[Legal]Senior Privacy Manager Japan

   I.  Summary of the Job Description

 

·        The Senior Privacy Manager of the Johnson & Johnson Family of Companies in Japan is responsible, at cross Sector level and for all Operating Companies of Johnson & Johnson in Japan,  for: [i] developing and implementing the privacy program for all J&J companies in Japan; [ii] identifying privacy risks; [iii] developing, maintaining and implementing privacy policies and procedures; [iv] providing orientation and training to J&J Japan employees; and [v] establishing controls to ensure that the conduct of Johnson & Johnson’s businesses and operations are compliant with applicable privacy laws and regulations and J&J privacy policies and guidelines. The role includes coordination of all activities related to implementation of and adherence to Johnson & Johnson privacy policies and applicable data protection laws, in accordance with the Johnson & Johnson Privacy Framework. The role also includes the responsibilities of the Privacy Compliance Officer function for each of the Japanese J&J operating companies, as may be required by Japanese law.

·        The Senior Manager Privacy Compliance reports directly to the Global Privacy  Director in the region with dotted reporting line responsibilities to the appropriate leadership levels of the above-mentioned companies.

 II.     Main responsibilities

l  Aligns with the management, key stakeholders and business owners and ensures compliance of the Japanese Operating Companies to Japan’s Act of Protection of Personal Information (APPI) and other applicable privacy-related laws and regulations as well as all applicable Johnson and Johnson privacy and data protection policies and procedures.

l  Establishes and implements a Personal Information protection strategy and plan.

l  Identifies privacy risks and informs business owners and management of data privacy and protection related risks which may arise. Participates in the company’s Compliance Committee or similar or equivalent governance structure, to highlight privacy risks and provide status updates on the Privacy Compliance Program. Advises all staff whose activities possibly put the company at risk and provides actionable solutions to remediate risks and issues.

l  Ensures local oversight of Privacy Compliance Programs as implemented by the operating companies.  Helps the companies develop a culture and discipline of data privacy compliance.  Advises and updates executive and senior management teams of significant data privacy concerns.

l  Reviews and handles privacy-related complaints and incidents and implements remediation in accordance with J&J’s procedures.

l  Partners with the Information Security Officer to establish internal control systems that [i] prevent leakage, abuse, misuse or unauthorized use or processing of personal information and [ii] protect the confidentiality of personal information files.

l  Collaborates with IT and ISRM on compliance assessments and internet compliance review process.

l  Conducts training and orientation on personal information protection, including the company’s privacy framework, relevant sections of data privacy laws, notice and consent, data incident and breach, and data breach reporting.

l  Increases awareness of the stakeholders (such as employees, business partners, third party vendors and service providers) of the company’s data protection policies and guidelines.

l   Reviews and advises, when necessary, the Law Dept, Procurement team and other stakeholders about adequate privacy language in contracts with third party service providers amongst others.

l  Liaises with the Personal Information Protection Commission, where necessary.

l  Serves as first point of contact for internal and external audits and inspections in respect of data privacy and protection or data privacy related complaints against the company.

l  Builds and maintains knowledge about applicable laws and regulations and assesses impact of changes in laws to the Privacy Program.

l  Actively engages with the Global Privacy Team and participates in its information sessions, to ensure maximal alignment with global standards and practices.

III.     Partners

 

Liaises / works with:

l  Representatives from business process owners who collect or process personal information (including, as applicable, Human Resources, Clinical, Sales and Marketing, Customer Call Centers, Information Technology and Procurement)

l  Global Privacy Team

l  key functional partners, like

o    the Law Department, to obtain legal advice when needed

o    IT Security including the organization’s Information Security Officer (ISO), to ensure adequate security and access controls on systems that process personal information and to partner on an adequate response to security incidents with a Privacy impact

o    The company’s responsible person for Records and Information Management, on issues pertaining to retention and purging of records that contain personal information

o     Healthcare Compliance, to ensure coordination into the overall compliance program for the company

o    Corporate internal audit function to support the engagement and regularly assess the personal information processing and make improvements