Ask Reggi Your Question Now
Can I ensure that my company is compliant with expanding privacy protections in New York? What are the requirements?
Requirements for Ensuring Compliance with Expanding Privacy Protections in New York
If you are a company operating in New York, you must comply with the Personal Privacy Protection Law and its corresponding regulations. The law requires companies to designate a privacy compliance officer responsible for ensuring compliance with the law and coordinating the company’s response to requests for records or amendment of records. The privacy compliance officer must also provide any necessary assistance to a data subject in identifying and requesting personal information, locate records or systems of records sought by a data subject, and take the actions referred to in the regulations with respect to such records or systems of records [1.1][2.1][3.1][4.1][5.1].
Additionally, if your company maintains systems of records, you must file a privacy impact statement with the committee as prescribed by section 93(4) of the Public Officers Law. If you seek to modify a system of records in a way that would render inaccurate any information set forth in a privacy impact statement, you must file a supplemental statement to conform the privacy impact statement or notice to the proposed modification. No proposed system or modification shall be instituted until the completion of the procedures for review by the committee set forth in section 93(3) of the Public Officers Law [1.2].
Records subject to disclosure must be made available both electronically and at the main office of the department during regular business hours. Whenever practicable, records shall be made available at a regional department office most convenient to a data subject. Department regional offices are located throughout the State in Albany, Buffalo, Binghamton, Syracuse, Rochester, White Plains, New York City, Utica, and Hempstead [5.2][3.2].
To ensure compliance with the law, you should designate a privacy compliance officer, file a privacy impact statement if necessary, and make records subject to disclosure available to data subjects during regular business hours.
Source(s):
- [1.1] Designation and responsibilities of privacy compliance officer.
- [2.1] Designation of privacy compliance officer and location of records.
- [1.2] Privacy impact statements.
- [3.1] Designation and responsibilities of privacy compliance officer.
- [4.1] Designation of privacy compliance officer.
- [5.1] Designation and duties of privacy compliance officer.
- [5.2] Public inspection of records.
- [3.2] Location and hours.
Jurisdiction
New York