N.Y. Comp. Codes R. & Regs. tit. 18 § 357.5 - Procedures for Safeguarding Information Maintained by NY Department of Social Services

This regulation lists the procedures for safeguarding information maintained by the New York State Department of Social Services, and the local social services districts.  The regulation requires that the department and districts mark all records containing individually identifiable information as "confidential" and keep them in locked files or in rooms that are locked when the records are not in use.  The regulation requires that when these records are being used, they be used in a manner that prevents exposure of information to any unauthorized person.  The regulation prohibits the removal of records from the place of business without prior authorization.  The records may be taken home by staff only in order to performs a function which requires possession of records outside the agency and when return of records to the agency at close of business would be unduly burdensome to the staff.  When records are taken home, the regulation requires that the records be maintained in a secure location where unauthorized people cannot access it, and further requires that the records be returned the following business day.  When the records are transported between locations, the regulation requires that they be put in sealed enveloped stamped "confidential," and that a delivery receipt be obtained.  The regulation states that interviews with clients be conducted in a private location.  In general, the regulation only allows employees of the department access to these records when they can’t complete their job without access.