Business Unit Description
AARP is a nonprofit, nonpartisan organization, with a membership of nearly 38 million that helps people turn their goals and dreams into 'Real Possibilities' by changing the way America defines aging. With staffed offices in all 50 states, the District of Columbia, Puerto Rico, and the U.S. Virgin Islands, AARP works to strengthen communities and promote the issues that matter most to families such as healthcare security, financial security and personal fulfillment. AARP also advocates for individuals in the marketplace by selecting products and services of high quality and value to carry the AARP name.
The Office of General Counsel strives to actively and effectively represent the Association and its affiliates' legal interests and to facilitate the efforts of staff and volunteers in fulfilling AARP's mission. We provides legal guidance to the AARP Board of Directors and its committees and staff, the AARP Foundation Board of Directors and staff, AARP Services Board of Directors and staff, and the trustees of the AARP Group Health Insurance Program
Serves as the privacy officer for AARP and its affiliates, setting strategic direction on privacy, advising senior management on proactive privacy measures, establishing and overseeing compliance with privacy policies and procedures, working closely with IT security personnel on data security and data incidents, maintaining detailed awareness of legal and environmental developments in privacy, and ensuring that AARP’s actions with regard to privacy advance its reputation for trustworthiness and integrity while also supporting business objectives.
The Privacy Officer and Associate General Counsel is responsible for the following duties:
- Develop and maintain consumer-facing privacy policies/notices and internal privacy policies and procedures
- Review existing products, services, and marketing activities to ensure compliance with privacy laws and regulations, as well as organization policies and procedures
- Perform privacy impact assessments and provide privacy-by-design guidance to ensure new products, services, and marketing activities comply with privacy laws and regulations, as well as organization policies and procedures
- Consult with business and other members of the Office of General Counsel as a subject matter expert on privacy and data security issues
- Negotiate privacy provisions in significant transactions
- Work closely with the Procurement team on reviewing and negotiating contracts.
- Collaborate with IT Security on cyber security policies and procedures
- Conduct ongoing privacy training and awareness activities
- Maintain the privacy incident response plan and coordinate potential data incident response with Information Security and crisis management team
- Advise on the procurement and maintenance of appropriate cyber liability insurance coverage
- Develop responses to privacy related inquiries from individuals, the news media, privacy advocacy groups, and industry and government regulators
- Manage privacy-related enforcement actions and litigation
- Manage consultants and other resources within AARP to advance goals of the privacy program
- Exhibit AARP Leadership Behaviors in all interactions.
As Associate General Counsel, the employee provides legal counsel and advice on a variety of issues, including but not limited to negotiating transactions and contracts (in addition to the work on privacy provisions noted above), performing legal research, and managing outside counsel. Portfolio will vary based on experience of the individual and the needs to the organization but may include nonprofit law, political and lobbying, and/or intellectual property.
- J.D. degree plus a minimum of 8 years of legal experience, including directly related specialized experience in privacy and data security law and policy. 10+ years of experience preferred.
- Must be or be able to become a member in good standing with the District of Columbia bar.
- CIPP and/or CIPM designation preferred.
- Extensive experience with communication privacy laws (such as CANSPAM and TCPA) as well as best practices and industry self-regulatory codes related to online advertising and social media.
- Experience directing data incident investigations and remediation efforts, including breach notices.
- Excellent oral and written communication skills. Comfortable public speaker with ability to make formal presentations to management and to provide engaging, clear, training for new managers and other staff who may have minimal legal background.
- A flexible problem solver and proactive self-starter who can manage a diverse portfolio of projects, rapidly assess situations, and function independently with limited guidance.
- A hands-on worker who can not only assess what work needs to be done, but also perform the work (or coordinate the work with personnel with no direct reporting lines to the employee.
- Highly analytical, can quickly assimilate and synthesize complex information into a decision-making framework
- Must function with the highest degree of integrity and ethical standards. Passion for our nonprofit mission a definite positive.
- Ability to handle multiple, high-level complex projects at one time and high volumes of work on an ongoing basis, with strong attention to detail
- Must be customer-oriented, approachable, collaborative, responsive, and engaging. Sense of humor a plus!
AARP offers competitive benefits with a 401K, 100% company funded pension plan, health, dental, vision and life insurance, STD/LTD, paid vacation and sick, and other benefits.