposition of information;
- Knowledge and understanding of Accessibility for Ontarians with Disability Act (AODA) and related regulations and standards;
Desirable Skills:
- Professional certification from a related discipline such as IT security, architecture
- Experience providing education and training related to privacy
- Knowledge of, and experience with the policies and procedures of the Ontario government (e.g. business case development, project approvals and policy development)
Deliverables:
- A final Privacy Impact Assessment report for the interactive website and associated business processes;
- A documented data flow map or data inventory describing account setup, classroom enrollment, public display names, teacher and student workflows, and any current or future collection, use, disclosure, storage, or processing of personal information;
- A privacy requirements analysis document identifying applicable legal, policy, and compliance obligations for the website and related processes;
- A privacy risk assessment document identifying key privacy risks, their impact, and recommended mitigation measures;
- A privacy-by-design recommendations document covering account creation, notices, consent language, display name practices, access controls, and public portal features;
- A review and recommendations summary for privacy notices, privacy policy content, and just-in-time messaging across the user experience;
- A stakeholder guidance document or briefing for legal, business, design, communications, and technical teams outlining privacy requirements to be incorporated into the solution;
- An issues, decisions, assumptions, and action log documenting outstanding privacy matters requiring follow-up, resolution, or approval;
- A final findings and recommendations summary outlining next steps for implementation, remediation, and ongoing privacy compliance.
AI Disclaimer: Source Code may use artificial intelligence (AI) tools to assist in certain aspects of its recruiting and business operations.
Note: The higher end of the range is intended for absolutely exceptional candidates who meet all must-have requirements and most or all nice-to-have qualifications. The client will evaluate candidates based on both rate expectations and overall skill set when shortlisting.
INCORPORATED RATE RANGE (7.25 billable hours per day)
- $93.27/hr - $112.00/hr Inc.
T4 RATE RANGE (7.25 billable hours per day)
- $74.62/hr - $89.60/hr T4