N.Y. Comp. Codes R. & Regs. Tit. 16 §§ 6-2.3

Current through Register Vol. 46, No. 45, November 2, 2024
Section 6-2.3 - Designation and duties of privacy compliance officer
(a) The department's records access officer is hereby designated privacy compliance officer and is responsible for ensuring that the agency complies with the provisions of the Personal Privacy Protection Law and this Subpart; and for coordinating and developing the department's response to requests for records or amendment of records.
(b) The address of the privacy compliance officer is available on the commission's website.
(c) Upon receipt of a request from a data subject, which may be sent in electronic form, the privacy compliance officer is responsible for:
(1) assisting a data subject in identifying and requesting personal information, if necessary;
(2) describing the contents of systems of records orally or in writing in order to enable a data subject to learn if a system of records includes a record or personal information identifiable to a data subject requesting such record or personal information;
(3) taking one of the following actions upon locating the record sought:
(i) making the record available for inspection in written form without codes or symbols, unless an accompanying document explaining such codes or symbols is also provided;
(ii) permitting the data subject to copy the record; or
(iii) denying access to the record in whole or in part and explaining in writing the reasons therefor;
(4) making a copy of any record to be made available to a data subject, upon request, and upon payment of or offer to pay established fees (see section 6- 1.2 of this Part), and responding to such requests by electronic mail, provided that the written request does not require a response in some other form, or permitting the data subject to copy the records;
(5) upon request, certifying that:
(i) a copy of a record is a true copy; or
(ii) the department does not have possession of the record sought; or
(iii) the department cannot locate the record sought or after having made a diligent search; or
(iv) the information sought cannot be retrieved by use of the description thereof, or by use of the name or other identifier of the data subject without extraordinary search methods being employed by the department.

N.Y. Comp. Codes R. & Regs. Tit. 16 §§ 6-2.3