SUNY PP Home Page   Print Page   Close Page   Convert current file into a PDF document   Convert current file into a DOC document


Suny Seal

Category:
Legal and Compliance


Responsible Office:

Other Requirement Title:
Personal Privacy Protection Law, Compliance with

Document Number:
6603

Effective Date:
January 04, 1989


This procedure item applies to:
State-Operated Campuses

Table of Contents
Summary

Requirement
Related Procedures
Forms
Definitions
Other Related Information
Appendicies

Summary

The State University of New York (University) is subject to the provisions of the “Personal Privacy Protection Law” (Public Officers Law §§91-99) and the University’s implementing regulations under 8 NYCRR § 315 (Access to Personal Information Maintained by State University of New York). The Personal Privacy Protection Law and regulations (PPPL) require the University to take certain steps to protect the privacy rights of individuals to whom state agency records pertain and to provide individuals with an opportunity to review and correct such records.

Under the PPPL: a) the University shall maintain in its records only such personal information that is relevant and necessary to accomplish a purpose of the University that is required to be accomplished by statute or executive order, or to implement a program specifically authorized by law; b) personal information will be collected, whenever practicable, directly from the person to whom the information pertains; and c) the University will seek to ensure that all records pertaining to or used with respect to individuals are accurate, relevant, timely and complete.

Furthermore, under the PPPL: a) subject to certain exceptions, the University shall, within five business days of a written request from an individual for a reasonably described record pertaining to that individual, provide access to the record, deny access in writing, stating the reasons for denial, or acknowledge receipt of the request in writing, stating the approximate date when the request will be granted or denied; b) within 30 business days of a request from an individual for correction or amendment of a record or personal information that is reasonably described and that pertains to the data subject, the University shall either make the amendment or correction in whole or in part or inform the data subject in writing of the refusal to amend or correct the information, including the reason for refusing to make the amendment or correction; and c) no record containing personal information will be disclosed to third parties without the consent of the data subject unless the disclosure is made to individuals or entities as specified in the “Disclosure of Records” in the Procedures section below or pursuant to a subpoena or other compulsory legal process.


Requirement

A. OBLIGATIONS OF THE UNIVERSITY

B. ACCESS TO RECORDS

C. DISCLOSURE OF RECORDS


Definitions

Committee - the committee on open government.

Data subject - Any natural person about whom personal information has been collected.

Disclose - To reveal, release, transfer, disseminate or otherwise communicate personal information or records orally, in writing or by electronic or any other means other than to the data subject.

Governmental unit - Any governmental entity performing a governmental or proprietary function for the federal government or for any state or any municipality thereof.

Personal information - Any information concerning a data subject which, because of name, number, symbol, mark or other identifier, can be used to identify that data subject.

Privacy Compliance Officer - The chancellor, for the system administration of the University and the president or designee of each campus.

Public safety agency record - A record of the University or any component thereof whose primary function is the enforcement of civil or criminal statutes if such record pertains to investigation, law enforcement, confinement of persons in correctional facilities or supervision of persons pursuant to criminal conviction or court order.

Record - Any item, collection or grouping of personal information about a data subject which is maintained and is retrievable by use of the name or other identifier of the data subject irrespective of the physical form or technology used to maintain such personal information. The term "record" shall not include personal information which is not used to make any determination about the data subject if it is:

Routine use - With respect to the disclosure of a record or personal information, any use of such record or personal information relevant to the purpose for which it was collected, and which use is necessary to the statutory duties of the University or necessary for the University to operate a program specifically authorized by law.

System of records - Any group of records under the actual or constructive control of the University pertaining to one or more data subjects from which personal information is retrievable by use of the name or other identifier of a data subject.


Related Procedures

There is no related procedures relevant to this requirement.


Forms

There are no forms relevant to this requirement.


Other Related Information

The following link to FindLaw's New York State Laws is provided for users' convenience; it is not the official site for the State of New York laws. 
Article 6 of NYS Public Officers Law (Freedom of Information Law)

In case of questions, readers are advised to refer to the New York State Legislature site for the menu of New York State Consolidated.

Access to Personal Information Maintained by SUNY (8 NYCRR Part 315)


New York Department of State’s Committee on Open Government

Memorandum to presidents from the office of the University counsel and vice chancellor for legal affairs, dated January 10, 1989.

State University of New York Board of Trustees Resolution 88-280, adopted December 14, 1988

Memorandum to presidents from the office of the vice chancellor for employee relations and educational services, dated January 3, 1985.

State University of New York Board of Trustees Resolution 84-293, adopted December 18, 1984

State University of New York Board of Trustees Resolution 84-279, adopted November 28, 1984.

Memorandum to presidents from the office of the University counsel and vice chancellor for legal affairs, dated July 30, 1984.

State University of New York Board of Trustees Resolution 84-155, adopted June 27, 1984.

Memorandum to presidents from the office of the University counsel and vice chancellor for legal affairs, dated July 15, 1983.

State University of New York Board of Trustees Resolution 83-95, adopted May 25, 1983

Memorandum to presidents from the office of the University counsel and vice chancellor for legal affairs, dated February 22, 1979.

State University of New York Board of Trustees Resolution 78-306, adopted November 28, 1978

Memorandum to presidents from the office of the University counsel and vice chancellor for legal affairs, dated March 9, 1978.

Memorandum to presidents from the office of the office of the provost, dated January 6, 1978.

State University of New York Board of Trustees Resolution 78-40, adopted February 22, 1978

Memorandum to presidents from the office of the University counsel and vice chancellor for legal affairs, dated November 16, 1977.




Appendicies

There are no appendicies relevant to this requirement.