Position Summary

The Privacy Officer leads the development, oversight, and continuous improvement of the County's access to information and privacy programs, ensuring compliance with the Access to Information Act (ATIA) and the Protection of Privacy Act (POPA).

This role serves as the organization's designated Privacy Officer and subject matter expert, providing authoritative advice on legislative requirements, managing regulatory relationships, and overseeing privacy risk, compliance, and governance frameworks.

The Privacy Officer also provides leadership to the Access & Privacy Coordinator and supports the effective administration of access to information requests and privacy processes.

Core Accountabilities

Access to Information Oversight

• Oversee and administer the County's access to information request process, ensuring compliance with legislative requirements, timelines, and internal procedures are met
• Provide direction on complex access requests, including the application of exceptions and exemptions to disclosure
• Monitor, track and report on access to information compliance metrics and obligations
• Develop proactive and routine disclosure of information processes and partner with departments on implementation

Privacy Program Leadership

• Lead the development, implementation, and continuous improvement of the County's privacy management framework
• Coordinate and support the development and implementation of privacy controls governing the collection, use, disclosure, accuracy, retention, and safeguarding of personal information, in collaboration with departments and relevant subject matter experts
• Lead and facilitate the development, review, and ongoing maintenance of Privacy Impact Assessments based on legislative requirements
• Provide organizational guidance and oversight to support the consistent application of privacy requirements across the organization in alignment with other applicable legislation, policy, and information governance practices

Risk, Compliance & Governance

• Monitor privacy risks and recommend mitigation strategies and control improvements
• Maintain program documentation and records to support accountability, auditability, and continuous improvement
• Lead the development and maintenance of governance mechanisms, including privacy policies, procedures, delegation instruments, and the Directory of Personal Information Banks
• Coordinate compliance monitoring activities and follow-up with responsible departments on identified gaps, issues, and improvement opportunities

Incident & Breach Management

• Lead the assessment and response process for privacy incidents and potential breaches, including investigation, documentation, mitigation, and remediation activities, in collaboration with affected departments and subject matter experts
• Assess regulatory notification requirements and coordinate communications with affected individuals, internal stakeholders, and oversight bodies
• Track incident trends and recommend preventative improvements

Regulatory Liaison & Advisory

• Act as the organization's designated Privacy Officer, ensuring compliance with applicable Alberta privacy and access to information legislation

• Serve as the primary liaison with the Office of the Information and Privacy Commissioner of Alberta
• Coordinate and manage inquiries, investigations, mediations, audits, and related regulatory processes
• Prepare summaries, reports, and recommendations for manager and senior leadership on regulatory matters, privacy risks, and compliance issues
• Interpret legislation and regulatory guidance and provide authoritative advice on privacy, access, and disclosure obligations, including contractual privacy considerations and best practices

Training & Awareness

• Design, coordinate and deliver privacy and access to information training and awareness initiatives across the organization
• Promote a culture of privacy, accountability, and information stewardship
• Support the integration of privacy considerations into business initiatives, partnerships, research and data-sharing activities

Team Leadership

• Provide leadership, direction, consultation and strategic advice to Access & Privacy Coordinator, including support on complex, sensitive or escalated access and privacy matters
• Establish and maintain processes, standards, and quality controls for access and privacy activities
• Escalate significant risks, issues or compliance concerns to senior leadership as required

General

• Perform other duties and special projects as assigned.

Position Requirements

Completion of a degree in law, business, public administration, information management, public policy or a related field along with a minimum of five years of progressively responsible and diversified experience in access to information, privacy, information governance, legal, regulatory or compliance.

• Strong understanding of Alberta and federal privacy legislation such as ATIA and POPA
• Hands-on experience managing access to information requests supporting or leading PIAs and advising on disclosure decisions
• Experience responding to privacy incidents or breaches and liaising with regulatory bodies including the OIPC of Alberta is preferred
• Demonstrated ability to translate legal and privacy requirements into operational practice
• Strong analytical and problem-solving skills with sound judgment and attention to detail
• Excellent writing editing and document management skills
• Ability to manage multiple priorities and shifting deadlines
• Strong interpersonal and communication skills with the ability to build effective relationships.
• Proficiency with Microsoft Office and familiarity with contract management or privacy compliance tools
• Ability to work independently with minimal supervision and collaborate within cross-functional teams

We thank applicants for their interest. Only those selected for an interview will be contacted.

Applications can be submitted online at www.rockyview.ca/careers.
We only accept resumes and additional application documents through our online recruitment system. In-person applications, email or other online forms will not be considered

Closing Date: Posting will remain open until a suitable candidate is found, therefore we recommend applying as soon as possible. Interviewing and hiring may commence prior to the posted closing date.