Privacy & Records Management Specialist

McMaster University - Hamilton, ON (25 days ago)

Apply Now

Department, Unit or Project Description:

The University Secretariat provides strategic and operational support to McMaster’s governing bodies, namely the Board of Governors and the Senate and their committees. The department ensures that McMaster fulfills its obligations under the Freedom of Information and Protection of Privacy Act (FIPPA) and administers hearings held under the University’s legislation and by-laws. Staff provide policy interpretation and procedural advice to all members of the McMaster community.

Job Summary:

The Privacy and Records Management Specialist is the University's subject matter expert to ensure legislative compliance with the Freedom of Information and Protection of Privacy Act (FIPPA) and the Personal Health Information Protection Act (PHIPA). The role receives, interprets, coordinates and delivers on all of McMaster's access to information requests, ensuring legislated timelines and responses are in compliance. The Specialist serves as a consultant to the University community on policies, procedures or practices related to privacy or records management compliance. The Specialist takes a proactive role in recommending effective records management processes for University departments. The Specialist provides training and education to the University community to increase awareness on compliance obligations related to privacy and records management. This role requires the incumbent to work with diverse constituencies, often handling complex and sensitive information.

The Privacy and Records Management Specialist must earn the confidence of the University community such that they will be consulted on privacy and records management issues. The Specialist must have a knowledge of legislative requirements and must maintain an ongoing awareness of developments in the area, and the implications of those developments for the University.

The Privacy and Records Management Specialist reports directly to the University Secretary and displays a high degree of professionalism and discretion throughout their duties.


Privacy (70%):

  • Provides authoritative advice on the University’s obligations under Freedom of Information and Protection of Privacy Act (FIPPA) and Personal Health Information Protection Act (PHIPA). (FIPPA and PHIPA are collectively referred to “Privacy Law”.);
  • Provides information, guidance and advice to the University community and general public regarding questions about privacy and information access requests at McMaster;
  • Responds to the University's access for information requests, ensuring compliance with Privacy Law;
  • Provides guidance and information to requestors (both internal and external to the University) with their access requests;
  • Directs and coordinates the retrieval of information relevant to access requests with staff, faculty, and administration;
  • Prepares responses to requests for information through review and consolidation of retrieved information;
  • Coordinates responses to privacy breaches at the University through the collection of relevant information and providing subject matter expertise to Senior Leadership for informed decision making;
  • Prepares representations and other documentation requested by the Information and Privacy Commissioner of Ontario’s office in cases of appeals or mediation;
  • Interprets Privacy Law in order to make informed decisions regarding the application of exemptions and exclusions to the information requested if applicable, including researching relevant orders and judicial review decisions;
  • Works with legal counsel as necessary to interpret Privacy Law and case law;
  • Provides consultation to the University community through Privacy Risk Assessments and conducting of ongoing monitoring of activities;
  • Maintains confidentiality when working with sensitive and/or confidential information;
  • Liaise with staff and management on the interpretation and application of legislation;
  • Participates on various committees and working groups, such as the Infrastructure & Information Security Technology (IISC), for the purposes of ensuring that privacy obligations are understood and that privacy is considered appropriately;
  • Works with staff and faculty responsible for procuring and implementing technology solutions, to evaluate and provide recommendations on privacy requirement through Privacy and Security Impact Assessments (PSIA) of Information Technology solutions, both on-premise and hosted;
  • Contributes to the development of procedures and process for the evaluation and approval of technology that has an impact on the University’s use and collection of personal and confidential information;
  • Communicates regularly with privacy and access staff at other Ontario universities through regular Council of Ontario Universities teleconferences and meetings;
  • Keeps up to date with new developments in Privacy Law, as well as directives from the Office of Information and Privacy Commissioner of Ontario; and,
  • Acts as privacy/information subject matter expert on relevant committees and working groups.

Records Management (30%):

  • Contributes and assists with campus efforts to develop a data governance framework, through researching and recommending best practices;
  • Evaluates and develops effective records management policies, procedures, and plans for the University Secretariat Office;
  • Serves as a contact to the University community on records management and retention best practices;
  • Consults with departments on the development of records management governance and policies;
  • Advises on and recommends best practices for records management to campus units, particularly in relation with Privacy Law;
  • Provides advice and assistance to units in the implementation of records management procedures and practices, including assisting with file plans, retention schedules, and the management of records;
  • Promotes and encourages awareness of the role and importance of records management in the University community through training, education and effective communication principles;
  • Provides subject matter expertise on record management to relevant committees and working groups;
  • Contributes to the records management profession within and beyond the higher education sector to ensure the University approaches and practices remain current;
  • Continually monitors changes and new developments in provincial and federal statutes and regulations that affect the management and retention of university records.


  • Keeps abreast with relevant legislation, e.g., Canadian Anti-Spam Legislation (CASL), and General Data Protection Regulations (GDPR) and provides advice and guidance;
  • Works with staff and management to interpret and apply relevant legislation to University practices.

Training & Education:

  • Develops and makes available a training program that ensures all levels of University personnel are aware of their privacy, freedom of information, records management and CASL obligations and responsibilities;
  • Develops and delivers orientation and training programs for University personnel on issues related to protection of privacy, freedom of information and records management;
  • Develops outreach and training materials to educate the University community on best practices for protecting the privacy of personal information and best practices for records management; and
  • Collaborates with other units as required to develop training, tools, templates, bulletins and communication plans.



Undergraduate degree required with graduate degree and/or certification in a related field e.g., Certified Information Privacy Professional (CIPP), Records and Information Management, Archival studies, Information Science, etc. CRM designation or in process an asset.


  • Several years of relevant experience, preferably in a public sector environment;
  • A strong record of privacy and/or record management work, preferably within the post-secondary environment;
  • Experience working with diverse stakeholders within a complex decentralized environment;
  • Experience with providing direction and feedback to others;
  • Experience working with lawyers and reviewing and interpreting relevant statues, regulations and case law;
  • Direct knowledge of FIPPA/PHIPA


  • Strong communication skills including the ability to explain complex matters in plain language and the ability to write properly, clearly and succinctly in a variety of formats (policies, procedures, bulletins, training guides, etc.);
  • Exceptional organizational skills and the ability to work independently while coordinating one’s own work with that of several offices;
  • Proven ability to manage competing deadlines, prioritize, recognize urgent matters amongst multiple requests, and apply problem-solving skills to successfully deliver expedient outcomes simultaneously;
  • Ability to deliver training workshops to a broad spectrum of participants on complex matters;
  • Strong interpersonal and communication skills (written & oral);
  • Demonstrated research and analytical skills;
  • Demonstrated ability to deal with sensitive and confidential information in an appropriate and effective manner;
  • Capacity for independent and sound judgement, diplomacy ad discretion;
  • Familiarity with information technology as it relates to matters of privacy, security, and protection of personal information;
  • Ability to work independently with minimum supervision, and as a member of a team;
  • Understanding of the business requirements of an academic institution and the ability to identify the needs of university departments;

Leadership Effectiveness:

McMaster’s core leadership capabilities are designed to nurture employee engagement through best people practices. All leaders will demonstrate these Leadership Capabilities by: Taking a Strategic Approach; Communicating and Collaborating; Developing People; Investing in Relationships; Championing Change and Innovation; and Driving Results.

Job Types: Full-time, Permanent

Salary: $79,988.00 to $119,982.00 /year


  • Records Management: 3 years (Preferred)
  • Developing Training & Education Programs: 3 years (Preferred)
  • Privacy: 3 years (Required)
  • Compliance: 3 years (Preferred)


  • Bachelor's Degree (Required)