Responsible for the organization’s Privacy Program including but not limited to daily operations of the program, development, implementation, and maintenance of policies and procedures, monitoring program compliance, investigation and tracking of incidents and breaches and compliance with applicable privacy laws and regulations globally.
Key Job Responsibilities
- Develop and coordinate an organization-wide privacy risk management and compliance framework and governance structure by undertaking a comprehensive review of the Company’s data and privacy process and procedures for each applicable business function to ensure that they are consistent with relevant laws and regulations and the Company’s privacy and data security goals and policies
- Build a strategic and comprehensive privacy program that defines, develops, maintains and implements policies and processes that enable consistent, effective privacy practices which minimize risk and ensure the confidentiality and legal standards for privacy, data protection and security worldwide including protected health information (PHI), Ensures privacy forms, policies, standards, and procedures are up-to-date.
- Work with the organization’s senior management, security, legal and compliance to establish governance for the privacy program.
- Collaborate with information security to ensure alignment between security and privacy compliance programs including policies, practices, investigations, and act as a liaison to the information systems department.
- Establish, with information security and other appropriate functions, an ongoing process to track, investigate and report inappropriate access and disclosure of privacy issues including protected health information.
- Establish and administer a process for investigating and acting on privacy complaints. Administer action on all complaints concerning the organization’s privacy policies and procedures in coordination and collaboration with Information Security, Compliance and, when necessary, legal counsel
- Perform required incident risk assessment, documentation, and mitigation. Work with appropriate functions to ensure consistent application of sanctions for privacy violations
- Perform or oversee initial and periodic information privacy risk assessment/analysis, mitigation and remediation. Identify potential privacy issues and provide recommended solutions for compliance with policy and legal requirements across all business units.
- Conduct ongoing compliance monitoring activities in coordination with the organization's other compliance and operational assessment functions.
- Participates in the development, implementation, and ongoing compliance monitoring of contracts, to ensure all privacy concerns, requirements, and responsibilities are addressed.
- Maintain current knowledge of applicable international, federal and state privacy laws and accreditation standards.
- Develop, manage and assist in the implementation and maintenance of the Company’s information privacy policies and procedures to ensure that business activities are consistent with them
- Periodically revise the privacy program to reflect changes in laws, regulatory or Company policy and accreditation standards, and monitor advancements in information privacy technologies to ensure organizational adaptation and compliance, as needed
- Initiate, facilitate and promote activities to foster information privacy awareness within the organization and related entities.
- Develop privacy training materials and other communications to train employees and third parties, as appropriate, on company privacy policies, data handling practices and procedures and legal obligations
- Ensure timely adoption and execution of all GDPR and DPA (Data Privacy Act) data privacy compliance requirements
- Collaborate with the appropriate functions to develop a process for receiving, documenting, tracking, investigating and taking action on all privacy related complaints
- Special Projects as requested
- Other duties assigned
Education and Experience
- High School Diploma/GED
- Master's/Advance Degree
- lAPP Certifications such as CIPP/US, CIPP/E and/or CIPP/M, or CHPS, RHIA, or RHIT certifications a plus
- Minimum of 7 years’ experience in the legal profession, with at least five years privacy responsibility
- In-depth knowledge of US and EU, e.g., GDPR, global privacy laws and data security laws
- Experience with building and implementing a global privacy program
- Extensive experience and skill at writing policies and guidance documents supporting various business activities and conducting investigations.
- Experience working with teams across the full corporate structure in a matrixed corporate environment
Other Skills and Abilities
- Ability to write clearly and prepare professional communications
- Excellent interpersonal and conflict resolution skills and ability to work in a highly collaborative, team-oriented environment
- High level of influencing skills and ability to drive change as it relates to implementing remedial actions