About The Position

This role involves leading or supporting the development of a Privacy Impact Assessment (PIA) for an interactive website. The PIA will evaluate the website's compliance with legal and policy privacy requirements, identify and mitigate risks, and address client concerns. This includes assessing user account setup, collection and use of email addresses, display of user names on a public portal, classroom enrollment processes, access codes, and any other collection, use, disclosure, or processing of personal information. The program must comply with provincial, municipal, federal, and private sector privacy legislation, as well as relevant regulations, statutes, OPS policies, Directives, standards, guidelines, and internationally accepted Fair Information Practices.

Requirements

  • Experience leading or supporting Privacy Impact Assessments for digital platforms, websites, online services, or user account systems.
  • Strong knowledge of privacy laws, privacy principles, and privacy-by-design requirements for websites collecting personal information.
  • Ability to work closely with legal counsel to interpret privacy requirements and translate them into practical business and design decisions.
  • Ability to review website features, user journeys, and account setup flows to identify where personal information is collected, used, displayed, stored, or shared.
  • Understanding that privacy messages may need to be placed in different locations and written differently depending on context (e.g., footer links, privacy policies, just-in-time notices, account setup screens, classroom onboarding flows).
  • Ability to distinguish between longer-form privacy policy content and shorter, user-friendly notices shown at the point of collection or decision-making.
  • Experience drafting or advising on plain-language privacy notices, consent wording, and user-facing privacy explanations for different audiences (students, teachers, parents/guardians).
  • Ability to assess privacy risks related to youth users, public display names, access codes, teacher-managed accounts, and student self-registration flows.
  • Strong analytical skills to identify privacy risks, recommend mitigations, and document decisions clearly for stakeholders.
  • Strong written and verbal communication skills, with the ability to explain privacy requirements in practical, non-legal language.
  • Excellent knowledge of privacy and security concepts, trends, and issues, including their impact on digital services, website features, and business processes.
  • Demonstrated ability to interpret legal and policy requirements and translate them into clear, practical guidance for compliance, design, and implementation.
  • Knowledge of, and experience in researching and applying relevant information privacy laws, regulations, jurisprudence (particularly as it relates to the Information and Privacy Commissioner of Ontario/Canada and US) and risk countermeasures.
  • Experience in conducting Privacy Impact Assessments in a public sector context.
  • Knowledge of, and experience with privacy-enhancing best practices.
  • Knowledge and ability to interpret and apply Ontario’s Freedom of Information and Protection of Privacy Act (FIPPA) and its municipal equivalent the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA), Personal Health Information Protection Act (PHIPA), their respective regulations, and related jurisprudence.
  • Familiarity with federal Personal Information Protection and Electronic Documents Act (PIPEDA) and US PATRIOT Act.
  • Familiarity with OPS Privacy Impact Assessment Process and Tools released by the Ontario Ministry of Government Services.
  • Good understanding of related disciplines, such as IT security, IT system design, policy development (privacy or security), business architecture, legal processes, Freedom of Information administration, business analysis, risk management, project management.
  • Knowledge of Information Technology concepts and processes that impact the protection of personal information, including (but not limited to) Internet tools, system interfaces, information security, information architecture and data flows.
  • Information and Record Keeping Knowledge.
  • Professional certification from a related discipline such as IT security, architecture.

Nice To Haves

  • Experience providing education and training related to privacy.
  • Knowledge of, and experience with the policies and procedures of the Ontario government (e.g., business case development, project approvals and policy development).

Responsibilities

  • Lead or support the development of a Privacy Impact Assessment (PIA) for an interactive website.
  • Evaluate whether the website meets legal and policy privacy requirements.
  • Determine and mitigate privacy risks.
  • Address client concerns regarding privacy.
  • Ensure compliance with applicable privacy legislation (provincial, municipal, federal, private sector), regulations, statutes, OPS policies, Directives, standards, guidelines, and Fair Information Practices.
  • Review website features, user journeys, and account setup flows to identify personal information handling.
  • Work with UX and design teams to place privacy notices and consent language appropriately.
  • Assess privacy risks related to youth users, public display names, access codes, teacher-managed accounts, and student self-registration flows.
  • Interpret legal and policy requirements and translate them into practical guidance.
  • Conduct a PIA in a public sector context.
  • Develop a PIA independently or as part of a team, directing input from organizational members.
  • Create and understand data flow diagrams and business process diagrams.
  • Recognize the need for and seek input from external experts.
  • Communicate effectively with technical and business audiences, as well as non-access and privacy experts.
  • Understand the privacy implications of policies, decisions, and business initiatives.
  • Understand IT concepts impacting personal information protection (Internet tools, system interfaces, IT security, information architecture, data flows).
  • Develop risk assessment tools, methodologies, policies, and procedures for managing personal information.
  • Understand policies, directives, standards, business rules, procedures, and guidelines for records management (classification, retention, disposition).
  • Understand the Accessibility for Ontarians with Disability Act (AODA) and related regulations and standards.
  • Provide education and training related to privacy.
  • Understand and apply Ontario government policies and procedures (business case development, project approvals, policy development).
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service