Support PDF,DOC,DOCX,TXT,XLS,WPD,HTM,HTML fils up to 5MB
Years of Experience
Date Last Verified
ProfileVice President and Global Chief Privacy Officer The candidate reports directly to the Senior Vice President and General Counsel. Works closely with the Chief Compliance Officer, and Associate General Counsel Legal Americas, EMEA and APAC, and Global Business Units, and all corporate and regional senior executives to ensure full compliance with all applicable privacy laws and regulations globally. In particular, the CPO will be responsible for continuing to develop/ enhance the Company's global privacy program. Interact with virtually all departments across Baxter on a global basis. Currently manages two data privacy compliance specialists, although that could increase in the future. Develop and coordinate an organization-wide privacy risk management and compliance framework and governance structure by undertaking a comprehensive review of the Company's data and privacy process and procedures for each applicable business function to ensure that they are consistent with relevant laws and regulations and the Company's privacy and data security goals and policies. Develop, manage and assist in the implementation and maintenance of the Company's information privacy policies and procedures to ensure that business activities are consistent with them. Provide leadership in the design and evaluation of privacy and security related projects so that new business activities are developed with privacy by design principles in mind. Establish a mechanism to track access and retention of protected health information maintained by the Company. Develop privacy training materials and other communications to train employees and third parties, as appropriate, on company privacy policies, data handling practices and procedures and legal obligations. Collaborate with internal audit to establish an internal and external privacy audit program. Ensure timely adoption and execution of all GDPR data privacy compliance requirements. Work with business teams and senior management to ensure awareness of "best practices" on privacy and data security issues. Collaborate on cyber privacy and security policies and procedures. Interface with Senior Management to develop strategic plans for the collection, use and sharing of information in a manner that maximizes its value while complying with applicable privacy regulations. Leading the cross-regional Local Privacy Officer network to embed the privacy program into the organization; Assist business units with development of tools and methodologies to ensure ongoing compliance. Provide strategic guidance to corporate officers regarding information resources and technology. Assist the Chief Information Officer with the development and implementation of an information infrastructure. Serve as the information privacy liaison for users of technology systems. Act as a liaison to the information technology department. Collaborate with the legal department on privacy issues relating to business partner contracts and product-related activities. Assure that the use of technologies maintain, and do not erode, privacy protections on use, collection and disclosure of personal information. Monitor systems development and operations for security and privacy compliance. Conduct privacy impact assessments of proposed rules on the privacy of personal information, including the type of personal information collected and the number of people affected. Conduct periodic information privacy impact assessments and ongoing compliance monitoring activities in coordination with the organization's other compliance and operational assessment functions including the Compliance Monitoring Team. Review all system-related information security plans to ensure alignment between security and privacy practices. Work with all organization personnel involved with any aspect of release of protected information to ensure coordination with the organization's policies, procedures and legal requirements. Develop, implement and train on the Company's Incident Response Plan. Mitigate effects of a use or disclosure of personal information by employees or business partners by ensuring the implementation of an incident response plan. Administer action on all complaints concerning the organization's privacy policies and procedures in coordination and collaboration with the Compliance Investigation Team and, when necessary, legal counsel.
Qualification and Experience
The candidate must have 10+ years' experience in the legal profession, with at least five years working in or with pharmaceutical companies on healthcare privacy related activities, or actual experience as a CPO in a major health care company. In-depth knowledge of US and EU privacy laws related to the pharmaceutical and clinical research industry is essential. Experience with building and implementing a global privacy program is essential. Should have extensive experience and skill at writing policies and guidance documents supporting various business activities and conducting investigations. Law degree from an accredited institution required. lAPP Certifications such as CIPP/US, CIPP/E and/or CIPP/M, or CHPS, RHIA, or RHIT certifications a plus.