Current through Register Vol. 46, No. 39, September 25, 2024
(a) The director of
Public Information and Communications is hereby designated privacy compliance
officer and is responsible for ensuring that the department complies with the
provisions of the Personal Privacy Protection Law and the regulations herein
and for coordinating the department's response to requests for records or
amendment of records.
(b) The
address and telephone number of the privacy compliance officer is: Department
of Social Services, 40 North Pearl Street, Albany, NY 12243, (518)
474-9516.
(c) The privacy
compliance officer is responsible for overseeing department procedures, by
which a data subject can learn if a system of records contains any information
pertaining to the data subject, including:
(1) assisting a data subject in identifying
and requesting personal information, if necessary;
(2) describing the contents of systems of
records orally or in writing in order to enable a data subject to learn if a
system of records includes a record or personal information identifiable to a
data subject requesting such record or personal information;
(3) taking one of the following actions upon
locating the record sought:
(i) except as
prohibited by subdivision (d) of this section, make the record available for
inspection, in a printed form without codes or symbols, unless an accompanying
document explaining such codes or symbols is also provided;
(ii) permit the data subject to copy
information from the record; or
(iii) deny access to the record in whole or
in part and explain in writing the reasons therefor;
(4) upon payment of established fees, unless
such fees are exempted by section
339.11(c)
of this Part, making a photocopy of the record or permitting the data subject
to make a photocopy of the record;
(5) upon request, certifying that a copy of a
record is a true copy; or
(6) upon
request, certifying that:
(i) the department
does not have possession of the record sought;
(ii) the department cannot locate the record
sought after having made a diligent search; or
(iii) the information sought cannot be
retrieved by use of the data subject's description thereof, or by use of the
name or other identifier of the data subject without extraordinary search
methods being employed by the department.
(d) The privacy compliance officer shall deny
access to:
(1) personal information to which a
data subject is otherwise prohibited by law from gaining access;
(2) attorney's work product or material
prepared for litigation before a judicial, quasi-judicial or administrative
tribunal unless disclosure is mandated by a statute, a grand jury subpoena, a
subpoena issued in the course of a criminal action or proceeding, a
court-ordered subpoena, a search warrant or a court order.
