Reporting to General Counsel, the Legal Counsel, Privacy will provide a full range of legal services  and legal guidance to senior leaders, faculties, schools, and administrative units to manage legal risks and enhance the University of Waterloo’s mission, with a focus on information and privacy related services.

The Information and Privacy Office and related responsibilities and accountabilities fulfill the University’s obligations under the Freedom of Information and Protection of Privacy Act (FIPPA).

Privacy Leadership and Strategic Development

• Leads a University culture of information and privacy awareness in collaboration with other stakeholders
• Provides expertise and instruction related to access and privacy information for university-wide projects, policies, and processes, delivering recommendations for ongoing improvement
• Fosters effective working relationships within the University to support the promotion and development of access to information and privacy protection
• Communicates sound and consistent advice and guidance to the campus community regarding access and privacy legislation and policies based on established principles and processes
• Represents the University before the Information and Privacy Commissioner of Ontario (IPC)
• Conducts regular environmental scans of the regulatory landscape and assess their impact on the University’s privacy program
• Reviews and analyzes records and jurisprudence, case law, and precedents
• Proactively develops strategies while exercising due diligence to avoid unnecessary legal challenges regarding privacy issues
• Creates and maintains University processes, procedures, and policies that apply to the collection, use, and disclosure of personal information

Privacy Compliance and Legal Guidance

• Provides legal expertise related to applicable provincial, federal, and international privacy law
• Investigates, analyzes, and interprets applicable privacy laws and their interaction with university policy to ensure compliance
• Reviews agreements and project charters related to the collection, use and disclosure of personal information, providing advice and guidance on best practices and potential privacy implications
• Continually research, identify, and provide updates on privacy case law, legislative requirements and legal trends
• Collaborates with General Counsel, legal counsel, and other senior leaders to initiate, develop, implement, and evaluate policies and procedures that support the University’s compliance with privacy legislation and best practices

Responsibilities under FIPPA

• Develops and maintains processes and systems that will ensure effective responses to requests for access to records submitted under FIPPA
• Completed all privacy access requests, applications, queries, assessments, breaches, training, and reporting. This includes internal, external, and third-party requests received by another institutions or Ministry
• Assesses third-party requests in collaboration with the Secretariat, VP Academic and Provost, VP Administration and Finance, VP Research and International, Institutional Analysis and Planning, Communications, and various other departments on a regular basis
• Advises and supports committees and working groups related to compliance and data breaches
• Manages requests under departmental routine access policies and facilitate proactive disclosure where appropriate

Privacy Review and Response to complaints and privacy breaches

• Investigates complaints and privacy breaches, working with various stakeholders
• Consults with the General Counsel regarding access and privacy matters and concerns, and present recommendations regarding decisions
• Directs any communication of breach responses according to the response protocols and process
• Provides all mandated reports to the Office of Information and Privacy Commissioner (IPC) of Ontario
• Leads on-going, concise communication with the Secretariat, VP Academic and Provost, VP Administration and Finance, along with departmental leadership when breaches occur
• Consults with relevant stakeholders to establish complaint and breach guidelines and documentation (Information Security Services, Information Stewards, LIS, Communications, Secretariat etc.)

Risk Identification, Assessment, and Training

• Audits and assess privacy risks associated with university activities and data processing practices
• Reviews risk assessment requests and manage Privacy Impact Assessments for new projects, systems, and processes
• Identifies and evaluates the level and likelihood of risks to determine their potential impact on providing recommendations
• Reviews and interprets privacy regulations to ensure the risk assessment process aligns with relevant privacy laws, regulations, and institutional policies
• Develops strategies to mitigate privacy risks, including technical, administrative, and university-level measures
• Oversees the education and development of training and awareness programs and material for staff, faculty, and students, fostering a culture of knowledge and accountability surrounding data protection and recognition

Operations & Systems Management

• Provides direct supervision of the Information Privacy Analyst and the Information Privacy Coordinator, including training, development, and coaching
• Maintains up-to-date knowledge and understanding of relevant privacy legislation, updating processes and procedures as changes occur
• Creates and maintains written privacy guidance for the University
• Leads revisions and proposed new policies and procedures through the approval process
• Oversees the development and maintenance of data frameworks that allow for data-driven decisions
• Supervises the collection and recording of program statistics as required for reporting and prepare annual report for the Information and Privacy Commissioner (IPC) of Ontario
• Maintains accountability  for records management

• Bachelor of Laws (L.L.B) or Juris Doctor (J.D.) or equivalent law degree is required.
• Licensed to practice law in Ontario and must be a member in good standing of the Law Society of Ontario.
• Relevant professional designation from the International Association of Privacy Professionals (IAPP) or other recognized professional body
• Minimum of 3-5 years’ experience, practicing law and providing legal advice to complex organizations
• Strong working knowledge of provincial and federal information and privacy laws
• 3+ years’ experience working with access to information and protection privacy responding to access requests, privacy complaints, information breaches, and inquiries from the community
• Project management experience in a complex environment
• Higher education or other public sector experience is an asset.
• Knowledge of a broad range of legal matters and of statutory law affecting universities
• Extensive knowledge and interpretation of the Personal Information Protection and Electronic Documents Act, the Freedom of Information and Protection of Privacy Act, and the Information and Privacy Commissioner of Ontario, including regulations and legislation, and their interplay between them and other related and relevant legislation
• Significant breadth of knowledge related to university operations; ability to understand university guidelines, policies, and practices
• Understanding of access to information and privacy protection matters, and of related legislation and policy in a university or public sector setting
• Knowledge of the legislative and procedural framework related to the development, amendment, and implementation of statutes, regulations, and by-laws
• Clear and critical thinking, with superior writing and reasoning skills, persuasiveness
• Can effectively initiate, drive, and manage change initiatives that align with organizational strategies, support legal risk mitigation, and enhance operational legal efficiencies related to privacy and data
• Conflict resolution skills with an ability to proactively identify potential conflicts and support actions to facilitate its resolution
• Competent in providing guidance and direction to support others in solving complex situations affecting the University’s business
• Sound decision maker based on a mixture of analysis, wisdom, experience and judgement, balancing risk with the likelihood of occurrence.
• Ability to collaborate across internal and external boundaries to meet common objectives, improve outcomes, and support work beyond the unit
• Ability to make decisions and recommendations that are clearly linked to the university’s strategic plan
• Effective influential and consultative skills with the ability to build strong interpersonal relationships
• Ability to adapt to evolving privacy laws and technologies affecting higher education
• Proven ability to work independently and resourcefully
• Driven by equitable, diverse, and inclusive practices

The University of Waterloo acknowledges that much of our work takes place on the traditional territory of the Neutral, Anishinaabeg and Haudenosaunee peoples. Our main campus is situated on the Haldimand Tract, the land granted to the Six Nations that includes six miles on each side of the Grand River. Our active work toward reconciliation takes place across our campuses through research, learning, teaching, and community building, and is co-ordinated within our Office of Indigenous Relations.

The University values the diverse and intersectional identities of its students, faculty, and staff. The University regards equity and diversity as an integral part of academic excellence and is committed to accessibility for all employees. The University of Waterloo seeks applicants who embrace our values of equity, anti-racism and inclusion.  As such, we encourage applications from candidates who have been historically disadvantaged and marginalized, including applicants who identify as First Nations, Métis and/or Inuk (Inuit), Black, racialized, a person with a disability, women and/or 2SLGBTQ+.

All qualified candidates are encouraged to apply; however, Canadians and permanent residents will be given priority.

The University of Waterloo is committed to accessibility for persons with disabilities. If you have any application, interview, or workplace accommodation requests, please contact Human Resources at hrhelp@uwaterloo.ca  or 519-888-4567, ext. 45935.