Privacy Policy

PERSONAL PRIVACY PROTECTION LAW

The Committee on Open Government is responsible for overseeing and advising the public about the Personal Privacy Protection Law, codified as New York Public Officers Law, Article 6-A.  More information may be obtained about the Personal Privacy Protection Law from the Department of State Committee on Open Government.

Request for Records

To make a request for records under the Personal Privacy Protection Law, mail or fax your request to the attention of the Privacy Compliance Officer.

New York City Office:

Privacy Compliance Officer
New York State Department of Financial Services
One State Street, 20th Floor
New York, NY 10004
Fax number: (212) 709-1655

Albany Office:

Privacy Compliance Officer
New York State Department of Financial Services
One Commerce Plaza, Suite 1715
Albany, NY 12257
Fax number: (518) 474-5473

Appointments to Inspect Records

If you request to inspect records, you will be contacted as to when the records will be available for inspection, which will be during the hours of 9:30 a.m. and 3:30 p.m., Monday through Friday. Arrangements for copying available records may be made after your viewing.

INTERNET PERSONAL PRIVACY

Introduction

This website is designed to make it easier and more efficient for individuals and businesses to interact with DFS. The department recognizes that it is critical for individuals and businesses to be confident that their privacy is protected when they visit this website.

Consistent with the provisions of the Internet Security and Privacy Act, the Freedom of Information Law, and the Personal Privacy Protection Law, this policy describes this department's privacy practices regarding information collected from visitors of this website. This policy describes the information that is collected and how that information is used. Because this privacy policy only applies to this website, you should examine the privacy policy of any website, including other state agency websites, that you access using this website.

For purposes of this policy, "personal information" means any information concerning a natural person which, because of name, number, symbol, mark, or other identifier, can be used to identify that natural person. DFS does not collect any personal information about you unless you provide that information voluntarily by sending an email, initiating an online transaction, such as a survey, registration or order form, or use a customer service application.

Information Collected Automatically When You Visit this Website

When visiting this Website DFS automatically collects and stores the following information about your visit:

  1. User client hostname. The hostname or Internet Protocol address of the user requesting access to a state agency website.
  2. HTTP header, "user agent." The user agent information includes the type of browser, its version, and the operating system on which the browser is running.
  3. HTTP header, "referrer." The referrer specifies the web page from which the user accessed the current web page.
  4. System date. The date and time of the user’s request.
  5. Full request. The exact request the user made.
  6. Status. The status code the server returned to the user.
  7. Content length. The content length, in bytes, of any document sent to the user.
  8. Method. The request method used.
  9. Universal Resource Identifier (URI). The location of a resource on the server.
  10. Query string of the URI. Anything after the question mark in a URI.
  11. Protocol. The transport protocol and the version used.

None of the foregoing information is deemed to constitute personal information.

The information that is collected automatically is used to improve this website's content and to help DFS understand how visitors interact with the website. This information is collected for statistical analysis, to determine information that is of most and least interest to our visitors, and to improve the utility of the material available on the website. The information is not collected for commercial marketing purposes and DFS is not authorized to sell or otherwise disclose the information collected from the website for commercial marketing purposes.

Cookies

A cookie is a small piece of information sent by a server to be stored in a visitor's computer so that it can be recalled from the browser.

The software and hardware you use to access the website allows you to refuse new cookies or delete existing cookies. Refusing or deleting these cookies may limit your ability to take advantage of some features of this website.

Information Collected When You Email this Website or Complete a Transaction

During your visit to this website you may send an email to DFS. Your email address and the contents of your message will be collected. The information collected is not limited to text characters and may include audio, video, and graphic information formats included in the message. Your email address and the information included in your message will be used to respond to you, to address issues you identify, to improve this website, or to forward your message to another state agency for appropriate action. Your email address is not collected for commercial purposes and DFS is not authorized to sell or otherwise disclose your email address for commercial purposes.

During your visit to this website you may complete a transaction such as a survey, registration, or form. The information, including personal information, volunteered by you in completing the transaction is used by DFS to operate its programs, which include the provision of goods, services, and information. The information collected by DFS may be disclosed by DFS for those purposes that may be reasonably ascertained from the nature and terms of the transaction in which the information was submitted.

DFS does not knowingly collect personal information from children or create profiles of children through this website. Visitors are cautioned, however, that the collection of personal information submitted in an email will be treated as though it was submitted by an adult, and may, unless exempted from access by federal or state law, be subject to public access. DFS strongly encourages parents and teachers to be involved in children’s internet activities and to provide guidance whenever children are asked to provide personal information online.

Information and Choice

As noted above, DFS does not collect any personal information about you unless you provide that information voluntarily by sending an email or initiating an online transaction such as a survey, registration or order form. You may choose not to send us an email, respond to a survey, or complete an order form. While your choice not to participate in these activities may limit your ability to receive specific services or products through this website, it will not prevent you from requesting services or products from us by other means and will not normally have an impact on your ability to take advantage of other features of the website, including browsing or downloading publicly available information.

Disclosure of Information Collected Through This Website

The collection of information through this website, and the disclosure of that information, are subject to the provisions of the Internet Security and Privacy Act.  DFS will only collect personal information through this website, or disclose personal information collected through this website if the visitor has consented to the collection or disclosure of such personal information. The voluntary disclosure of personal information to DFS by a visitor, whether solicited or unsolicited, constitutes consent to the collection and disclosure of the information by DFS for the purposes for which the visitor disclosed the information to DFS, as may be reasonably ascertained from the nature and terms of the disclosure.

However, DFS may collect or disclose personal information without consent if the collection or disclosure is: (1) necessary to perform the statutory duties of DFS, or necessary for DFS to operate a program authorized by law, or authorized by state or federal statute or regulation; (2) made pursuant to a court order or by law; (3) for the purpose of validating the identity of the visitor; or (4) of information to be used solely for statistical purposes that is in a form that cannot be used to identify any particular person.

Further, the disclosure of information, including personal information, collected through this website is subject to the provisions of the Freedom of Information Law and the Personal Privacy Protection Law.

DFS may disclose personal information to federal or state law enforcement authorities to enforce its rights against unauthorized access or attempted unauthorized access to this agency's information technology assets.

Retention of Information Collected Through this Website

The information collected through this website is retained by DFS in accordance with the records retention and disposition requirements of the New York State Arts & Cultural Affairs Law. Information on the requirements of the Arts & Cultural Affairs Law may be found on the website of the New York State Archives.

In general, the internet services logs, comprising electronic files or automated logs created to monitor access and use of agency services provided through this website, are retained for 6 months and then destroyed. Information, including personal information, that you submit in an email or when you initiate an online transaction such as a survey, registration form, or order form is retained in accordance with the records retention and disposition schedule established for the records of the program unit to which you submitted the information. Information concerning these records retention and disposition schedules may be obtained through the internet privacy policy contact listed in this policy.

Access to and Correction of Personal Information Collected Through this Website

Any visitor may submit a request to the New York State Department of Financial Services Internet Privacy Compliance Officer to determine whether personal information pertaining to that visitor has been collected through this website. Any such request shall be made in writing and must be accompanied by reasonable proof of identity of the visitor. Reasonable proof of identity may include verification of a signature, inclusion of an identifier generally known only to the visitor, or similar appropriate identification. The address of the Internet Privacy Compliance Officer is:

New York State Department of Financial Services
Internet Privacy Compliance Officer
1 State Street
New York, NY 10004

The Internet Privacy Compliance Officer shall, within five (5) business days of the receipt of a proper request: (i) provide access to the personal information; (ii) deny access in writing, explaining the reasons therefore; or (iii) acknowledge the receipt of the request in writing, stating the approximate date when the request will be granted or denied, which date shall not be more than thirty (30) days from the date of the acknowledgment.

In the event that DFS has collected personal information pertaining to a visitor through the state agency website and that information is to be provided to the visitor pursuant to the visitor's request, the Internet Privacy Compliance Officer shall inform the visitor of his or her right to request that the personal information be amended or corrected under the procedures set forth in section 95 of the Public Officers Law.

Confidentiality and Integrity of Personal Information Collected Through this Website

DFS is strongly committed to protecting personal information collected through this Website against unauthorized access, use or disclosure. Consequently, DFS limits employee access to personal information collected through this website to only those employees who need access to the information in the performance of their official duties. Employees who have access to this information follow appropriate procedures in connection with any disclosures of personal information.

In addition, DFS has implemented procedures to safeguard the integrity of its information technology assets, including, but not limited to, authentication, monitoring, auditing, and encryption. These security procedures have been integrated into the design, implementation, and day-to-day operations of this website as part of our continuing commitment to the security of electronic content as well as the electronic transmission of information.

For website security purposes and to maintain the availability of the website for all visitors, DFS employs software to monitor traffic to identify unauthorized attempts to upload or change information or otherwise damage this website.

Disclaimer

The information provided in this privacy policy should not be construed as giving business, legal, or other advice, or warranting as fail proof, the security of information provided through this website.

Contact Information

For questions regarding this privacy policy, please contact:

via email: [email protected]

Regular mail:

New York State Department of Financial Services
Office of General Counsel
1 State Street
New York, NY 10004-1511
Attn: Internet Privacy Policy