- Job Title: Senior Information and Privacy Manager
- Work Unit: Mediation and Investigation
- Ministry: Alberta Office of the Information and Privacy Commissioner
- Competition Number: 1056219
The Information and Privacy Commissioner (the Commissioner) is an Officer of the Legislature and reports directly to the Legislative Assembly. The Commissioner and the Office of the Information and Privacy Commissioner (OIPC) are independent of the Government of Alberta and provide oversight of Alberta’s public, health and private sectors to ensure compliance with the Freedom of Information and Protection of Privacy Act (the FOIP Act), the Health Information Act (HIA), and the Personal Information Protection Act (PIPA).
Reporting to the Director, the position assists the Commissioner in the performance of her legislative and regulatory responsibilities set out in the Acts. Through relationship building, strong leadership and effective mediation/investigation and communication skills, the position influences and effects change in the development and implementation of initiatives, programs, policies, goals and proposed legislative schemes in the public, health and private sectors.
The position is authorized to:
- review the decisions of the “head” of the public body/organization/custodian;
- mediate and attempt to resolve disputes between parties;
- issue findings and make recommendations to the head or the head’s representative;
- review and comment on initiatives, policies, procedures and practices of public bodies, health custodians (custodians) and private sector organizations (organizations);
- consult and advise on complex and multi-jurisdictional access and privacy issues;
The position educates and informs stakeholders (including the public, public bodies, organizations and custodians) on access and privacy matters; conducts presentations, workshops and information sessions about the practical application of the Acts; assists in the development of educational/guidance materials and tools; and responds to enquiries from public bodies, custodians, organizations, non-profits, community groups, members of the public, elected officials, special interest groups and media on rights and obligations under the three Acts.
The position also liaises with other jurisdictions on current and emerging issues and collaborates on joint investigations and initiatives on matters that cross provincial borders.
The position works independently and collaboratively in a team environment.
The work performed by the position is integral to the Commissioner’s ability to ensure the privacy and access rights of Albertans are upheld; ensure that public bodies/organizations/custodians comply with their duties and responsibilities under the Acts; and, provide fair, independent and impartial reviews. The position’s specific accountabilities include:
Mediating and resolving disputes (including politically sensitive and adversarial matters) involving applicants (persons requesting records/information), complainants, third parties, public bodies, custodians and organizations.
- Clarifying issues and defining jurisdiction and application of legislation.
- Interpreting and applying relevant statutes, regulations, policies and OIPC decisions.
- Analyzing complex situations and information (including highly sensitive, confidential and privileged information) to make recommendations and findings.
- Reviewing and investigating decisions (including actions and failures to act) of the heads of public bodies, custodians and organizations in response to access to information requests or correction of personal/health information requests and in relation to the collection, use and disclosure of personal or health information.
- Acquiring relevant and pertinent information from parties and applying the provisions of the Acts to the facts while considering the relevant circumstances.
- Making findings and recommendations on how to achieve compliance.
- Producing written findings and recommendations that may be published.
Reviewing and investigating public bodies, custodians and organizations for legislative compliance.
- Consulting, commenting on, and making recommendations regarding legislation, initiatives, policies, procedures and practices on a broad range of subject matters e.g. collection/use/disclosure of personal/health information; privacy and security risk mitigation; technology; training and awareness; research; data matching; information sharing; information management; and records retention and disposition.
- Reviewing and commenting on privacy impact assessments and making recommendations.
- Investigating privacy breaches and self-reported breaches (including evaluating risks of harm to affected individuals; making recommendations regarding notifying affected individuals; requiring the implementation of security measures to ensure future compliance).
- Conducting information security audits or privacy compliance reviews of programs and initiatives of public bodies, custodians, and organizations.
- Producing written findings and recommendations that may be published.
- Informing the Directors, Assistant Commissioner and Commissioner about access and privacy issues of significance.
Educating and informing the public and public bodies, custodians and organizations on the Acts
- Preparing and issuing public documents such as investigation reports, case summaries and practice notes.
- Researching, writing and developing educational/guidance materials and tools.
- Conducting presentations, workshops and information sessions regarding the rights and practical application of the Acts.
- Speaking at conferences.
- Developing relationships with public bodies, custodians, organizations and other stakeholder groups, including participation at meetings (e.g. network meetings).
- Responding to media queries as required.
- Responding to enquiries.
Conducting and/or leading research projects when required by the Director, Assistant Commissioner or Commissioner
- Researching and reviewing relevant materials, cases and legal decisions/rulings;
- Compiling and analyzing statistics and results;
- Producing reports and developing guidance tools to assist and inform the public or stakeholders (public bodies, custodians and organizations).
Managing a diverse and demanding workload in a timely and efficient manner.
Knowledge / Experience
University degree in a relevant field and 6 years of progressively responsible related experience. Equivalencies will be considered.
- Expert knowledge of access and privacy laws and principles, and particularly FOIP, HIA and PIPA.
- Experience in interpreting and applying legislation.
- Knowledge of trends, developments, issues, legal decisions and precedents relating to access, privacy, security and information technology.
- Knowledge of the rules of natural justice and administrative fairness.
- Knowledge and experience in two-party/multi-party dispute resolution techniques and interviewing methods.
- Investigation experience, including the ability to prepare investigative plans, gather evidence, conduct interviews, analyze information, and make finding and recommendations on complex and sensitive issues, preferably in areas related to information access, privacy and security.
- Experience in information security auditing and/or privacy compliance reviews.
- Management-level knowledge of information security best practices and technologies. Experience with complex or multi-stakeholder information technology and information sharing initiatives.
- Ability to establish and build effective relationships with stakeholders, including the public, media, interest groups and senior level representatives in the public/health/private sectors and other jurisdictions.
- Ability to manage a complex, diverse and demanding workload, including setting and adjusting workload priorities and tasks in response to increasing demands and changing issues.
- Experience with computer programs including word processing and file tracking programs.
- Superior verbal and written communication skills and the ability to explain legislation and complex legal and factual issues in terms that are understandable to parties.
- Superior interpersonal skills, including the ability to manage conflict, maintain objectivity in politically sensitive or adversarial situations, demonstrate tact and diplomacy.
Leadership and Business Know-How
The position must apply the legislation in a complex and multi-stakeholder environment.
The access and privacy legislative framework in Alberta is extremely complex. The FOIP Act applies to the public sector. HIA applies to the health sector and PIPA applies to the private sector. However, there are public bodies subject to the FOIP Act that are also custodians under HIA. In addition, dependent on contractual or agency relationships, private sector organizations may be “employees” of public bodies for the purposes of FOIP or “affiliates” of custodians under HIA. The application of the legislation becomes more complicated given the increasing partnerships involving public, health and private sectors. The position provides leadership in clarifying the application of the legislation to various parties/initiatives.
In addition to the complexity of the legislative framework and the public bodies/custodians/organizations subject to the legislation, the position provides leadership in ensuring that legislated information rights of persons to access information, third parties to object to the disclosure of their information, and individuals to file privacy complaints are upheld.
Under the three Acts, parties may ask the Commissioner to review any matters in relation to their access to information requests or complaints with respect to the collection, use or disclosure of personal/health information. The mediation and investigation function performed by this position is integral to the Commissioner’s legislated oversight mandate as it is the first phase of the review process for the OIPC, and over 80% of disputes are resolved at this stage. The mediation and investigation process is complex given the competing and diverse interests, needs and agendas of multiple parties.
The position reviews decisions and actions of the “heads” of public bodies, custodians and organizations.
The “head” of public bodies, custodians and organizations are typically: ministers, deputy ministers, Chief Administrative Officers, Chief Executive Officers, corporate Presidents, etc.
The position must independently determine issues, relevant circumstances, gather the requisite supporting information and documentation, analyze complex matters and make sound and reasonable findings and recommendations. While the position may seek input from colleagues, the Director, other Directors, Legal Counsel and the Assistant Commissioner, the position is ultimately responsible for making findings and recommendations.
The position must not only interpret and apply the relevant provisions of the Acts correctly but must also consider Orders and decisions issued by the OIPC and the courts to assist in their review and findings. The position may also need to consider if other Alberta legislation or Orders/decisions from other Canadian jurisdictions are relevant.
The position must show leadership in building effective relationships with stakeholders (this includes public bodies, health custodians, organizations, non-profits, public, elected officials, etc.).
The position utilizes his/her expert knowledge of the application of the Acts and understanding of the challenges and issues of the stakeholders to build effective relationships in order to influence and effect change in initiatives, policies and procedures for the public body, organization or custodian. The position’s findings and recommendations are not limited to the respective public body/custodian/organization but can also influence and effect change throughout a sector or among industry groups, at provincial, national and even international levels.
The position provides advice and guidance to stakeholders
The position must be aware of the latest trends, developments, issues, legal decisions and precedents relating to access, privacy, security and information technology so as to provide guidance and advice to public bodies, custodians and organizations through consultation, published guidance resources, presentations at conferences and workshops, participation on committees or working groups, etc. The position advises on access and privacy best practices, especially with respect to the design and implementation of new and emerging technologies and information management initiatives.
The position must effectively manage a significant and diverse caseload.
The position must effectively manage a constantly changing and diverse caseload in addition to special projects and other work that may be assigned to this position. The position is responsible for monitoring the timelines with respect to their caseload to ensure that the obligations placed on the Commissioner under the Acts are complied with.
The position can be a resource to other staff within OIPC or act as project manager/business analyst.
The position can provide expertise in specific areas to assist or mentor other OIPC staff. The position may also be required to lead working groups engaged to analyze, design, develop and implement new work processes and tools to support investigative and reporting activities of the OIPC. This requires the position to effectively lead and manage the participants in the working group to achieve the required objectives.
This position relies on the Alberta’s three access and privacy laws; orders, investigation reports or guidance documents issued by the OIPC; established OIPC policies and procedures; and orders and related guidance documents from other Canadian jurisdictions with substantively similar access and privacy legislation. This position works with a significant degree of independence but needs to consult with the Director, Legal Counsel and the Assistant Commissioner on matters that have not been previously addressed by OIPC or that may impact other program areas.
The position must interpret and apply legislation to the circumstances of the matter under review or investigation in arriving at findings and recommendations. Resolving disputes between multiple parties can be complex given competing and diverse interests and agendas. Furthermore, the trend towards integrated information sharing and citizen centered delivery of programs increases the complexity of issues that this position must address and resolve – resulting in findings and recommendations that can cross public, health and private sectors.
Interpretation of the Acts can be a complex matter and can depend on relevant circumstances. As a result, the position must use analytical, interpretive and creative skills to arrive at findings and recommendations.
The individuals and parties that approach the OIPC are often very frustrated and can be extremely suspicious of the public body, organization or custodian with whom they have concerns. The position must acknowledge and validate their rights to request a review or file a complaint, must build an effective relationship with the applicant/complainant/third party and with the public body/custodian/organization and must be able to convey outcomes to the parties to the dispute in a manner that is conducive to resolving the matter. A high degree of finesse is required.
The position must be able to apply access and privacy principles and best practices to the design and implementation of new technologies and information management initiatives. This requires knowledge of the latest trends, developments, issues, legal decisions and precedents relating to access, privacy, security and information technology.
Relationships / Contacts
|Clients||Frequency||Nature and Purpose of Contact|
|Assistant Commissioner Director, Legal Counsel||As required||Inform, seek advice, make recommendations|
|Other OIPC staff||Daily||Inform, collaborate, and consult|
|Members of the public; government ministries, boards and agencies; post-secondary institutions; schools; municipalities; law enforcement; health custodians and providers; professional regulatory bodies and associations private sector organizations and business; complainants; applicants (which include elected officials, the public and members of the press); third parties, media, special interest groups and non-profit organizations||Daily||Respond to queries. Review and Investigate requests for review and complaints. Clarify and resolve disputes. Convey findings and recommendations on compliance. Determining jurisdictions and issues that fall under OIPC jurisdiction. Inform and educate.|
|Other jurisdictions||As required||Liaise, consult, collaborate|
Impact and Magnitude of Job (Scope)
The position liaises, consults, and comments on schemes, initiatives, information systems, policies and procedures in the public, health and private sectors concerning information access, privacy and security matters. The position also investigates matters related to the decisions, acts and failures to act of the head of public bodies, organizations and health custodians. The majority of these disputes are resolved by the position, thereby avoiding the more costly inquiry process.
Typical results achieved include: affirmation that a public body/custodian/organization is in compliance with the Acts; disclosure of additional information; reduction or waiver of fees; changes in policies/procedures/practices of public bodies/custodians/organizations; implementation of measures to protect personal/health information from risks including unauthorized collection, use, disclosure or destruction; notification of affected individuals (following a privacy breach); redesign of information systems.
The position can also influence and effect significant changes to initiatives, policies, goals, proposed schemes and operations and resources of public bodies, custodians and organizations; and impact the informational rights of persons (regardless of where they reside in the world). In addition, the position’s findings and recommendations can have sector and cross-sectoral implications, as well as national and even international impacts.
The position’s findings and recommendations directly impact how the Commissioner and the OIPC is perceived by the public, applicants/complainants/third parties and stakeholders. Results of reviews and investigations directly contribute to the privacy and access rights enjoyed by the public and to ensuring public bodies, custodians and organizations comply with their statutory duties.
The findings and recommendations are regularly reported by the media and can create significant reputational damage to the public bodies, custodians and organizations involved and can have significant cost implications for those entities to correct the deficiencies identified in the findings.
Work on offence investigations can lead to individuals being charged and fined.
The Government of Alberta is committed to a diverse and inclusive public service that reflects the population we serve to best meet the needs of Albertans. Consider joining a team where diversity, inclusion and innovation are valued and supported. For more information on diversity and inclusion, please visit the Diversity and Inclusion Policy.