The EOUST, OGC, is seeking a highly qualified and motivated individual to serve as Privacy Counsel. The successful candidate will build on the USTP’s privacy program, and will provide legal analysis, interpretation, and advice to the Senior Component Official for Privacy (SCOP), to other senior leadership, and to USTP personnel on compliance with the Privacy Act of 1974, the privacy provisions of the E-Government Act of 2002, the Federal Information Security Modernization Act of 2014 (FISMA), as well as other statutes, regulations and DOJ guidance. Privacy Counsel will also provide privacy-related training, privacy-related reports to the SCOP and also responds to requests for information from USTP staff and members of the public.
Responsibilities and Opportunities Offered:
- Researching laws, regulations, policies, and applicable precedent and advising the SCOP and other senior leadership on all legal aspects of privacy-related issues;
- Providing legal review and analysis of policies and procedures and ensuring compliance with the Privacy Act; the FISMA; Section 208 of the E-Government Act; OMB Circulars and Memoranda; guidance from the National Institute of Standards and Technology (NIST), and DOJ Orders, Statements, Instructions, and other policies;
- Providing assistance and counsel to the Associate General Counsel for General and Administrative Law and the SCOP, and/or other senior leadership as necessary, regarding the development of legal and policy guidance on privacy matters, including drafting privacy notices, information sharing agreements, assessing privacy risks and implementing safeguards to mitigate such risks;
- Collaborating with the USTP’s Information System Security Officer (ISSO) in preparing privacy compliance documents; reviewing privacy control assessments and preparing the certification as delegated by the Chief of OPCL, and as required for the annual security and privacy accreditation reviews for assigned FISMA systems;
- Serving on the Component Level Management Team, and conferring and collaborating with USTP personnel as needed to respond to and mitigate breaches of Personally Identifiable Information;
- Drafting and conducting periodic review of existing privacy compliance documentation, including Initial Privacy Assessments, Privacy Impact Assessments, Privacy Act statements and internal policies, such as the USTP’s Breach Response Plan;
- Preparing periodic reports, including the SCOP’s report pursuant to the FISMA, or responding to data calls required to be submitted by the Program pursuant to DOJ or Congressional requirements;
- Conferring and collaborating with the DOJ’s Office of Privacy and Civil Liberties (OPCL) as necessary, including attending regular monthly meetings, seeking advice and counsel on a variety of privacy matters, and obtaining approval of privacy compliance documents;
- Providing advice and counsel to Program employees, supervisors, and senior leadership on all privacy-related inquiries, and maintaining an internal SharePoint portal with relevant, up-to-date resources including forms, legal guidance, and responses to FAQs;
- Under the guidance of the Associate General Counsel for General and Administrative Law, providing assistance to the SCOP by developing and updating training materials and conducting periodic role-based training for USTP employees;
- Investigating and responding to inquiries from individuals seeking information or seeking redress of complaints pursuant the Privacy Act, and maintaining the official inquiry files;
- Conferring and collaborating with FOIA counsel, including assisting with responses to requests for records located in the EOUST and in the USTP’s field offices; serving as FOIA liaison when necessary to resolve questions or disputes with requesters; and
- Working on other projects and priorities as assigned.
Due to COVID-19, if selected, you may be expected to telework for an undefined period under the Department’s evacuation authority, even if your home is located outside the local commuting area. Employees in this status may be notified of a requirement to report in person to the component workplace with an advance notice of not less than 30 days. Prior to a requirement to report to the workplace, employees may be eligible to request to continue to telework one or more days a pay period depending upon the terms of the component’s telework policy.