Privacy Impact Assessment (PIA) Specialist

Overview

The Ministry of Public and Business Service Delivery and Procurement (Land & Resources Cluster) is seeking a Senior Privacy Impact Assessment (PIA) Specialist for an onsite engagement in Toronto. The successful consultant will lead the development of privacy impact assessments that evaluate whether new technologies, information systems, or proposed programs and policies meet legal and policy privacy requirements. This role is critical in identifying and mitigating privacy risks while ensuring full compliance with applicable provincial, federal, and municipal privacy legislation.

Key Responsibilities

• Lead the development of Privacy Impact Assessments (PIAs) for new technologies, information systems, and proposed programs or policies
• Evaluate compliance with provincial, municipal, and federal access and privacy legislation including FIPPA, MFIPPA, PHIPA, and PIPEDA
• Ensure programs align with OPS policies, Directives, standards, guidelines, and internationally accepted Fair Information Practices
• Research and apply relevant information privacy laws, regulations, and jurisprudence, particularly as it relates to the Information and Privacy Commissioner of Ontario
• Direct and gather input from specific individuals within the organization to support PIA development independently or as part of a team
• Create and interpret data flow diagrams and business process diagrams to support privacy assessments
• Identify and mitigate privacy risks and recommend appropriate risk countermeasures
• Develop risk assessment tools, methodologies, policies, and procedures to effectively manage personal information
• Communicate privacy principles and compliance requirements to both technical and non-technical audiences
• Recognize when external expert input is required and facilitate that engagement
• Apply knowledge of IT security, system design, business architecture, and records management in the context of privacy assessments
• Ensure adherence to records management policies including classification, retention, and disposition of information

Must-Have Requirements

• Excellent knowledge of privacy and security concepts, trends, and issues, including their impact on business processes, and strong ability to interpret and communicate compliance requirements
• Demonstrated experience researching and applying relevant information privacy laws, regulations, and jurisprudence, particularly relating to the Information and Privacy Commissioner of Ontario, including risk countermeasures
• Proven experience conducting Privacy Impact Assessments in a public sector context
• Knowledge of and ability to interpret and apply Ontario's Freedom of Information and Protection of Privacy Act (FIPPA), Municipal Freedom of Information and Protection of Privacy Act (MFIPPA), and Personal Health Information Protection Act (PHIPA), including related regulations and jurisprudence
• Familiarity with the OPS Privacy Impact Assessment Process and Tools released by the Ontario Ministry of Government Services
• Good understanding of related disciplines including IT security, IT system design, policy development, business architecture, legal processes, Freedom of Information administration, business analysis, risk management, and project management
• Ability to lead, manage, or support the development of a PIA either independently or as part of a team, directing and gathering input from relevant stakeholders
• Knowledge of policies, directives, standards, business rules, procedures, and guidelines relating to records management including classification, retention, and disposition of information

Nice-to-Have Skills

• Familiarity with the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and the US PATRIOT Act
• Knowledge of privacy enhancing best practices and technologies
• Knowledge and understanding of the Accessibility for Ontarians with Disabilities Act (AODA) and related regulations and standards
• Analytical skills to assess current and future access and privacy implications of policies, decisions, and business initiatives
• Knowledge of Information Technology concepts and processes that impact the protection of personal information, including internet tools, system interfaces, information security, information architecture, and data flows

Work Environment

This is a fully onsite role based at 40 St Clair St W, 14th Floor, Toronto. No security clearance is required. The consultant will work within the Land & Resources Cluster under the Ministry of Public and Business Service Delivery and Procurement, collaborating closely with internal stakeholders and subject matter experts throughout the PIA process.