Senior Privacy Expert with AI governance experience required to provide privacy and AI governance consulting and development services.

Our GTA based, Municipal Government client requires the services of a Senior Privacy Expert with AI governance experience to provide privacy and AI governance consulting and development services.

ROLE:

Our Municipal Government client maintains a privacy program, including but not limited to privacy, access and records management policies and the completion of privacy impact assessments for systems, services, initiatives, programs, and projects that involve personal information. The Client is also embarking on the process of building an AI governance, accountability, and risk management framework. The Client is seeking a Proponent to provide privacy and AI governance consulting and development services for a period of twelve (12) months with an option to extend for an additional twelve (12) months.

The successful Respondent will:

· Review and revise policies, procedures, methodologies and templates relating to Privacy Impact Assessments (PIAs) at the Client, including the creation of new documents and templates as required;

· Conduct PIAs for AI systems or tools as directed, including internal, embedded (e.g. Adobe Acrobat AI Assistant), and project or program-specific AI systems or tools, highlighting risks, potential mitigation and ensuring privacy by design is embedded as appropriate;

· Conduct PIAs for other IT systems, third party service providers, projects and initiatives as directed, highlighting risks, potential mitigation and ensuring privacy by design is embedded as appropriate;

· Complete PIAs for new and existing systems, projects, and initiatives. PIA work will be on a set schedule for each PIA matching the timelines related to the launch of a proposed system, project, program or initiative;

· Manage all phases of the PIA, creating and adhering to timelines set in consultation with Client's staff;

· Advise on and create documentation (including policies, procedures, methodologies and templates) for the Client’s development of a data governance framework, as directed;

· Develop an AI governance structure and accountability and risk management framework (an ‘AI governance framework’) for the Client. The AI governance framework includes but is not limited to the following:

• Identify and inventory AI systems in-use or planned for use;

• Identify, advise on and document relationships between the proposed AI governance structure, Client’s Privacy program, and Client’s data governance framework, including opportunities for mutual support and benefit;

• Assess current compliance against applicable legislation and regulation, including Ontario’s Bill 194 (the Strengthening Cybersecurity and Building Trust in the Public Sector Act 2024) and Ontario’s Municipal Freedom of Information and Protection of Privacy Act (MFIPPA);

• Make recommendations for changes to Client's policies that may be impacted by applicable AI-related legislation and regulation;

• Assess, benchmark, and advise on the Client’s current and future AI governance state against established AI governance, accountability, and risk management guidance and best practice, including Ontario’s Trustworthy AI Framework and other frameworks (e.g. NIST and ISO) or law (e.g. EU AI Act) as directed.

· Manage all phases of the AI governance framework development, creating and adhering to timelines set in consultation with Client's staff;

MUST HAVE:

• Significant experience completing PIAs on enterprise IT systems, especially for AI systems. Components of the PIAs must have included: data flow charts, risks and mitigation, and privacy by design proposals;

• Experience completing PIAs of varying size and complexity;

• Significant experience developing and implementing AI governance and accountability frameworks of varying size and complexity. Components of the AI governance frameworks should include: AI governance policy and process development and implementation; AI risk assessment and mitigation against a range of legislation, regulation, guidance, and best practice (ideally including Ontario’s Bill 194, MFIPPA, Ontario’s Trustworthy AI Framework and other frameworks (e.g. NIST and ISO) or law (e.g. EU AI Act)); AI inventories and data flow charts; and AI system, algorithm, and data design and operations;

• Strong understanding of MFIPPA and Bill 194 (Ontario), and of other privacy and privacy and AI governance law, best practice, frameworks and guidance such as Ontario’s Trustworthy AI Framework, the NIST AI Risk Management Framework, and EU AI Act;

• Previous experience with privacy- and AI-related work for the municipal, public and/or the library sector; and

• Demonstrated knowledge of privacy and AI governance best practices and implications for the public sector.