Reports To: Senior Vice President, Legal and Corporate Secretary
Position Summary: The Legal Counsel, Privacy assists the Senior Vice President, Legal in her capacity as the Privacy Officer with the organization’s accountability and obligations under applicable privacy laws. This role will be accountable to review CAPREIT’s and its subsidiaries (collectively, “CAPREIT”) privacy program from time to time, advise regarding pending legislative changes impacting CAPREIT, assist in training CAPREIT’s employees with respect to compliance with CAPREIT’s privacy policies and practices, and protect CAPREIT’s reputation.
This role has customer facing impact - contributing positively to the full lifecycle experience of our residents/tenants, employees (and other stakeholders).
Responsibilities:
- Identify privacy obligations for CAPREIT and its Canadian and Netherland’s subsidiaries (PIPEDA, GDPR, CASL, ePrivacy, etc.), including monitoring and reporting on legislative developments
- Prepare for legislative and regulatory changes (i.e. conducting gap analysis, revising policies, processes and contracts, preparing training, preparing privacy impact assessments, etc.)
- Promote privacy by design and prepare privacy impact assessments and transfer impact assessments
- Manage cross-border data transfers
- Maintain data inventory and data flows
- Respond to privacy incidents and breaches, including investigating, remediating, logging and reporting privacy incidents and breaches
- Monitor, maintain and improve the privacy program, including creating, revising and implementing new policies and procedures
- Facilitate privacy program awareness, including developing and conducting training and preparing company-wide communications
- Coordinate fulfilment of data subject requests (access, rectification, deletion, etc.)
- Respond to disclosure requests
- Identify, recommend and implement privacy controls to mitigate risks
- Review and draft privacy-related contractual provisions
- Review and draft non-disclosure agreements
- Partner closely with IT & IT Security to accomplish complementary goals and ensure data protection
- Liaise with vendors, lawyers, consultants, auditors, etc. as required
- Other duties as assigned or that may change over time
Qualifications and Skills:
- Law degree from a recognized Canadian law school
- At least 4 years experience post-call in a privacy role
- Knowledge of Canadian and EU privacy and data protection laws
- 4+ years related experience in operationalizing privacy and data protection at an organization (in Canada and/or EU)
- Experience identifying and mitigating privacy risks
- Experience educating and persuading others, and facilitating change management
- Ability to take initiative, work well autonomously and as part of a team (as required)
- Ability to build trusting, positive and productive relationships
- Efficient and effective communication skills
- Have or working towards one or more privacy certification(s) - CIPP/C, CIPP/E, CIPM (or other)
- Ability to travel across Canada and to the Netherlands, if required.