The Associate Counsel - Privacy and Data Security is responsible for serving as the subject matter expert in Legal on all privacy and data security matters, and providing legal guidance and related support to deliver a comprehensive privacy and data protection program and legal guidance and related support for an information governance program.

Essential Duties And Responsibilities: The associate is responsible for the functions below, in addition to other duties as assigned: Work closely with the Chief Privacy Officer and CISO, respectively, among other stakeholders, to continue developing robust privacy and data security programs for the Rite Aid enterprise and support the strategic direction and priorities for privacy and data security efforts. Create alignment of legal advice on privacy, security and data security considerations across the Rite Aid enterprise; effectively communicate advice and risks to various Departments across the organization on the implication of data privacy and security legal requirements. Advise on HIPAA, CCPA/CPRA, TCPA and other applicable state and federal laws and regulations related to privacy and security regarding PHI, PII, PCI, consent and data processing activities. Review and comment on proposed state and federal regulations related to privacy, data protection, and information security; determine and pursue opportunities to influence legislation that may impact the business. Work with the Privacy Office to drive appropriate privacy-by-design, impact and risk assessments, policies, procedures, training, and mitigation plans to meet legal requirements and applicable frameworks or accreditation standards. Provide legal support to Rite Aid Privacy Office in managing data privacy events and investigations. Partner with Information Security and IT teams to ensure alignment of privacy and security practices. Review products and initiatives to assess privacy and security considerations and compliance under applicable laws and policies. Support negotiation of business associate agreements, data protection and privacy provisions in commercial agreements; review and update notices, authorizations, and related materials. Provide legal support and leadership to corporate information governance efforts including the development and maintenance of a comprehensive electronic, data and paper information management program, addressing information governance aspects of existing programs as well as new initiatives and technology, and collaborating with stakeholders across the Rite Aid enterprise.

Supervisory Responsibilities
  • This position currently has no supervisory responsibilities.
  • Juris Doctor (JD) required.
  • Privacy Certification from IAPP or related organization (CIPP, CHPC, etc.) preferred

7 years of experience in as an attorney in a law firm, health care organization or related entity required.