Privacy Impact Assessment (PIA) Specialist
Job Details
Closing Date: Monday, June 1, 2026 at 12:00 p.m.
Location: Toronto, Toronto, Ontario, Canada
Client: Ministry of Public and Business Service Delivery and Procurement
Department: Government Services Integration Cluster
Start Date: 2026-07-01
End Date: 2027-03-31
Work Arrangement: Onsite
Job Type: Contract
Job ID: 0527253
Project Overview
The project supports a service transformation initiative by conducting Privacy Impact Assessments for new technologies, information systems, programs, and policies. It focuses on analyzing data flows and business processes to identify privacy risks, ensuring compliance with applicable privacy legislation and OPS directives, and embedding privacy best practices into business architecture, IT system design, and public sector service delivery.
Key Responsibilities
- Lead or support the development of Privacy Impact Assessments (PIAs) for new technologies, information systems, programs, or policies
- Evaluate privacy compliance against applicable legislation, regulations, OPS policies, directives, standards, guidelines, and Fair Information Practices
- Analyze data flows and business processes to identify privacy risks and recommend mitigation measures
- Determine privacy impacts and address client concerns through assessment findings and risk responses
- Integrate privacy best practices into business architecture, IT system design, and service delivery from early planning stages
- Develop and maintain privacy policies, procedures, risk assessment tools, and methodologies for managing personal information
- Create and interpret data flow diagrams and business process diagrams to support privacy assessments
- Collaborate with legal, IT security, business analysts, and program leads to embed privacy into project planning and implementation
- Provide privacy education, training, and guidance on compliance, risk mitigation, and privacy-enhancing technologies
- Review and compare policies and legislation and provide recommendations to ensure adequate privacy protections
- Assess privacy and security implications of digital solutions, including web-based solutions and backend integrations (e.g., APIs)
- Assess privacy risks related to integrations across legacy systems, web applications, digital solutions, and cloud-based solutions
- Present assessment findings and recommendations to senior management and executives
Qualifications & Requirements
REQUIRED
- Must be able to work 5 days onsite per week
- Experience conducting Privacy Impact Assessments in a public sector context
- Knowledge and experience researching and applying privacy laws, regulations, and related jurisprudence (including Information and Privacy Commissioner of Ontario context)
- Knowledge and ability to interpret and apply FIPPA and MFIPPA
- Knowledge and ability to interpret and apply PHIPA and related regulations and jurisprudence
- Familiarity with PIPEDA
- Familiarity with US PATRIOT Act
- Familiarity with OPS Privacy Impact Assessment process and tools
- Knowledge of privacy and security concepts, trends, and issues and their impact on business processes
- Knowledge of privacy-enhancing best practices
- Ability to lead or support development of a PIA by directing and gathering input from stakeholders
- Ability to create and understand data flow diagrams and business process diagrams
- Knowledge of IT concepts impacting protection of personal information (e.g., system interfaces, information security, information architecture, data flows)
- Experience developing risk assessment tools, methodologies, policies, and procedures to manage personal information
- Knowledge of records management policies and practices (classification, retention, disposition)
- Knowledge and understanding of AODA and related regulations and standards
NICE TO HAVE
- Professional certification in a related discipline (e.g., IT security, architecture)
- Experience providing privacy education and training
- Experience with Ontario government policies and procedures (e.g., business case development, project approvals, policy development)
- OPS or broader public sector experience
EVALUATION CRITERIA
Privacy Assessment Experience, Policy and Legislative Requirements - 40%
- Experienced in privacy legislation including Freedom of Information and Protection of Privacy Act (FIPPA), Personal Health Information Protection Act (PHIPA), the Personal Information Protection and Electronic Documents Act (PIPEDA)
- Experienced in conducting privacy assessments involving personal information, citing examples in resume.
- Experienced in leading and conducting privacy assessments with involving online and/or digital solutions.
- Lead and conducted assessments involving personal health information involving third party solutions (e.g. private sector or non-profit application solutions) and/or service integration providers.
- Experienced working with policy development teams; reviewing and comparing policies and legislation to make informed recommendations to ensure adequate privacy protections and considerations are addressed with in policy/legislation.
Technical understanding - 30%
- Experience with privacy risks and conducting PIAs and the unique security and privacy challenges associated with various platforms.
- Demonstrated experience and familiarity with strong security, encryption and privacy protection approaches to digital solutions, including web based and backend integrations via API or similar approaches.
- Experience with privacy risks and conducting PIAs associated with integration between legacy systems, web applications, digital and cloud-based solutions to obtain, retrieve and synchronize information.
- Familiar with cloud-based technologies including the security and privacy considerations, limitations, and best practices for data protection.
- Experience, knowledge and understanding of privacy protection standards and best practices, business, information and security architecture principles and emerging technology related to the protection of privacy and personal information.
Leadership and Communications - 20%
- Demonstrated strong communication and engagement skills with ability to lead teams in discovery sessions to elicit details of technical solutions, business processes and/or policies, strong writing skills to document findings, recommendation, etc.
- Demonstrated ability to interpret both technical (e.g. architecture design documents, process flows, state transition diagrams, etc.) and non-technical documentation to conduct assessment of impacts and to develop mitigation strategies.
- Strong organizational and time management skills to manage multiple and concurrent requests in an agile and highly dynamic work environment setting.
- Strong presentation abilities to communicate findings, recommendations, etc. to senior management and executives to inform decision making; able to communicate Page 6 of 12 complex problems/issues in simple terms.
Digital Identity Frameworks and Standards - 5%
- Experience in developing, applying and/or evaluating digital identity trust frameworks.
OPS experience - 5%
- Prior experience with leading and conducting multiple PIAs in OPS setting/ environment, including demonstrated knowledge and experience with OPS processes, existing templates and expectations to obtain approvals/sign off.
Key Skills & Competencies
AODA, API integration, Cloud security, Data flow diagrams, Digital identity frameworks, Encryption, FIPPA, Information architecture, Information security, IT system design, MFIPPA, PHIPA, PIA process, PIPEDA, Privacy Impact Assessments, Privacy legislation, Privacy risk assessment, Privacy standards, Records management, Risk management, System interfaces, US PATRIOT Act
Applications for this position will be accepted until Monday, June 1, 2026 at 12:00 p.m..
If you meet the requirements for this role, please apply now.
Apply for This Position
Click "Apply." If no email opens, check your pop-up blocker or email your resume directly to
resume@govtechtalentsolutions.ca, including the Requisition Number and Job Title in the subject line.