Manager

Description:

This position
will work with all TPL divisions and the City Librarian’s Office, providing advice to management and
the senior leadership team. The position will take a pro-active approach to matters of privacy, risk
and governance. This position will also respond to governance, privacy and risk inquiries both
internal and external to advise and resolve issues. The Manager of Privacy, Risk and Governance
will be a main point of contact on matters involving privacy and access for many external
organizations, including, but not limited to, the City of Toronto, partner organizations, and law
enforcement. The Manager will maintain up to date awareness and ensures organizational
compliance with privacy legislation, Board governance, external policies, trends and best
practices. This position will also lead the Enterprise Risk Management program that includes the
maintenance and update of risk registries and completion of risk impact assessments. In addition,
the position will be responsible for development TPL’s records management program.



DUTIES:

Privacy
 

Manages the privacy program for TPL, strengthening all components and ensuring
awareness for all TPL staff and management on privacy matters

Ensures organizational compliance with the Municipal Freedom of information and
Protection of Privacy Act

Advises management and senior management on matters of privacy, dealing with
significantly complex issues involving a high level of confidentiality and sensitivity, including
labour relations and human resources matters

Leads the review of disclosure policies, including updated templates and business
processes, and ensuring staff awareness

Revises TPL’s Privacy Breach protocol and manages privacy breaches coordinating with the
cyber security unit and other departments/divisions as required

Reviews and revises disclosure policies and templates, including training for managers and
staff, and communications

Leads and conducts PIAs for enterprise systems, initiatives, projects, and third party service
providers, working with internal and external stakeholders

Reviews current IT applications for privacy implications/considerations and making
actionable suggestions to mitigate risk

Conducts privacy investigations, consultations and audits
Assesses, assigns, tracks, reports and prepares responses to Freedom of Information

requests made under MFIPPA, in accordance with the legislated deadlines
Balances the right of access with the protection of personal and other confidential

information in accordance with legislation, Regulations and Orders of the Information &
Privacy Commissioner, while ensuring that specific provisions of the legislation such as
notification requirements are met

Maintains awareness of and report on trends in the field of privacy and risk, including
strategic relationships with external organizations and partners