Salary Group B31

Class No. 3540



Performs highly advanced and/or managerial (senior-level) legal and confidentiality work. Work involves directing and planning legal confidentiality activities and interpreting laws and regulations related to privacy. Oversees legal activities related to the development, implementation, maintenance of, and adherence to the agency’s established privacy policies and procedures. May plan, assign, and/or supervise the work of others. Works under minimal supervision, with extensive latitude for the use of initiative and independent judgment.


Oversees the agency’s compliance with federal and state laws, regulations, court decisions, and legal opinions affecting the privacy of information; monitors the agency’s identification of and response to potential privacy risks; and develops strategies to mitigate identified privacy risks.

Develops business cases for privacy initiatives; plans, executes, and evaluates privacy protection programs and training; and designs and updates privacy policies and standards.

Tracks privacy policy trends and monitors citizen complaints regarding privacy of information; provides counsel to agency management; and recommends best practices, legislative changes, and regulatory changes to address new privacy threats.

Evaluates and recommends information privacy technologies and oversees application of sanctions for failure to comply with policies.

Provides guidance to division privacy officers and tracks their activities with regard to compliance reviews or investigations.

Conducts periodic privacy risk reviews to identify all exchanges of personal identifying information between the agency and individuals, other state agencies, the federal government, businesses, and other third parties.

Collaborates with other local and national government entities on privacy related initiatives and builds consensus among stakeholders.

May prepare cost and budget estimates.

May plan, assign, and/or supervise the work of others.

Performs related work as assigned.


Experience and Education

Experience in legal and confidentiality work. Graduation from an accredited law school with an LLB or JD degree. Member in good standing with the State Bar of Texas. 

Knowledge, Skills, and Abilities

Knowledge of privacy laws, of the release-of-information standards under the Texas Public Information Act or other applicable public access laws, and of the State’s technical and business environment.

Skill in identifying problems and reviewing related information to develop and evaluate options and implement solutions, in using logic and reasoning to identify the strengths and weaknesses of alternative solutions, and in mitigating risks.

Ability to develop and evaluate privacy policies and procedures; to understand technology and its potential effect on information privacy and its use in supporting privacy initiatives; to form, manage, and lead advisory committees; to collaborate with a wide range of staff both internally and externally; to communicate effectively; and to plan, assign, and/or supervise the work of others.

Registration, Certification, or Licensure

Must be licensed as an attorney by the State of Texas. May be required to be certified as a Certified Information Privacy Professional (CIPP), Certified Information Security Manager (CISM), and/or Certified Information Systems Security Professional (CISSP). 

State Auditor’s Office

Reviewed 9-1-17