Closing Date: 30th June, 2024


Position Summary: Under the direction of the Deputy Counsel—Chief Privacy Officer (CPO), the Privacy, Cybersecurity & Data Governance Counsel (Privacy Counsel) will engage in difficult and complex legal and policy work that has significant legal, operational and policy impact for the New York City Department of Education (NYC DOE) and the students it serves. The Privacy Counsel will serve within the NYC DOE's Office of the General Counsel (OGC), joining a team of high-performing, collaborative and dedicated legal and compliance professionals who serve as in-house counsel to the nation's largest school district and New York's largest employer and government agency. The Privacy Counsel will help develop and implement a data privacy program for the NYC DOE; will support and advise agency leadership on related privacy cybersecurity, data governance and records management issues; and will assist the CPO in addressing related matters.

Reports to: Deputy Counsel/CPO, Privacy

Direct Reports: None

Key Relationships: Chancellor's Office; Office of the Chief Administrative Officer, including OGC, the Division of Information and Instructional Technology (DIIT), Contracts and Purchasing, and the Division of Human Capital; Office of the Chief School Operations Officer; Office of the First Deputy Chancellor; Office of the Chief Academic Officer, including the Research Policy and Support Group (RPSG); Division of School Climate and Wellness; Division of School Planning and Development; Division of Early Education and Student Enrollment; Division of Community Empowerment, Partnership and Communications; NYC Mayor's Office for Information Privacy; NYC Law Department.

At the direction and under the supervision of the CPO, the attorney may perform any or all of the following functions and duties:
  • Privacy Program Development, Implementation and Administration
    • Helps to develop, implement and administer a robust privacy, cybersecurity and data governance program.
    • Drafts and advises on related regulations, policies, procedures, guidance and internal and external communications.
    • Helps implement and administer the NYC DOE-wide data privacy training program
    • Develops, conducts and/or reviews internal and external privacy impact assessments, data lifecycle management procedures, and appropriate internal data access controls.
    • Promotes a culture of high data privacy ethics standards and responsibility.
  • Legal counsel
    • Provides legal advice concerning privacy laws and regulations that impact the NYC DOE, including the Family Educational Rights and Privacy Act (FERPA) and NY Education Law 2-d.
    • Provides legal advice to DOE senior leadership and other stakeholders on the DOE's privacy, cybersecurity security, data management and data governance strategies and practices.
    • Advises NYC DOE schools, programs and offices on privacy and cybersecurity perspectives in the development or use of new technology, products and applications. Supports building privacy and data security from the ground up and helps foster a “privacy by design” way of working.
  • Conducts in-depth legal research as assigned; stays current on all applicable laws, regulations and industry best practices.
  • Transactional Work and Third Party Privacy Compliance and Data Management
    • Drafts and reviews privacy-related provisions and agreements, including non-disclosure agreements, data use agreements, and memoranda of understanding
    • Participates in negotiations with vendors, community based organizations and other entities regarding data privacy and cybersecurity compliance and contractual provisions
    • Conducts and/or reviews data privacy and cybersecurity impact assessments or similar analyses of third party practices
    • Reviews third party privacy policies, terms of use and other third party materials for compliance with applicable laws, regulations and DOE policies/best practices
  • Cybersecurity
    • Works closely with DIIT and other stakeholders in the review and coordination of potential privacy or data security incidents, including incident investigations, identifying impacted data subjects, notification and other resolution efforts
    • Drafts incident notification communications
    • Advises the NYC DOE on risk mitigation initiatives and enhancing incident readiness and response
  • Regulator Inquiries, Litigation External Data Requests and Complaints
    • Addresses privacy- and cyber-security related complaints received from third parties
    • Provides legal support for external and internal investigations into alleged privacy violations
    • Acts as liaison to other government agencies that have launched investigations or are handling complaints, including the US Department of Education, the NY State Education Department and the NYC Special Commissioner of Investigation for the NYC School District
    • Advises DOE offices on requests for records by data subjects and third parties releases to ensure compliance with applicable privacy laws, including consent and identity verification procedures
    • Represents the NYC DOE or acts as liaison in related litigation or administrative hearings
  • Data Governance and Data Lifecycle Management
    • Advises the NYC DOE on information governance and data lifecycle management related matters, including data minimization, records management, record retention and data destruction
    • Assists with e-discovery and litigation/responses to regulatory actions relating to cybersecurity and privacy, and supports e-discovery work within OGC as assigned
  • Inter-Agency Collaboration
    • Collaborates with key external stakeholders, including other city agencies, in fostering sound citywide privacy and data security practices
    • Represents the DOE in meetings on privacy and data security-related matters with other government agencies and other parties, when appropriate.
    • Coordinates with legal, regulatory and technology risk management colleagues in other agencies and jurisdictions on developments in privacy and cybersecurity and information security law and regulatory guidance
  • Other:
    • May coordinate the related work of support staff
    • Supports the General Counsel and other OGC senior leadership in other legal matters as assigned
    • Leads or participates in special projects as assigned
    • Performs related work as assigned

Qualification Requirements:
  • Admission to the New York State Bar and three (3) years of progressively responsible United States legal experience subsequent to admission to any state bar.