Privacy, in plain language

Enterprise-grade privacy,
made for the rest of us.

I'm Jenn Hynes. For fifteen years I've worked inside the systems your information flows through — hospital records, provincial health repositories, the privacy impact assessments behind public-health infrastructure. Privacy Lite brings that rigor to small clinics, practitioners, and businesses — without the full-time privacy officer.

I've seen what good privacy looks like at the top. Most small organizations can't reach it.

Inside hospitals and government, privacy is a team, a budget, and a stack of assessments. A growing business or clinic has none of that — yet they hold some of the most sensitive information there is, and the same laws apply to them.

That gap is where breaches happen, and it's where I've spent my career on the other side. Privacy Lite exists to close it: the same standards I've applied to provincial health systems, translated into plain language and right-sized tools you can actually use.

Grounded in real accountability

Built on PHIPA, FIPPA, PIPEDA, IPC orders, and the standards your college expects.

Plain language, always

Complex obligations made clear — without dumbing them down.

Right-sized

Practical tools and reviews scaled to a small practice, not a hospital network.

A career spent learning the systems from the inside.

1998–2002
Executive & Administrative Assistant - Start Up Insurance Technology — Building Underwriting Systems

Sherwoods International Inc. — Part of the early wave of insurance tech transformation, the backend systems that turned manual spreadsheet-based underwriting into instant quotes — learning how structured data and well-mapped processes could transform an industry.

2004–2006
Royal LePage — Sales Representative

Worked directly with clients and their personal information in a regulated industry. Developed an appreciation for the trust people place in advisors to steward sensitive details responsibly at every stage.

2007–2008
Pfizer Canada — Office Manager

Managed administrative functions for a large pharmaceutical company. Owned EHS data — certifying employees on hazardous materials, maintaining SDS, ensuring regulatory compliance. Saw firsthand how data management was the backbone of a safe, audit-ready workplace.

2009–2011
Ontario Realty Corporation/ Infrastructure Ontario — FIPPA & Records

Move into the public sector: providing legal administration to General Counsel, handling Freedom of Information requests, records lifecycles, and privacy matters before the Information and Privacy Commissioner.

2011–2016
Hospital Sector — FOI & Privacy Specialist

William Osler, Central West CCAC and Headwaters. FIPPA and CASL in the hospital world, privacy impact assessments across EMRs and clinical assessment tools, and breach investigation under PHIPA.

2017–2019
Ontario Telemedicine Network

Privacy Analyst, during the implementation of eReferral, OntarioMD.

2018-2021
Trillium Health Partners

Privacy Specialist, then Lead Privacy Advisor on a hospital-wide Epic implementation — building audit and compliance, use cases, and remediation as a Health Information Custodian.

2021–2022
Ministry of Health — PIA Specialist

Privacy impact assessments behind provincial public-health infrastructure: the Immunization Repository, COVID-19 vaccine systems, and Case & Contact Management — mapping how personal health information is collected, used, disclosed, and protected and raised concerns on Informed Consent.

2022-2023
Chief Privacy Officer - Grand River Hospital

Led a privacy team and delivered privacy programming to Grand River Hospital in Kitchener Waterloo area

2023-2026
Manager, Privacy, Information Governance & Records Management

Inventoried and catalogued applications, physical repositories and provided privacy advisory on systems processing personal information across a multinational organization in building materials

Now
Privacy Lite

Bringing that same enterprise rigor to the clinics, practitioners, and small businesses that can't justify a full-time privacy officer — in plain language.

The infrastructure I've worked behind.

When I tell a clinic where their data is exposed, it's because I've assessed the systems that data lives in — at the provincial scale.

Salesforce
SAP
Microsoft
Hospital Information Systems (Epic)
Meditech
Cerner
Electronic Medical Records (EMRs)
Provincial Immunization Repository COVaxON
Case & Contact Management (CCM)
Clinical assessment tools (IAR, CCT, REACH, DI-r, CGTA)
ISO 27000 series & CSA Model Code
PHIPA · FIPPA · PIPEDA · CASL

Tools that do the heavy lifting.

Self-serve assessments that produce real, usable documents — grounded in the same legislation and enforcement I work with every day.

IAPP-trained — formerly CIPP/C (Certified Information Privacy Professional, Canada)
IAPP-trained — formerly CIPM (Certified Information Privacy Manager)
University of Toronto — Certificate, Freedom of Information & Privacy Protection
University of Toronto — Certificate, Records Management Fundamentals

Not sure where you stand?

Start with a tool, or reach out for a plain-language conversation about your practice. No jargon, no scare tactics — just a clear picture of where you are and what to do next.