Diabetes Data & Privacy Consultant

The Operating Unit Data Protection and Privacy Consultant (“Consultant”) provides leadership and direct support to the assigned Operating Unit Diabetes  for the strategy, design, development, implementation, and ongoing management of Medtronic’s Global Data and Privacy Program activities that address and support US and OUS legal and regulatory requirements.  

The Consultant reports into the Senior Director, Global Data & Privacy Programs and is a key member of the Data & Privacy Center of Excellence (“COE”). 

In cooperation with the Senior Director and a peer colleague, this seasoned professional actively engages with Diabetes with regional and business unit personnel and leaders to provide strategic privacy expertise, direct support, and influence management for operational execution and compliance with US and OUS based legal, regulatory and business data protection and privacy requirements.  The Consultant ensures appropriate triaging of transactional and operational data and privacy work to Privacy Operations and regional Data & Privacy teams and provide strategic oversight and direction for bespoke Privacy by Design work and advising performed by Privacy. The Consultant provide support for the execution and implementation in Diabetes. The Consultant works closely together with a peer colleague in similar function, as well as with the Operating Unit Legal Counsel to ensure strategic alignment on data and privacy.

In alignment with the Global Data Protection and Privacy Program policies, standards and requirements, this position focuses on a wide range of business operations activities, practices and standards to meet US and OUS privacy regulatory requirements such as HIPAA, PIPEDA, US Patriot Act, Breach Notification laws, EU 95/46, GDPR, regional and country specific laws throughout globe, ISO and other standards bodies and international standards.  

The Data and Privacy COE team operates as a high functioning team within a relatively flat team structure.  Members of this team are innovative, highly flexible; enthusiastic collaborators; results orientated; independent; actively engaged; and able to influence without direct authority.  

Preference for this role to reside in Northridge, CA, however, it can work in any other Medtronic office location or work remote.

A Day in the Life

Responsibilities may include the following and other duties may be assigned.

In collaboration with Data and Privacy COE leadership, the broader team, and Diabetes, the Consultant closely aligns with multiple partner stakeholders and the global data protection professionals to design, and execute standards and practices for effective data protection and privacy across Diabetes . Key responsibilities include:

• Lead by example to model a culture of ethics and integrity; exercise sound judgment and courage as a trusted advisor to Diabetes;
• “Face” of program for Diabetes & key point of contact/access into program;
• Be point of contact towards Diabetes for (global and regional) privacy teams of the COE;
• Engage with Operating Unit stakeholders to provide data protection and privacy program and requirements subject matter expertise as key resource and point of contact to regional, business, partner functions, and other key stakeholders,  drive awareness, share knowledge, and ensure accountability for both data and privacy legal/regulatory compliance as well as strategic advising;
• Be strategic partner on all things data and privacy for the Operating Unit Legal Counsel and work with them to ensure stakeholder alignment with the Operating Unit, including on prioritization, remediation and other;
• On point to speak about Privacy risks to OU leadership, in consultation with OU Legal Partner;
• Lead or direct OU level assessments that results in program enhancement, mitigation and remediation activities as appropriate;
• Collaborate with Operating Unit leadership and other key stakeholders to implement new legal and regulatory requirements relating to data protection and privacy impacting Medtronic businesses.   Provide communication and guidance to OU personnel for implementation of identified requirements.  Design and   implement effectiveness testing for high risk implementation activities as appropriate; 
• Keep Data & Privacy COE informed about strategic objectives, projects and timelines of Diabetes, on global and regional level, to allow for proper planning of OU data and privacy work by the COE;
• In close cooperation with Privacy Operations, coordinate program operations at respective OU/function level, where applicable with SLAs with Privacy Operations and/or regional teams:
  • Spot issues and ensure appropriate triaging of transactional and operational data and privacy work to Privacy Operations and regional Data & Privacy teams;
    • This may include e privacy impact assessment (PIA) activities and/or business consulting for new product development, material changes to existing products, third party vendor privacy assessments and business consultation requests as required by standards and procedures. On behalf of the Operating Unit, analyze results of assessments to identify trends and patterns that can be used to improve review efficiencies, existing processes, and standards:
  • Provide strategic oversight and direction for bespoke Privacy by Design work and advising performed by Privacy Operations;
  • Implement and further mature Privacy by Design processes in Diabetes;
  • Provide support for the execution and implementation in Diabetes;
  • Lead or direct the development and implementation of regional or business unit corrective action for identified gaps, privacy incidents or breaches; provide routine remediation status reporting for management and governance oversight;
  • Lead and direct the design and implementation of standards and processes for OU response to individual rights requests such as data access requests, accounting of disclosures, the right to inspect and copy, restrictions on disclosures, opt-in or opt-out requirements and other related individual rights; support Privacy Operations in execution of the requests
• Implement Go-to-market and Customer-go-to models in the assigned Operating Units
• Establish relationships with OUs/Functions teams that are heavy data users and gain up-front alignment on data usage and how to balance different constraints;  
• In close cooperation with the Global Data & Privacy Program and Privacy Operations, oversee and support Data & Privacy programmatic activities in the OU:
  • Design, direct and support data protection and privacy operational compliance monitoring activities in collaboration and coordination with the organization's security, compliance, audit, risk management and other related corporate functions as appropriate; this may include, for the US, design and implement business unit privacy “Covered Entity”, “Business Associate” or similar privacy related contracting requirements;
  • Oversee development and support implementation of business level data protection and privacy policies, standards and procedures, as required;
  • Provide subject matter expertise to Privacy Operations for development and implementation of role-based data protection and privacy training as required.  Perform module review as necessary to confirm alignment of content and approach; 

• Oversee data protection and privacy efforts for the due diligence and integration of acquisitions within the businesses;
• Provide input and detail for budget planning, monitoring, and function metrics and reporting as requested;
• Provide subject matter expertise for the Global Data and Privacy Program in development and implementation of core privacy program elements as requested. 
• Other responsibilities as assigned.