Description

Being part of Air Canada is to become part of an iconic Canadian symbol, recently ranked the best Airline in North America. Let your career take flight by joining our diverse and vibrant team at the leading edge of passenger aviation.

 We have an innovative legal and compliance team that continues to earn the respect and confidence of its internal clients, participating as true business partners to support Air Canada’s strategic objectives. When you join Air Canada and its Law Branch, you’ll become a vital part of a team of driven professionals that are truly making a difference, connecting Canada and the world.  The Law Branch is comprised of over 80 dedicated professionals, with expertise tailored to deliver best in class integrated solutions to our business units and corporate functions. We are committed to delivering the highest level of expertise, service, responsiveness and flexibility to our clients by:

Becoming world class in everything we do to support a top ten global airline

Flying every mile in our clients’ shoes, taking the time to know them, caring and listening

Partnering, with care and class, and a customer mindset

Anticipating and effectively supporting our clients’ needs

Leading and innovating, initiating, facilitating and devising creative and sustainable solutions

Empowering our clients to act effectively, enabling them to do more

The Principal Privacy Officer will be responsible for leading, driving and executing Air Canada’s privacy and personal data governance strategies, policies, procedures and programs to ensure, promote and drive best practices and compliance, throughout the organization, with all applicable privacy laws, regulations, policies, and procedures, as well as drive a privacy culture to minimize risk, align with regulatory and stakeholder expectations and maintain customer trust.

 Responsibilities

Provide strategic and practical leadership and guidance to internal stakeholders, including senior and executive management, on privacy and data governance principles, best practices, requirements and culture

Develop a robust privacy program and related processes for compliance with privacy (employee and passenger/third parties) and data protection laws and self-governing frameworks in existing and emerging markets

Working from existing privacy compliance and maturity initiatives and developing new ones, build a development and maintenance cycle to ensure all policy, process, training, management and incident handling programs are up-to-date and reflect the current business and legal landscape

Maintain current knowledge of all applicable global privacy and data protection laws and regulations, developments and trends including CASL and other applicable anti-spam laws 

Provide support in connection with policy, government relations, and legislation related to privacy and data security matters as well as for legal and regulatory proceedings which may arise from time to time

Lead, build, and implement an effective internal privacy governance structure

Assist and work as a close cross-functional collaborator across multiple stakeholders and functions, including Legal, Compliance, IT, Security, Data Governance and Procurement and HR

Foster a privacy culture within the Corporation through effective internal and external communications, educational, training and orientation programs and processes that ensure privacy compliance is built into all business activities and initiatives 

Acts as the principal contact with the OPC, other privacy authorities, regulators and government agencies in any matters involving privacy and data protection issues 

The successful candidate will also:

Promote the establishment of a global enterprise data governance framework and implementation roadmap and drive data governance initiatives that lead to the establishment of a personal Data Governance Program

Maintain and foster risk management skills for privacy, data ethics, and data use

Drive organizational behavior change as it relates to privacy awareness and the use of data 

Champion tools and technologies that foster the team's ability to meet the complex needs of enterprise data controls within a decentralized data asset management environment

Partner across teams to define robust contract terms. Privacy, CASL and security terms are critical parts of our customer and vendor agreements, and you would partner with other members of the legal team to advise on privacy, CASL and data protection terms

Interface with industry counterparts, external privacy representatives, external advisors and external privacy vendors on program development and infrastructure

Provide guidance on data collection practices, data authentication, and lifecycle security

Develop and implement privacy rules for record retention and destruction policies and procedures

Maintain a high personal standard of service and performance by actively participating in other duties as assigned, education seminars, training programs, and professional development

Specifically, you will be required to:

Develop a plan for the Privacy Compliance function to meet the privacy objectives of the company

Oversee maintenance of all critical privacy related policies and other related documents, establishment of a governance process for maintenance of existing policies and align with the Global Policy Framework 

Create a comprehensive ROP framework to meet GDPR requirements, with guidelines, SOPs, training and awareness for accurate ROP interactions with accountable processors

Drive the development of a Third-Party Privacy Risk assessment and management process in tandem with key internal partners and processes (Legal, IT and SP)

Be accountable for the updating of the privacy incident response playbook, aligned with Emergency Response Plan; fully operationalized, tested and periodically reviewed and for leading Air Canada’s privacy incident response

Manage the PIA/DPIA process, guidelines, training and risk mitigation management framework, as well as processes for managing data subject right requests

Implement Privacy by Design processes to formally integrate privacy requirements within IT project gating processes to ensure processing is compliant at conception stage and by default

Develop a comprehensive and risk-based privacy training and awareness program for all employees and business partners

Qualifications

Minimum of 7 years experience as a privacy leader or relevant experience in a leading law firm, an established in-house legal department or hands-on experience in data protection and privacy, preferably in a technology intensive industry

Solid academic credentials and a proven track record must be demonstrated.  Membership in the Bar of a province is preferred and both common and civil law training is an asset  

Solid understanding of the PIPEDA, GDPR, and related statutes, the common law and civil law as they pertain to privacy, preferably with substantial experience in matters falling under federal jurisdiction. Meaningful experience in matters before the Office of the Privacy Commissioner (Canada) and other Data Protection Authorities 

Proven experience building and leading effective and high performing teams

Demonstrated leadership and experience in project management, program frameworks and strategies 

Ability to communicate effectively with and provide direction to leaders and employees at every level of organization

Strong analytic and critical thinking skills

Collaborative, positive attitude, able to deal with diverse challenges in a calm, courteous, and effective manner

Demonstrated discretion in handling privileged and confidential information

Ability to prioritize and meet competing deadlines, including assignments involving complex issues, conflicting priorities, multiple stakeholders and results oriented business clients

Ability to communicate effectively with data subjects, data protection authorities and other controllers and processors across industries and cultures

Capacity to work autonomously and under pressure, displaying composure in challenging situations

Tenacity and resilience to persevere towards goals, despite challenges and obstacles, maintaining enthusiasm through to the attainment of the goals

A practical and business-oriented approach, recognizing the operational, commercial and other strategic implications of issues

Embody Air Canada’s core values, including the highest ethical standards, client focus, strong work ethic, and can-do attitude 

Proficiency in Microsoft Office and Google products, technologies and systems an asset

Excellent written and verbal communication skills required

Knowledge of the industry is an asset

Conditions of Employment:

Candidates must be eligible to work in the country of interest, at the time any offer of employment is made and seeking any required work permits/visas or other authorizations which may be required is the sole responsibility of the candidates applying for this position.

Mandatory Covid-19 Vaccination Required

Linguistic Requirements

Based on equal qualifications, preference will be given to bilingual candidates. 

 Diversity and Inclusion

 Air Canada is strongly committed to Diversity and Inclusion and aims to create a healthy, accessible and rewarding work environment which highlights employees’ unique contributions to our company’s success.

 As an equal opportunity employer, we welcome applications from all to help us build a diverse workforce which reflects the diversity of our customers, and communities, in which we live and serve.

Air Canada thanks all candidates for their interest; however only those selected to continue in the process will be contacted.