Position Summary: Under the direction of the Deputy Counsel—Chief Privacy Officer (CPO), the Privacy, Cybersecurity & Data Governance Counsel (Privacy Counsel) will engage in difficult and complex legal and policy work that has significant legal, operational and policy impact for the New York City Department of Education (NYC DOE) and the students it serves. The Privacy Counsel will serve within the NYC DOE’s Office of the General Counsel (OGC), joining a team of high-performing, collaborative and dedicated legal and compliance professionals who serve as in-house counsel to the nation’s largest school district and New York’s largest employer and government agency. The Privacy Counsel will help develop and implement a data privacy program for the NYC DOE; will support and advise agency leadership on related privacy cybersecurity, data governance and records management issues; and will assist the CPO in addressing related matters.
Reports to: Deputy Counsel/CPO, Privacy
Direct Reports: None
Key Relationships: Chancellor’s Office; Office of the Chief Administrative Officer, including OGC, the Division of Information and Instructional Technology (DIIT), Contracts and Purchasing, and the Division of Human Capital; Office of the Chief School Operations Officer; Office of the First Deputy Chancellor; Office of the Chief Academic Officer, including the Research Policy and Support Group (RPSG); Division of School Climate and Wellness; Division of School Planning and Development; Division of Early Education and Student Enrollment; Division of Community Empowerment, Partnership and Communications; NYC Mayor’s Office for Information Privacy; NYC Law Department.
At the direction and under the supervision of the CPO, the attorney may perform any or all of the following functions and duties:
- Privacy Program Development, Implementation and Administration
- Helps to develop, implement and administer a robust privacy, cybersecurity and data governance program.
- Drafts and advises on related regulations, policies, procedures, guidance and internal and external communications.
- Helps implement and administer the NYC DOE-wide data privacy training program
- Develops, conducts and/or reviews internal and external privacy impact assessments, data lifecycle management procedures, and appropriate internal data access controls.
- Promotes a culture of high data privacy ethics standards and responsibility.
- Legal counsel
- Provides legal advice concerning privacy laws and regulations that impact the NYC DOE, including the Family Educational Rights and Privacy Act (FERPA) and NY Education Law §2-d.
- Provides legal advice to DOE senior leadership and other stakeholders on the DOE’s privacy, cybersecurity security, data management and data governance strategies and practices.
- Advises NYC DOE schools, programs and offices on privacy and cybersecurity perspectives in the development or use of new technology, products and applications. Supports building privacy and data security from the ground up and helps foster a “privacy by design” way of working.
- Conducts in-depth legal research as assigned; stays current on all applicable laws, regulations and industry best practices.
- Transactional Work and Third Party Privacy Compliance and Data Management
- Drafts and reviews privacy-related provisions and agreements, including non-disclosure agreements, data use agreements, and memoranda of understanding
- Participates in negotiations with vendors, community based organizations and other entities regarding data privacy and cybersecurity compliance and contractual provisions
- Conducts and/or reviews data privacy and cybersecurity impact assessments or similar analyses of third party practices
- Works closely with DIIT and other stakeholders in the review and coordination of potential privacy or data security incidents, including incident investigations, identifying impacted data subjects, notification and other resolution efforts
- Drafts incident notification communications
- Advises the NYC DOE on risk mitigation initiatives and enhancing incident readiness and response
- Regulator Inquiries, Litigation External Data Requests and Complaints
- Addresses privacy- and cyber-security related complaints received from third parties
- Provides legal support for external and internal investigations into alleged privacy violations
- Acts as liaison to other government agencies that have launched investigations or are handling complaints, including the US Department of Education, the NY State Education Department and the NYC Special Commissioner of Investigation for the NYC School District
- Advises DOE offices on requests for records by data subjects and third parties releases to ensure compliance with applicable privacy laws, including consent and identity verification procedures
- Represents the NYC DOE or acts as liaison in related litigation or administrative hearings
- Data Governance and Data Lifecycle Management
- Advises the NYC DOE on information governance and data lifecycle management related matters, including data minimization, records management, record retention and data destruction
- Assists with e-discovery and litigation/responses to regulatory actions relating to cybersecurity and privacy, and supports e-discovery work within OGC as assigned
- Inter-Agency Collaboration
- Collaborates with key external stakeholders, including other city agencies, in fostering sound citywide privacy and data security practices
- Represents the DOE in meetings on privacy and data security-related matters with other government agencies and other parties, when appropriate.
- Coordinates with legal, regulatory and technology risk management colleagues in other agencies and jurisdictions on developments in privacy and cybersecurity and information security law and regulatory guidance
- May coordinate the related work of support staff
- Supports the General Counsel and other OGC senior leadership in other legal matters as assigned
- Leads or participates in special projects as assigned
- Performs related work as assigned
Admission to the New York State Bar and three (3) years of progressively responsible United States legal experience subsequent to admission to any state bar.
NOTE: Selected candidates must remain members of the New York State Bar in good standing for the duration of their employment.
- Experience with education-related privacy and cybersecurity laws and issues, including with data incident response, compliance, and investigations.
- Certified Information Privacy Professional certification.
- Excellent written/verbal communication, including the ability to write clearly and concisely.
- Comfort with technology-related matters and a strong desire to counsel key NYC DOE stakeholders on complicated privacy and cybersecurity issues.
- Transactional and compliance experience, including excellent negotiation skills.
- Strong project management experience.
- Strong knowledge of Microsoft Office, particularly Word, Excel, and PowerPoint.
- Ability to quickly grasp applicable law and regulations.
- Strong legal research skills and extensive contract drafting experience.
Salary: $90,093 - $97,300
(Internal candidates who are selected for this position and who currently hold comparable or less senior positions within the DOE will not earn less than their current salary.)
Please include a resume and cover letter with your application.
NOTE: The filling of all positions is subject to budget availability and/or grant funding.
* New York City Residency is NOT Required *
We encourage all applicants from the New York City tri-state area to apply.
DOE Non- Discrimination Policy
It is the policy of the Department of Education of the City of New York to provide equal employment opportunities without regard to actual or perceived race, color, religion, creed, ethnicity, national origin, alienage, citizenship status, age, marital status, partnership status, disability, sexual orientation, gender (sex), military status, unemployment status, caregiver status, consumer credit history, prior record of arrest or conviction (except as permitted by law), predisposing genetic characteristics, or status as a victim of domestic violence, sexual offenses and stalking, and to maintain an environment free of harassment on any of the above-noted grounds, including sexual harassment or retaliation. For more information, please refer to the DOE Non-Discrimination Policy.