Associate, Privacy and Access to Information, Canadian Blood Services, Ottawa, Ontario


  • Act as a primary point of contact and technical expert on privacy-related enquiries and requirements.
  • Advise business teams and stakeholders on the key elements for implementing effective privacy capabilities and practices in a digital environment, including data analytics and governance.
  • Conduct privacy impact assessments, ensuring risk mitigation recommendations are identified, prioritized, escalated and implemented effectively and efficiently.
  • Develops solutions that support business issues, ensuring privacy and other related risks are adequately identified and addressed.
  • Oversee standardized auditing and reporting processes, to ensure compliance by service providers and business teams.
  • Investigate, respond to, and report with integrity alleged violations of privacy and privacy breaches, ensuring regulatory requirements are met.
  • Ensure accurate and thorough responses are provided to privacy and access requests, including complaints filed with privacy and access regulators.
  • Provide privacy expertise for the corporate procurement process, including development of standard agreements.
  • Assist with designing, developing and maintenance of the privacy program framework through program policies, guidelines, audit activities and performance measurement including mechanisms to monitor and verify compliance with privacy and other related legal and regulatory obligations.
  • Ensure program outputs, including success metrics and program performance evaluation, are fully documented.
  • Promote privacy and access awareness and best practices, including responsible use of digital information assets, through formal training of employees to and other awareness activities.
  • Collaborate and build relationships with internal privacy stakeholders, including information security.
  • Identify and evaluate emerging privacy issues, trends and changes in the privacy regulatory environment.

Required Skills:

  • Completion of a degree in a related field or a combination of education, training and experience deemed equivalent.
  • An industry recognized privacy designation is required.
  • Minimum 4 years’ demonstrated experience in privacy and access, preferably in a health information environment.
  • Experience responding to and investigating privacy incidents.
  • Experience conducting privacy impact assessments, including knowledge of privacy by design principles.
  • Experience in developing and evaluating privacy risk management and mitigation plans.
  • Knowledge of audit and monitoring functions in relation to privacy controls and measures is desirable.
  • Knowledge of digital marketing, information security, and information management or information technology is an asset.
  • Familiarity with the emerging challenges of implementing artificial intelligence responsibly is an asset.
  • Strong organizational and time management skills; able to prioritize multiple competing tasks.
  • Ability to take initiative and be proactive in identifying opportunities to support and enhance respect for privacy.
  • Ability to work independently.
  • Ability to exercise a high degree of professionalism and discretion when working with confidential information.

Application Submission Information: