Ohio Farmers Insurance Company
Chief Privacy Officer and Privacy Counsel
Ohio Farmers Insurance Company, Westfield Center, Ohio, us, 44251
The Chief Privacy Officer and Privacy Counsel plays a critical role in leading, shaping and implementing Westfield's enterprise privacy strategy to ensure compliance with applicable laws, regulations, and industry standards. The dual role combines strategic leadership in privacy policy and program development, with managing legal aspects and privacy and data protection. You will work closely with our leadership team, legal team, and technology professionals to establish and maintain robust privacy practices across the organization. The role commits to protect the privacy of customers and employee personal information and promotes a culture of privacy. The role ensures organizational compliance with the privacy program and understands the complexities that exist between customer data and employee data. The role also leads in the design, establishment, maintenance and monitoring of policies and procedures which promote the privacy compliance program.
Responsibilities:
Develop and implement a comprehensive privacy program that aligns with Westfield's business objectives and values.Serve as the primary advisor on privacy matters, providing guidance and support to leadership, legal teams, and business units.Monitor and assess privacy risks associated with Westfield's operations, products, and services, and develop mitigation strategies accordingly.Lead efforts to ensure compliance with applicable privacy laws, regulations, and industry standards, such as HIPAA, GDPR, CCPA, and other emerging regulations/laws.Oversee privacy impact assessments (PIAs) and data protection impact assessments (DPIAs) to identify and address privacy risks.Establish and maintain effective mechanisms for handling privacy inquiries, complaints, and data subject requests.Conduct regular privacy training and awareness programs for employees to promote a culture of privacy and data protection.Develop, administer, and maintain overall compliance with HIPAA privacy and security rules by the company and its applicable health plans.Assigned designation as and responsibilities of HIPAA Privacy Officer, HIPAA Contact Person and HIPAA Security Official.Serve as a liaison with regulatory authorities, industry groups, and other stakeholders on privacy-related issues.Lead incident response efforts in the event of a data breach or privacy incident, including notification and remediation activities.Collaborate with internal audit and compliance teams to ensure ongoing monitoring and enforcement of privacy policies and procedures.Prepare regular reports and updates on privacy matters for senior management and other leadership teams.Collaborate with cross-functional teams to integrate privacy considerations into product development, marketing initiatives, and other business activities.Provide guidance on projects affecting privacy, data protection and security and respond to privacy and security related customer and regulatory inquiries and investigations.Provide operational expertise and respond to inquiries and requests for information on privacy-related organizational practices from internal and external stakeholders.Lead employee training on data privacy and security, policy enforcement, privacy compliance program monitoring and auditing.Oversee periodic data privacy hygiene assessments, mitigation, and remediation, including data privacy by design and default, accountability and compliance monitoring, and the mitigation of privacy and security risks.Monitor internal policies and compliant processes for data protection, including with regards to collection, accuracy, retention, use, security, transparency, access, and correction of personal data.Lead data protection compliance audits and impact assessments, checks if data protection impact assessment has been correctly carried out and checks if conclusions are in compliance with relevant data protection laws.
Minimum Requirements:
Juris Doctor (J.D.) and admission to the bar in at least one jurisdiction.12 plus years of experience in Data Protection, Data Governance or Privacy Operations, or a related field.Demonstrated knowledge of global privacy laws and regulations such as GDPR, CCPA, HIPAA, etc.Strong understanding of information technology and data management systems.Excellent analytical, negotiation, and communication skills.Experience with Health Information Management (HIM).Experience in the financial services industry including relevant knowledge of banking and insurance regulation (e.g., Gramm-Leach-Bliley Act section 501(b), PCI).
Westfield was founded in 1848 by a small group of hard-working farmers who believed in the promise of the future and the power of the individual. Today, as one of the nation's leading property and casualty (P&C) companies, we remain true to their vision and are dedicated to making a positive difference in our customers' lives.
#J-18808-Ljbffr
Responsibilities:
Develop and implement a comprehensive privacy program that aligns with Westfield's business objectives and values.Serve as the primary advisor on privacy matters, providing guidance and support to leadership, legal teams, and business units.Monitor and assess privacy risks associated with Westfield's operations, products, and services, and develop mitigation strategies accordingly.Lead efforts to ensure compliance with applicable privacy laws, regulations, and industry standards, such as HIPAA, GDPR, CCPA, and other emerging regulations/laws.Oversee privacy impact assessments (PIAs) and data protection impact assessments (DPIAs) to identify and address privacy risks.Establish and maintain effective mechanisms for handling privacy inquiries, complaints, and data subject requests.Conduct regular privacy training and awareness programs for employees to promote a culture of privacy and data protection.Develop, administer, and maintain overall compliance with HIPAA privacy and security rules by the company and its applicable health plans.Assigned designation as and responsibilities of HIPAA Privacy Officer, HIPAA Contact Person and HIPAA Security Official.Serve as a liaison with regulatory authorities, industry groups, and other stakeholders on privacy-related issues.Lead incident response efforts in the event of a data breach or privacy incident, including notification and remediation activities.Collaborate with internal audit and compliance teams to ensure ongoing monitoring and enforcement of privacy policies and procedures.Prepare regular reports and updates on privacy matters for senior management and other leadership teams.Collaborate with cross-functional teams to integrate privacy considerations into product development, marketing initiatives, and other business activities.Provide guidance on projects affecting privacy, data protection and security and respond to privacy and security related customer and regulatory inquiries and investigations.Provide operational expertise and respond to inquiries and requests for information on privacy-related organizational practices from internal and external stakeholders.Lead employee training on data privacy and security, policy enforcement, privacy compliance program monitoring and auditing.Oversee periodic data privacy hygiene assessments, mitigation, and remediation, including data privacy by design and default, accountability and compliance monitoring, and the mitigation of privacy and security risks.Monitor internal policies and compliant processes for data protection, including with regards to collection, accuracy, retention, use, security, transparency, access, and correction of personal data.Lead data protection compliance audits and impact assessments, checks if data protection impact assessment has been correctly carried out and checks if conclusions are in compliance with relevant data protection laws.
Minimum Requirements:
Juris Doctor (J.D.) and admission to the bar in at least one jurisdiction.12 plus years of experience in Data Protection, Data Governance or Privacy Operations, or a related field.Demonstrated knowledge of global privacy laws and regulations such as GDPR, CCPA, HIPAA, etc.Strong understanding of information technology and data management systems.Excellent analytical, negotiation, and communication skills.Experience with Health Information Management (HIM).Experience in the financial services industry including relevant knowledge of banking and insurance regulation (e.g., Gramm-Leach-Bliley Act section 501(b), PCI).
Westfield was founded in 1848 by a small group of hard-working farmers who believed in the promise of the future and the power of the individual. Today, as one of the nation's leading property and casualty (P&C) companies, we remain true to their vision and are dedicated to making a positive difference in our customers' lives.
#J-18808-Ljbffr