Privacy Counsel

at  Sorenson Communications LLC

JOB SUMMARY

The Privacy Counsel will develop, manage, and implement processes to ensure the organization’s compliance with applicable federal and state privacy regulations and guidelines, including HIPAA, GDPR and other state and local regulations particularly regarding the organization’s access to and use of personally identifiable information (PII) and protected health information (PHI). Serves under the direction of the Head of Privacy/Deputy General Counsel to provide counsel and representation in areas such as administration, compliance, records, contracts and more.

TRAVEL REQUIREMENTS

• Less than 25%

EDUCATION

• Minimum: Graduate Degree and A Juris Doctorate and admission to a state bar. Fully admitted to practice applicable laws in the country or jurisdictions of responsibility.

EXPERIENCE

• Minimum Years of Experience: 3 Years of legal experience at a mid to large size law firm, government regulatory or in-house. Experience in legislative drafting, public policy or political roles a plus.

KNOWLEDGE, SKILLS, AND ABILITIES

• Outstanding writing, research, negotiating, and interpersonal skills.
• Strong advocacy and presentation skills are a must.
• Thrive in high impact/high profile situations.
• Ability to provide practical, strategic and business-oriented legal advice
• Ability to build strong working relationships with internal clients at all levels of management and work within cross-functional teams to develop solutions to complex legal/business issues
• Ability to effectively manage multiple time sensitive tasks
• Ability to work independently and collaboratively

WORKING CONDITIONS AND PHYSICAL REQUIREMENTS

• Corporate office environment
• Operation of office equipment including computers.
• Ability to sit for long periods of time while operating a computer.
• Dexterity of hands and fingers to operate a computer keyboard, mouse, tools, and to handle other computer components
• Periods of standing.
• Some light to moderate lifting.

• Supports a strategic and comprehensive privacy program that defines, develops, maintains and implements policies and processes that enable consistent, effective privacy practices which minimize risk and ensure the confidentiality of personal and proprietary information, paper and/or electronic, across all media types. Ensures privacy forms, policies, standards, and procedures are current.
• Works with organization management, security, and corporate compliance to establish governance for the privacy program. Serves in a leadership role for privacy compliance. Collaborate with information security to ensure alignment between security and privacy compliance programs including policies, practices, investigations.
• Performs or oversees initial and periodic information privacy risk assessment/analysis, mitigation and remediation.
• Conducts related ongoing compliance monitoring activities in coordination with the organization’s other compliance and operational assessment functions. Participates in ensuring the organization maintains appropriate privacy and confidentiality consents, authorization forms and information notices and materials reflecting current organization and legal practices and requirements.
• Participates in planning initial and ongoing privacy training to the workforce. Participates in the development, implementation, and ongoing compliance monitoring of all vendors business associates and business associate agreements, to ensure all privacy concerns, requirements, and responsibilities are addressed.
• Works cooperatively with the applicable organization units in providing consumer rights to inspect, amend, and restrict access to personal identifiable information and PHI, when appropriate. Manages breach determination and notification processes under state laws, applicable federal laws, GDPR, relevant international laws, HIPAA and other breach rules and requirements. Investigates and acts on privacy and security complaints. Performs required breach risk assessment, documentation, and mitigation. Works with Human Resources to ensure consistent application of sanctions for privacy violations Initiates, facilitates and promotes activities to foster information privacy awareness within the organization and related entities.
• Maintains current knowledge of applicable federal and state privacy laws and accreditation standards. Works with organization administration, legal counsel, and other related parties to represent the organization’s information privacy interests with external parties (state or local government bodies) who undertake to adopt or amend privacy legislation, regulation, or standard.
• Cooperates with State regulators, FCC, U.S. Department of Health and Human Service’s Office for Civil Rights, and/or other legal entities in any compliance reviews or investigations.
• Serves as an information privacy resource to the organization regarding release of information and to all departments for all privacy related issues.
• Interpret laws, rulings, and regulations regarding privacy and data protection or as required.
• Conduct legal, technical, and other research to gather evidence as needed. Explain, clarify and simplify complex technical information.
• Other duties as assigned.