Reporting to the General Counsel, the Privacy Official and Senior Counsel (Privacy Official) leads and oversees the American Cancer Society’s (ACS) enterprise-wide privacy program. The Privacy Official will serve as the central knowledge base and authority regarding the Society’s collection and protection of data regarding donors, volunteers, staff, cancer patients, caregivers, research participants and other constituents to ensure consistency and compliance. The Privacy Official is responsible for continual oversight and enhancement of the American Cancer Society’s privacy program, and management of all the essential elements including privacy risk assessments, response plans, policies and procedures, training, communications, auditing, monitoring and metrics. In addition, the Privacy Official will provide legal counsel to the Society on issues related to federal, state, and international privacy-related laws and industry best practices as applicable to the Society.The Privacy Official will work closely with Enterprise Planning and Business Integration, Information Technology, Research, Cancer Control Science, Marketing, Development, and other departments to proactively develop and monitor internal practices and controls to manage, detect and mitigate privacy risks. The Privacy Official will also work closely with Internal Audit Services to resolve privacy related compliance issues. This position is heavily matrixed among the Information Security and Legal Departments, and a moderate amount of joint reporting will exist.
- Oversee the maintenance of and adherence to the Society’s privacy policies and procedures.
- Develop and implement enterprise-wide privacy training programs and guidance for Board, executives, staff and volunteers.
- Initiate, facilitate and promote activities to foster information privacy awareness and practices within the Society.
- Counsel Society departments including Talent Strategy, Finance, IT, Cancer Control, Marketing and Research on the privacy implications of existing and proposed activities and the best practices to mitigate privacy risks and ensure compliance with specific privacy and corporate requirements.
- Receive and respond to complaints and/or questions related to any aspect of the Society’s privacy program and ensure timely resolution.
- Perform periodic privacy risk analyses of Society policies and procedures, staff activities, and training programs; determine remediation priorities and resources necessary to address existing or potential privacy and other compliance issues and problems.
- Review and negotiate third party agreements with vendors, collaborators, etc. to ensure appropriate privacy and compliance terms, including Business Associate Agreements and Data Use Agreements, when appropriate.
- Serve as key member and Legal lead of the Society’s Data Breach Incident Response Team.
- Maintain current knowledge of applicable federal and state privacy laws, accreditation standards and industry best practices, and ensure Society compliance.
- Evaluate legislative and regulatory requirements and proposals as they relate to the Society’s activities and policies to determine their impact on the Society.
- Proactively evaluate and prioritize initiatives to enhance the Society’s privacy program and mitigate associated risks.
- Undertake additional tasks as necessary to ensure the protection of constituent data and preservation of the public trust.
- Co-chair the Information Security & Privacy Steering Committee and perform responsibilities as required.
- Minimum of 7 – 10 years relevant experience. Knowledge and understanding of federal, state, and international privacy laws and regulations (e.g., HIPAA, CAN SPAM, state data breach laws, COPPA, etc.)
- Skill in examining and re-engineering operations and procedures, formulating policy, and developing and implementing new strategies and procedures
- Experience in building effective training programs around privacy policies and compliance
- Understanding of information technology systems and applications associated with Society data
Preferred:
- Experience with legal issues related to research, including informed consent, IRB approval process, data sharing, human subjects research protections
Demonstrates Legal Competencies:
- Business insight - Applies knowledge of business and the marketplace to advance the organization’s goals.
- Manages complexity - Makes sense of complex, high quantity, and sometimes contradictory information to effectively solve problems.
- Optimizes work processes - Knows the most effective and efficient processes to get things done, with a focus on continuous improvement.
- Ensures accountability - Holds self and others accountable to meet commitments.
- Interpersonal savvy - Relates openly and comfortably with diverse groups of people.
- Organizational savvy - Maneuvers comfortably through complex policy, process, and people-related organizational dynamics.
- Instills trust - Gains the confidence and trust of others through honesty, integrity, and authenticity
Other Skills:
- Strong analytical and critical thinking skills and the ability to analyze, summarize, and effectively present information to all levels of the organization, from Board level to junior field staff
- Excellent verbal and written communication skills and ability to tailor communications to audience to ensure understanding
- Strong team building and leadership skills
- Strong interpersonal skills and the ability to work effectively with a wide range of individuals and constituencies in a diverse community
- Exceptional judgment
- Highly motivated, self-directed, outgoing, and personable with the ability to consult and interface with senior executives
- Familiarity with a variety of on-the ground concepts, practices, and procedures
- Openness to new challenges
- Ability to represent the Society publicly with respect to privacy and data security issues
SPECIALIZED TRAINING OR KNOWLEDGE:
- JD
- CIPP certification preferred but not required
We are committed to providing staff with fulfilling opportunities to learn, grow and make an impact in their local communities. We offer staff a generous paid time off policy; medical, dental and retirement benefits, and professional development programs to enhance staff skills.