N.Y. Comp. Codes R. & Regs. tit. 21 § 505.3

Current through Register Vol. 46, No. 45, November 2, 2024
Section 505.3 - Assignment of responsibilities
(a) The privacy compliance officer is designated the officer responsible for ensuring that the authority complies with the provisions of the Personal Privacy Protection Law and the regulations in this Part.
(b) The address of the privacy compliance officer is New York State Energy Research and Development Authority, 17 Columbia Circle, Albany, NY 12203-6399.
(c) The privacy compliance officer is responsible for:
(1) assisting a data subject in identifying and requesting a record or personal information, if necessary;
(2) describing the contents of systems of records orally or in writing in order to enable a data subject to learn if a system of records includes a record or personal information identifiable to a data subject requesting such record or personal information;
(3) taking one of the following actions:
(i) making the record or personal information available to the data subject for inspection in a printed form without codes or symbols, unless an accompanying document explaining such codes or symbols is also provided;
(ii) providing the data subject with a copy of the record or personal information upon payment of or offer to pay the fee set forth in section 505.10 of this Part;
(iii) denying access to the record or personal information in whole or in part and explaining in writing the reasons therefor;
(iv) providing notification that the authority does not have possession of the record or personal information sought;
(v) providing notification that the authority cannot locate the record or personal information sought after having made a diligent search; or
(vi) providing notification that the record or personal information sought cannot be retrieved by use of the description thereof, or by use of the name or other identifier of the data subject without extraordinary search methods being employed by the authority; and
(4) keeping an accurate accounting of the date, nature, and purpose of each disclosure of a record or personal information when required by section 94 of the Public Officers Law, and the name and address of the person or governmental unit to whom the disclosure is made and retaining such accounting for at least five years after the disclosure for which the accounting is made or for the life of the record disclosed, whichever is longer; and
(5) upon request, certifying that a copy of a record or personal information is a true copy or that it does not have possession of a record or such record cannot be found after diligent search.
(d) No record or personal information shall be destroyed to avoid the provisions of this Part. All records or personal information shall be maintained until destroyed in accordance with the authority's records and retention policy and procedure.

N.Y. Comp. Codes R. & Regs. Tit. 21 § 505.3