339.8 Denial of request for a record or amendment or correction. (a) Denial of a request for records or for amendment or correction of a record or personal information shall:

(1) be in writing, explaining the reasons therefor;

(2) identify the person to whom an appeal may be directed; and

(3) explain the procedure for pursuing such appeal.

339.7 Amendment of records. Within 30 business days of a written request from a data subject for correction or amendment of a record or personal information that is reasonably described and that pertains to the data subject, the agency shall:

(a) make the amendment or correction in whole or in part and inform the data subject that, on request, such correction or amendment will be provided to any person or governmental unit to which the record or personal information has been or is disclosed pursuant to paragraphs

339.6 Requests for records. (a) All requests shall be made in writing.

(b) A request shall reasonably describe the record sought. Whenever possible, the data subject should supply identifying information that assists the department in locating the record sought.

(c) Requests based upon categories of information described in a notice of a system of records or a privacy impact statement shall be deemed to reasonably describe the record sought.

339.5 Hours for public inspection and copying. The department shall accept requests for records and produce records by appointment during regular business hours.

339.4 Availability of records. In addition to being available by mail, records shall also be made available by appointment at the main office of the department, which is located at: 40 North Pearl Street, Albany, NY 12243.

339.3 Proof of identity. (a) When a request is made in person, subject to the provisions of section 339.6(a) of this Part, or when records are made available in person following a request made by mail, the department shall require appropriate identification such as a driver's license, an identifier assigned to the data subject by the department, a photograph identification or similar information that confirms that the record sought pertains to the data subject.

339.2 Privacy compliance officer; personal information procedures. (a) The director of Public Information and Communications is hereby designated privacy compliance officer and is responsible for ensuring that the department complies with the provisions of the Personal Privacy Protection Law and the regulations

herein and for coordinating the department's response to requests for records or amendment of records.

Section 339.1 Purpose and scope. (a) It is the responsibility and the intent of the State Department of Social Services (hereinafter "department") to fully comply with the provisions of article 6-A of the Public Officers Law, the Personal Privacy Protection Law.

(b) The department shall maintain in its records only such personal information that is relevant and necessary to accomplish a purpose of the department that is required to be accomplished by statute or executive order, or to implement a program specifically authorized by law.