Company: Medtronic
Position: US Privacy Counsel
Location: Minneapolis, MN
Description: The US Privacy Counsel (“Privacy Counsel”) provides leadership and direct support for US legal data protection and privacy matters for Medtronic . This seasoned professional provides data protection and privacy legal expertise, guidance, and direct support for operational execution and compliance with US based legal, regulatory and business data protection and privacy requirements, such as HIPAA and state specific requirements. The Privacy Counsel is a key resource and strategic partner for multiple data protection and privacy stakeholders and functions such as the Global Data Protection and Privacy Program (“Global Program”); partner functions such as the Global Security Office and IT Architecture; and business group and regional executive leaders and personnel.
The Privacy Counsel reports to the Vice President, Chief Privacy Officer and Chief Counsel, Governance, Privacy and Mergers and Acquisitions. To be successful, individuals in this position require broad legal experience coupled with deep US data protection and privacy expertise and demonstrated abilities to (1) form productive relationships across and within all levels of the organization; (2) navigate highly matrixed business operations and accountabilities; (3) influence without direct authority; (4) identify and address complex legal issues and risks relating to business operations and legal/regulatory requirements and provide recommendations and solutions to achieve business objectives; and (5) experience advising businesses on regulatory requirements for data protection and privacy.
The preferred location for this position is Minneapolis, MN.
Position Responsibilities
The Privacy Counsel provides a broad range of legal advice, guidance and direct support for data protection and privacy compliance, analyzes complex legal issues, and identifies appropriate business and operational legal advice, solutions and strategies to limit/mitigate/remediate legal and business risks. Key responsibilities include:
- Lead by example to model a culture of ethics and integrity; exercise sound judgment and courage as a trusted advisor to the business and to the team;
- As a key resource for regional, business, function and other key stakeholders, provide in depth legal, regulatory, policy, and risk mitigation guidance, business solutions and advice relating to data protection and privacy legal and regulatory requirements;
- Interpreting new legal and regulatory requirements relating to US data protection and privacy impacting Medtronic businesses. In collaboration with the Global Program team, provide guidance to regional and business leads for implementation of identified requirements. Provide legal advice on testing and response for high risk implementation activities as appropriate;
- Advise on risk-based data protection and privacy operational compliance monitoring activities in collaboration and coordination with the organization’s Global Program team;
- Provide legal advice, guidance and support on the investigation and remediation of privacy breaches and other incidents; advise on notification and regulatory reporting requirements, as well as relevant communications; provide legal and risk mitigation advice including remediation and root cause determinations;
- As requested, provide legal advice, guidance and support on the outcomes of a broad range of privacy impact assessment (PIA) activities and/or business consulting for new product development, material changes to existing products, third party vendor privacy assessments and business consultation requests as required by the PIA standards and procedures;
- In collaboration with the Global Program, develop HIPAA model data protection and privacy documents, for example: notices of privacy practices, confidentiality notices, consents, authorization forms, contract language, business associate agreements and other related required documents;
- Provide legal advice, guidance and support for development, implementation, validation and monitoring of HIPAA and other US regulatory data protection and privacy requirements;
- Advise on legal requirements and identified issue resolution for response to individual rights requests such as access, restrictions on disclosure, accounting of disclosures, etc. as required by HIPAA;
- Advise on the requirements and restrictions for transfer of personal data by Medtronic in the context of data processing and information transfers;
- Draft, review, revise and negotiate and finalize agreements, including data processing agreements, or other legal agreements relating to privacy and data protection. Provide guidance and advice on appropriate data protection terms and conditions for agreements including vendor, supplier, customer and employee agreements, as well as RFP’s, bids, and strategic business partnerships.
- Provide input on data protection and privacy legal and regulatory requirements relating to new product and business proposals;
- Support data protection and privacy efforts relating to transaction due diligence and integration of acquisitions within the businesses;
- Support for administrative and operational projects as requested by manager including budget planning and tracking, monitoring, development of strategic priorities and metrics; support of continuous improvement initiatives, and development and preparation of applicable reports;
- Provide legal advice and guidance for the Global Program’s development and implementation of core privacy program elements as requested.
- Other responsibilities as assigned from time to time.
Physical Job Requirements
- The physical demands described within the Responsibilities section of this job description are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- While performing the duties of this job, the employee is regularly required to be independently mobile. The employee is also required to use a computer, and communicate with peers and co-workers.
- Travel 10%.
Contact: Martha Ha, martha.ha@medtronic.com
Qualifications: In order to be considered for this position, the following basic qualifications must be evident on your resume:
Education Required:
- Law Degree from a well-regarded and accredited university, with admission to practice law in Minnesota or at least one State
Years of Experience:
- 10+ years as a practicing lawyer with experience and knowledge of data protection/privacy requirements, laws and regulations in the US
Specialized Knowledge/Skills Required:
- Knowledge of and experience providing legal advice and business solutions relating to US data protection and privacy laws and regulations – with specific expertise relating to HIPAA and State requirements;
- Experience providing legal advice, support and business solutions for a data protection, privacy, security, or equivalent function directly or indirectly for a large, regulated and matrixed organization;
- Strong expertise to provide legal advice and lead drafting of commercial agreements, contracts, vendor agreements, data transfer agreements; etc. as applicable;
Desired/Preferred Qualifications:
- Proven track record of successful and broad influence management
- Legal experience in the healthcare industry
- Strong ability to influence across functions and businesses to negotiate and gain cooperation on operational issues and internal divergent objectives
- Demonstrated results orientation (driving to deadlines, financial targets, project goals, etc.)
- Demonstrated ability to work across a matrixed or virtual organization and still meet objectives
- Experience and demonstrated ability to present to a variety of audiences including the ability to translate technical information
- Familiarity with HIPAA, Breach Notification laws, ISO and other standards bodies and international standards
- Demonstrated ability to manage multiple competing priorities simultaneously;
- Demonstrated ability to utilize excellent decision-making skills;
- Excellent advocacy and negotiation skills;
- Excellent written and oral communication skills. Adept at analyzing and interpreting laws and regulations and providing business solutions
- Demonstrated experience building positive relationships with a variety of stakeholders, including with employees, clients, senior management, external parties/authorities and suppliers;