Search using our robust engine. Get the recommendations you need to get ahead.
Browse through our expansive list of legal practice areas.
Work where you are or where you would like to be. Find where you will work with LawCrossing.
Use our marketplace to feature your opportunity
Start your search today
Set up your account and manage your company profile on LawCrossing
Look through and compare company profiles
Learn from the legal expert
Discover salaries and the scope of your next job
LawCrossing Works Read Testimonials and Share your Story
Do Not Be Influenced by Others’ Negative Opinions of You
Public Interest
Attorney
Data Privacy
7-10 yrs required
Senior Counsel - Privacy Duties: Reporting to the General Counsel, the Privacy Official and Senior Counsel (Privacy Official) leads and oversees the Society’s enterprise-wide privacy program. Will serve as the central knowledge base and authority regarding the Society’s collection and protection of data regarding donors, volunteers, staff, cancer patients, caregivers, research participants and other constituents to ensure consistency and compliance. Responsible for continual oversight and enhancement of Society’s privacy program, and management of all the essential elements including privacy risk assessments, response plans, policies and procedures, training, communications, auditing, monitoring and metrics. In addition, the Privacy Official will provide legal counsel to the Society on issues related to federal, state, and international privacy-related laws and industry best practices as applicable to the Society. Will work closely with Enterprise Planning and Business Integration, Information Technology, Research, Cancer Control Science, Marketing, Development, and other departments to proactively develop and monitor internal practices and controls to manage, detect and mitigate privacy risks. Will also work closely with Internal Audit Services to resolve privacy related compliance issues. Heavily matrixed among the Information Security and Legal Departments, and a moderate amount of joint reporting will exist. Oversee the maintenance of and adherence to the Society’s privacy policies and procedures. Develop and implement enterprise-wide privacy training programs and guidance for Board, executives, staff and volunteers. Initiate, facilitate and promote activities to foster information privacy awareness and practices within the Society. Counsel Society departments including Talent Strategy, Finance, IT, Cancer Control, Marketing and Research on the privacy implications of existing and proposed activities and the best practices to mitigate privacy risks and ensure compliance with specific privacy and corporate requirements. Receive and respond to complaints and/or questions related to any aspect of the Society’s privacy program and ensure timely resolution. Perform periodic privacy risk analyses of Society policies and procedures, staff activities, and training programs; determine remediation priorities and resources necessary to address existing or potential privacy and other compliance issues and problems. Review and negotiate third party agreements with vendors, collaborators, etc. to ensure appropriate privacy and compliance terms, including Business Associate Agreements and Data Use Agreements, when appropriate. Serve as key member and Legal lead of the Society’s Data Breach Incident Response Team. Maintain current knowledge of applicable federal and state privacy laws, accreditation standards and industry best practices, and ensure Society compliance. Evaluate legislative and regulatory requirements and proposals as they relate to the Society’s activities and policies to determine their impact on the Society. Proactively evaluate and prioritize initiatives to enhance the Society’s privacy program and mitigate associated risks. Undertake additional tasks as necessary to ensure the protection of constituent data and preservation of the public trust. Co-chair the Information Security & Privacy Steering Committee and perform responsibilities as required.
Qualification and Experience
Requirements: Must have an undergraduate degree and JD Degree. CIPP certification preferred 7 – 10 years relevant experience. Knowledge and understanding of federal, state, and international privacy laws and regulations (e.g., HIPAA, CAN SPAM, state data breach laws, COPPA, etc.). Skill in examining and re-engineering operations and procedures, formulating policy, and developing and implementing new strategies and procedures. Experience in building effective training programs around privacy policies and compliance. Understanding of information technology systems and applications associated with Society data. Preferred: Experience with legal issues related to research, including informed consent, IRB approval process, data sharing, human subjects research protections.
Sign Up Now