County of Alameda

Privacy Compliance Officer (#0469)

Bargaining Unit: Unrep - Confidential Mgmt (U50)
$47.80-$65.98 Hourly / $3,824.00-$5,278.40 BiWeekly /
$8,285.33-$11,436.53 Monthly / $99,424.00-$137,238.40 Yearly


DESCRIPTION
Under general direction, this position is responsible for managing all aspects of the compliance of Federal, State, and local privacy rules and regulations for Alameda County; performs complex analytical, legislative, administrative, and managerial studies to manage the County’s privacy-related activities and business practices; develops, implements, recommends, and maintains County-wide privacy policies and procedures; works closely with County departments to coordinate privacy compliance; and do related work as required.

DISTINGUISHING FEATURES

This single position classification is located in the Risk Management Division of the County Administrator’s Office and reports to the Risk Manager. This position is distinguished from the latter class in that this position is responsible for ensuring compliance of privacy regulations for the departments and agencies of Alameda County, whereas the latter is responsible for planning, organizing, directing, and coordinating the activities of the County’s risk management programs. The Privacy Compliance Officer also provides direct supervision to the next lower level classification(s) in certain operational programs and projects.

EXAMPLES OF DUTIES
NOTE: The following are the duties performed by employees in this classification. However, employees may perform other related duties at an equivalent level. Each individual in the classification does not necessarily perform all duties listed.

1. Directs and recommends a County-wide privacy policy to comply with all Federal, State, and local privacy regulations; develops and revises policies to ensure private and personal information collected of government clients and customers is in compliance with all applicable laws.

2. Plans, oversees, and conducts internal reviews of operations and business practices of all County Departments to identify privacy compliance and/or barriers with privacy laws and regulations.

3. Monitors and reviews current and proposed Federal, State and local regulations to ensure security, privacy and compliance of stated regulations pertaining to County business practices, policies, and procedures; recommends and coordinates any revisions or changes to policy and procedures as indicated by laws and regulations with County Counsel and County Administrator.

4. Serves as the representative from County Administrators Office in regards to privacy policies; Works closely with County Counsel, departmental Information Systems representatives, Department Heads and Directors, and other related parties to review impact of policy and procedure changes in response to regulations; may represent the County’s privacy interests with external parties (Federal, State, and/or local government bodies or standards setting organizations).

5. Works closely with impacted departmental representatives, County Administration, and County Counsel to develop legally required documents, forms, notices, authorizations, and appropriate e-commerce forms required by Federal and State privacy regulations; serves as liaison between County departments and County Counsel.

6. Oversees employee health programs for County classified services; serves as a lead consultant to agency and departmental management in employee health services; provides administrative direction on employee health programs, policy, procedure, and contract services providers.

7. Develops policies for documenting and reporting any evidence of privacy violations; serves as the County Privacy Officer to review and respond to complaints, inquiries, and investigations pertaining to the County’s privacy policies, security, and compliance; conducts all documentation and reports for privacy complaints; works as a liaison with Department for privacy related complaints and compliance.

8. Develops and implements procedures for detecting, reporting, and investigating any breaches in privacy security; may work closely with law enforcement officials in securing evidence for security breaches.

9. Oversees compliance with internal policies and procedures within County departments and agencies, including compliance with contract providers and vendors.

10. Monitors and reviews compliance standards as defined by HIPAA (Heath Insurance Portability and Accountability Act of 1996) regulations with impacted County departmental representatives.

11. Initiates, facilitates, and promotes activities to foster privacy awareness within the County to impacted staff which deal with personal and private information; Coordinates any privacy-related training to affected staff to ensure County staff understand and have tools and knowledge of any new changes or updates in privacy related business transactions.

12. Works closely with Information Technology Department and other Information Technology departmental representatives to review and identify any information security risks; assists Information Technology Department and other Information Technology departmental representatives to develop and implement security management practices to ensure privacy compliance.

13. Oversees through County-wide information technology representatives that there are established measures and practices, while in compliance with regulations, to protect confidential data gathered and stored through County-wide information systems and programs for a broad range of services including but not limited to general government, health care, law enforcement, social services, and other service applications.

14. Prepare effective and concise reports, correspondence, recommendations, and policies and procedures.

MINIMUM QUALIFICATIONS
Education:

Possession of a Bachelor’s degree from an accredited college or university in business management, public administration, public policy, risk management, health care administration, legal studies, or other closely related field. (Additional experience as outlined below may be substituted for the education on a year-for-year basis.)

AND
Experience:

The equivalent of five years full time experience in a public or private organization performing duties which included developing, implementing, and maintaining policies and procedures to ensure organization compliance with federal and state privacy regulations (at least two years of which involved staff supervision). This experience must have been obtained in one of the following fields: law; health/mental health care delivery or administration; health care consultation; information privacy; or other closely related field.

NOTE: The Civil Service Commission may modify the above Minimum Qualifications in the announcement of an examination.

KNOWLEDGE AND SKILLS
NOTE: The level and scope of the following knowledge and abilities are related to duties listed under the “Examples of Duties” section of this specification.

Knowledge of:

• Principles of public administration, organization, and management.
• Contract development and negotiation.
• Federal, State, and local privacy regulations and requirements.
• Budgeting procedures, practices and analysis.
• Health Insurance Portability and Accountability Act of 1996 (HIPAA)
• Policy and procedure management and monitoring.
• Principles of supervision, management control, personnel management and training.
• Principles and practices of project planning, monitoring, and evaluation.
• Methods of legal research including the use of automated information systems.
• Techniques and methods to perform administrative, policy, and legislative analysis studies.
• Computer software, including word processing, spreadsheets, and database programs.

Ability to:

• Identify and analyze legal issues with relation to policies.
• Analyze, interpret, and apply regulations, rules, and ordinances of federal, state, and local legislation.
• Effectively implement legislative changes of state and federal laws within the County policies, procedures, and all other applicable areas of County business practices.
• Interpret and apply legal principles, facts, evidence, and precedence to privacy regulations and employee health care regulations.
• Research legal information using both automated and manual legal research methods.
• Develop and implement a project which involves coordination and cooperation of many organizations.
• Organize conflicting work priorities coordinating multiple projects with deadlines.
• Plan and oversee training program to large organization.
• Effective oral communication.
• Communicate written information.
• Establish and maintain effective working relationships with the public, other departments and agencies, boards and commissions, public officials, community groups, and other contacted in the course of business while maintaining interpersonal sensitivity.
• Prepare and present clear and concise correspondence, complex reports and policy recommendations.
• Demonstrate leadership and flexibility.
• Represent the County in an effective and professional manner.

CLASS SPEC HISTORY
KU:pf 1/10/03
Newspec: 0469.doc
CSC Date: 2/26/03

BENEFITS

Alameda County offers a comprehensive and competitive benefits package that affords wide-ranging health care options to meet the different needs of a diverse workforce and their families. We also sponsor many different employee discount, fitness and health screening programs focused on overall well being.  These benefits include but are not limited to*:

For your Health & Well-Being

  • Medical – HMO & PPO Plans
  • Dental – HMO & PPO Plans
  • Vision or Vision Reimbursement
  • Share the Savings
  • Basic Life Insurance 
  • Supplemental Life Insurance (with optional dependent coverage for eligible employees)
  • Accidental Death and Dismemberment Insurance 
  • County Allowance Credit
  • Flexible Spending Accounts - Health FSA, Dependent Care and Adoption Assistance
  • Short-Term Disability Insurance
  • Long-Term Disability Insurance
  • Voluntary Benefits - Accident Insurance, Critical Illness, Hospital Indemnity and Legal Services
  • Employee Assistance Program

For your Financial Future

  • Retirement Plan - (Defined Benefit Pension Plan)
  • Deferred Compensation Plan (457 Plan or Roth Plan)

For your Work/Life Balance

  • 11 paid holidays
  • Floating Holidays
  • Vacation and sick leave accrual
  • Vacation purchase program
  • Management Paid Leave**
  • Catastrophic Sick Leave
  • Group Auto/Home Insurance
  • Pet Insurance
  • Commuter Benefits Program
  • Guaranteed Ride Home
  • Employee Wellness Program (e.g. At Work Fitness, Incentive Based Programs, Gym Membership Discounts)
  • Employee Discount Program (e.g. theme parks, cell phone, etc.)
  • Child Care Resources
  • 1st United Services Credit Union 

*Eligibility is determined by Alameda County and offerings may vary by collective bargaining agreement.  This provides a brief summary of the benefits offered and can be subject to change.

** Non-exempt management employees are entitled to up to three days of management paid leave. Exempt management employees are entitled to up to seven days of management paid leave.