Current through Register Vol. 46, No. 43, October 23, 2024
Section 2.8 - Access to records(a) Within five business days of the receipt by the department of a request of access to a record, the personal privacy compliance officer shall make such record available to the data subject, deny such request in whole or in part and provide the reasons therefor in writing, or furnish a written acknowledgment of the receipt of such request and a statement of the approximate date when such request will be granted or denied, which date shall not exceed 30 days from the date of the acknowledgment.(b) Within 30 business days of a receipt of a written request from a data subject for a correction or amendment of a record or personal information, the personal privacy compliance officer shall either:(1) make the correction in whole or in part and notify the data subject, that, upon his or her request, such correction or amendment will be provided to any and all persons or governmental units to which the record or personal information has been disclosed; or(2) refuse to correct or amend the record and notify the data subject of the reasons therefor.(c) A failure to grant or deny access to records within five business days of a receipt of a request or within 30 days of an acknowledgment of a receipt for a request, or failure to respond to a request or amendment or correction of a record within 30 business days of receipt of such a request, shall constitute a denial that may be appealed.(d) Nothing in this section shall impair a right of any department officer or employee under the terms of a current collective bargaining agreement.N.Y. Comp. Codes R. & Regs. Tit. 17 § 2.8