Privacy & Records Management Officer

Status: Full Time

Hours: Monday – Friday, 35 hours/week

Home Campus: Fennell (hybrid work arrangements available)

Rate of Pay: Payband 11 ($100,363 - $125,453 per year)

Vacancy Status: 1 vacancy available

Posting Date: April 24th, 2026

Closing Date: May 8th, 2026 at 7:00 pm EST

We believe the rich diversity among our students and the communities we serve should be reflected within our workforce. As educators, we believe it is important to act and show leadership in advancing the principles of reconciliation, equity, diversity, and inclusion in our community.

The Privacy and Records Management Officer is responsible for overseeing the College’s compliance with privacy legislation and ensuring the responsible management of personal information across all academic and administrative operations. This role provides leadership, guidance and oversight on all aspects of privacy and data protection as it relates to student, employee, alumni and research data, while fostering a culture of privacy awareness throughout the institution. The incumbent will work closely with the Information Security Services team and with other College stakeholders to uphold data protection principles within the organization.

This position is accountable for risk identification and assessment for compliance of the College’s responsibilities under the provincially mandated Freedom of Information and Protection of Privacy Act (FIPPA) and Canada’s Anti-Spam Legislation (CASL). Working closely with IT Security Services, the Privacy Officer will conduct and review Privacy Impact Assessments for the College, to evaluate the potential privacy risks associated with new systems, processes, or data collection practices, ensuring that any risks are addressed and mitigated. The Privacy and Records Management Officer is also the delegated authority responsible for managing and administering the College’s Records Inventory Management (RIM) program, developing and maintaining the Records Inventory Management schedule and associated policies and procedures.

This position can primarily work remotely, however, occasional travel to campus for in-person work may be required.

What you’ll be doing:

Privacy Impact Assessments

• Work with IT Security Management to rollout the Privacy Screening Questionnaire and Privacy Impact Assessment processes and procedures across the College.
• Conduct and review privacy impact assessments to evaluate the potential privacy risks associated with new systems, processes, or data collection practices, ensuring that any risks are addressed and mitigated. Document findings, risks and compliance gaps.
• Collaborate with IT Security Management to identify how personal information is collected, used, stored, shared and disposed of – to ensure appropriate technical safeguards are in place throughout all areas of the institution.
• Partner with College departments to identify areas for improving data collection, handling and processing, while ensuring compliance with access and privacy regulations.
• Support College departments on best practices on the release of records to ensure compliance with privacy regulations.
• Identify and assess privacy risks related to collection, use, disclosure, retention and security of personal information. Assess College compliance with FIPPA, PHIPA and organizational policies. Prioritize risks and propose mitigation strategies.

Records Inventory Management Program Lead

• Acts as the delegated authority responsible for managing and administering the College’s Records Inventory Management (RIM) program.
• Develop and maintain the Records Retention Schedule and RIM policy and procedures.
• In collaboration with IT Services, provide RIM expertise and input into the planning and implementation of technologies to enhance RIM processes and practices.
• Facilitate periodic records inventory reviews process to ensure all Departments have reviewed and verified that their inventory is accurate and up to date.
• Support the identification of a third-party digitization provider by following procurement policies and liaise with Departments as needed to support digitization of paper records.
• Facilitate periodic records compliance reviews to assess institutional adherence with policies and procedures and the Records Retention Schedule and work with Departments to ensure a remediation plan is developed to address any identified issues or risks.
• Provide ongoing support and training to College staff on RIM processes and practices in alignment with the RIM policy.

Freedom of Information Requests

• Receive and process formal Freedom of Information and Protection of Privacy (“FIPPA”) requests, acting as the main point of contact between the requestor and the College.
• Coordinate the collection of data from various areas (i.e. Student Rights & Responsibilities Office, Academics).
• Engage and coordinate with external legal counsel throughout the process. This includes the initial assessment; record redaction; communications with the requestor; and any appeals processes.
• When necessary, conduct email searches using Discovery Attender software to provide to external counsel for review and redaction.
• Establish and maintain records for reporting purposes.
• Responsible for the management and completion of the annual FIPPA report to the Information and Privacy Commissioner of Ontario.

Data/Information Breaches

• Acts as main point of contact for the intake, investigation, documentation and resolution of data or information breaches across the college.
• Coordinate response teams (IT, Risk, Registrar’s Office, Student Rights & Responsibilities Office, Counselling & Health Centre) during data breach incidents.
• Investigate privacy incidents and breaches to determine scope, impact, root cause, legal/reporting obligations under relevant privacy laws (e.g., FIPPA, PHIPA), determine and take corrective action to ensure that similar incidents are prevented in the future.
• Engage and coordinate with external legal counsel when necessary.
• Establish and maintain records of incidents for reporting purposes.
• Using knowledge of best practices, assist in the development of incident response procedures related to data/privacy breaches, facilitating communication with affected parties and communicating to regulatory bodies such as the Information and Privacy Commissioner of Ontario as required.
• Provide training on access and privacy, breach awareness, and the importance of record-keeping obligations.
• Responsible for the management and completion of the annual privacy reports to the Information and Privacy Commissioner of Ontario.

Privacy Governance & Compliance

• Develop, implement, and maintain privacy policies, procedures, and standards aligned with applicable legislation (e.g., FIPPA, PHIPA if applicable, PIPEDA for certain activities).
• Serve as the college’s primary authority on privacy matters, advising senior leadership and all departments.
• Conduct regular privacy risk assessments and compliance audits across academic and administrative units.
• Monitor legislative changes and ensure timely updates to institutional practices.
• Develop and deliver privacy training for faculty, staff and administrators.
• Provide guidance to academic departments on privacy considerations in teaching, learning, and research.

Canada’s Anti-Spam Legislation Compliance

• Ensure ongoing College compliance with CASL, understanding the College’s unique positioning as it relates to CEMs.
• Where necessary, provide training to College staff on CASL and managing consent.
• When needed, review mailing lists and/or email messaging to ensure CASL compliance.
• Provide guidance to College staff and respond to inquiries regarding CASL compliance.

Whistleblower Account Management and Policy

• Monitor the whistleblower email and coordinate responses to inquiries and complaints.
• Monitor the Whistleblowing website (Mitratech/Clearview Connects) on a regular basis to coordinate follow up to submissions.
• Prepare annual Whistleblowing Report for the College Board of Governors.
• Maintain the College’s Whistle Blowing Policy and procedures, ensuring alignment with applicable legislation.

Other duties as assigned.

What you’ll bring to the role:

• Postsecondary degree or diploma in a relevant field such as Information Management, Privacy, Legal Studies, or Data Science, or equivalent combination of education and experience.
• 5 years of experience working in privacy, compliance, information governance or related roles with experience reviewing and managing privacy case files, applying privacy legislation, and preparing clear summaries or recommendations for decision-maker.
• Demonstrated experience interpreting and applying the Freedom of Information and Protection of Privacy Act (FIPPA), including preparing responses and engaging with the Information and Privacy Commissioner of Ontario.
• Experience in a postsecondary or public-sector environment preferred.
• CIPP/C (Certified Information Privacy Professional – Canada) or CIPM (Certified Information Privacy Manager).
• Relevant professional designation from the International Association of Privacy Professionals (IAPP) or other recognized professional bodies is an asset.
• Strong knowledge of Canadian privacy legislation (FIPPA, PHIPA, PIPEDA).
• Skilled in reviewing, organizing, and interpreting large volumes of complex information, particularly in areas such as data breaches, privacy impact assessments and FIPPA requests.
• Demonstrated skill in analyzing case details and identifying key issues, risks, and opportunities, with the ability to present practical recommendations that move the file forward.
• Ability to critically review files and cases, interpret key facts and implications, and distill them into clear, concise summaries that support informed decision-making at the senior level.
• Demonstrated commitment and understanding of human rights, equity, diversity, inclusion, and accessibility.

What we offer:

• Progressive vacation plan starting with 22 vacation days per year plus holiday closure.
• Defined Benefit pension plan (CAAT) with contributions matched by Mohawk College.
• 93% top up of maternity and parental leave pay for 52 weeks.
• Annual employee performance incentive program.
• Comprehensive benefits package including health, dental, vision, paramedical services (massage therapy, acupuncture, naturopath, psychotherapy and psychology), short-term and long-term disability.
• Ability to take courses at a reduced rate for employees and dependents.

To find out more about working at Mohawk College, including our Employee Value Proposition, please visit https://www.mohawkcollege.ca/about-mohawk/careers-at-mohawk

We are committed to reconciliation and nurturing an inclusive, diverse, equitable, and accessible (IDEA) environment for everyone who learns and works at Mohawk College. We welcome applications from racialized persons, women, Indigenous people, persons with disabilities, 2SLGBTQIA+ persons, and others who may contribute to the further diversification of ideas.

The College is committed to fostering inclusive and barrier-free recruitment and selection processes. If you require accommodation during any stage of the recruitment process, please contact Human Resources.

To learn more about Mohawk College’s commitments, please visit the Mohawk College strategic plan webpage: https://www.strategicplan.mohawkcollege.ca/