Various State and Federal laws, as well as SUNY Policies, require that we designate an employee to fill a particular compliance function/ responsibility. The following is a comprehensive list of roles that 黑料视频 is required to have in place, as well as information on the responsibilities and scope of the employee designated to fill the role.
Federal Compliance Roles
- Title IX Coordinator Andrew Baker 607-777-2486 abaker@binghamton.edu
- ADA Co-Coordinator Ada Robinson-Perez 607-777-4775 arobins@binghamton.edu
- ADA Co-Coordinator Christen Szymanski 607-777-2686 cszymanski@binghamton.edu
- Campus Security Authority for purposes of the Clery Act Andrew Baker 607-777-2486 abaker@binghamton.edu
Federal Compliance Roles for HIPAA Covered Entities
黑料视频 is not a HIPAA-covered entity as of this revision, however, should this designation change the following assignments have been made.- HIPAA Privacy Officer Michael Behun 607-777-6198 behun@binghamton.edu
- HIPAA Security Officer Michael Behun 607-777-6198 behun@binghamton.edu
New York Compliance Roles (from New York State law and SUNY Policy)
- Affirmative Action Officer Ada Robinson-Perez 607-777-4775 arobins@binghamton.edu
- Chief Diversity Officer Karen Jones 607-777-6009 kajones@binghamton.edu
- Child Protection Policy Responsible University Official - Determined for EACH Covered Activity - direct questions to Eric Backlund 607-777-7475 backlund@binghamton.edu
- Internal Control Officer Eric Backlund 607-777-7475 backlund@binghamton.edu
- Enterprise Risk Management Officer Eric Backlund 607-777-7475 backlund@binghamton.edu
- Ethics Officer Joseph Schultz 607-777-2187 jschultz@binghamton.edu
- Records Management Officer Michael Tanzini 607-777-2172 mtanzini@binghamton.edu
- Records Access Officer / FOIL Officer Michael Tanzini 607-777-2172 FOIL@binghamton.edu
- Information Security Officer Michael Behun 607-777-6198 behun@binghamton.edu
- Privacy Compliance Officer c/o Cindy Knickerbocker 607-777-4438 cjknick@binghamton.edu
- Domestic Violence Liaison Sara DeClemente-Hammoud 607-777-4939 declemen@binghamton.edu
- Project Sunlight Liaison Matt Schofield 607-777-2184 mschofie@binghamton.edu
Campus-specific Roles
- Biosafety Officer J. Kelly Donovan 607-777-6834 donovan@binghamton.edu
- Chemical Hygiene Officer Joe Biscardi 607-777-5799 biscardi@binghamton.edu
- Clery Act Coordinator Andrew Baker 607-777-2486 abaker@binghamton.edu
- Controlled Substance Officer Theresa Kolb 607-777-6199 tkolb@binghamton.edu
- Exchange Visitor Program (J-1) Responsible Officer Patricia Bello 607-777-2510 pmarra@binghamton.edu
- Laser Safety Officer Joe Biscardi 607-777-5799 biscardi@binghamton.edu
- NYS Code Compliance (new construction) c/o Alexander McQuilkin, 607-777-3879 amcquilkin@binghamton.edu
- NYS Code Coordinator 1 (operational code) James Rea 607-777-4177 jrea@binghamton.edu
- Ombudsman, Bathabile Mthombeni 607-777-2388 bmthombe@binghamton.edu
- PCI DSS Compliance, Tracey Debnar 607-777-2157 tdebnar@binghamton.edu
- Radiation Safety Officer Patrick Reardon 607-777-3589 preardon@binghamton.edu
- Research Compliance Officer Nancy Lewis 607-777-3532 nlewis@binghamton.edu
Federally Mandated Compliance Roles
TITLE IX COORDINATOR - FEDERAL LAW
"All educational institutions receiving Federal financial assistance must designate
at least one employee to coordinate their efforts to comply with and carry out their
responsibilities under Title IX of the Education Amendments of 1972, which prohibits
sex discrimination in education programs and activities. These designated employees
are generally referred to as Title IX coordinators. A school's Title IX coordinator
or coordinators are expected to play a critical role in helping a school ensure that
every person affected by its operations鈥攊ncluding faculty, staff, and students鈥攁re
aware of their legal rights under Title IX, and that the school and all of its employees,
through its policies, procedures, and practices, complies with its legal obligations
under Title IX. A school should ensure that the Title IX coordinator is given the
visibility, training, authority, and support necessary to fulfill these responsibilities.
The coordinator should not have other job responsibilities that may create a conflict
of interest. Designating a full-time Title IX coordinator will minimize the risk of
a conflict of interest."
Original Source: Justice.gov, archives, Role of a Title IX Coordinator, URL:
Designating an ADA Coordinator
If a public entity has 50 or more employees, it is required to designate at least
one responsible employee to coordinate ADA compliance.1 A government entity may elect
to have more than one ADA Coordinator. Although the law does not refer to this person
as an "ADA Coordinator," this term is commonly used in state and local governments
across the country and will be used in this chapter.
The ADA Coordinator is responsible for coordinating the efforts of the government entity to comply with Title II and investigating any complaints that the entity has violated Title II. The name, office address, and telephone number of the ADA Coordinator must be provided to interested persons."
Source: ADA Best Practices Tool Kit for State and Local Governments, Chapter 2: ADA Coordinator, Notice & Grievance Procedure: Administrative Requirements Under Title II of the ADA
URL:
CAMPUS SECURITY AUTHORITIES - REQUIRED BY THE CLERY ACT - FEDERAL LAW
Campus Security Authority (CSA) are defined by the Clery Handbook to include campus police/security and affiliated offices, those designated by the institution, and faculty and staff with significant responsibility for students and campus activities.
The following description of the Campus Security Authority (CSA) and their role and designation comes from the , written by SUNY Office of General Counsel , and publicly available on the Higher Education Compliance Alliance website:
Campus Security Authorities include police or security personnel, others with responsibility for security, and personnel with 鈥渟ignificant responsibility for student and campus activities, including, but not limited to, student housing, student discipline and campus judicial proceedings.鈥 鈥淥fficial鈥 is defined rather broadly as 鈥渁ny person who has the authority and the duty to take action or respond to particular issues on behalf of the institution.鈥 The individuals included above must be given the responsibilities of Campus Security Authorities. Institutions may also designate other personnel as Campus Security Authorities, by listing those individuals in the Annual Security Report as 鈥渁n individual or organization to which students and employees should report criminal offenses.鈥 Pastoral and professional counselors who are so practicing when they receive a report of a crime are exempt from any requirements of Campus Security Authorities, even if they otherwise meet the requirements.
"Institutions must request statistics from all Campus Security Authorities each year to be included in the institution鈥檚 Annual Security Report. Campus Security Authorities must forward to the individual or office responsible for Clery Act incident collection (usually Campus Police, Security, or Student Affairs) any allegations of Clery Act crimes that they believe were made in good faith.
"At a minimum for Clery Act purposes, the Campus Security Authority should disclose the details of the crime and the location where the crime occurred. The Campus Security Authority may disclose the name and contact information for the victim or individual reporting the crime, or may agree to keep that information confidential at the request of the victim or individual reporting the crime. All Campus Security Authorities should be trained in the obligations of Campus Security Authorities. In overseas programs, institutions may wish to designate all personnel working frequently with students as Campus Security Authorities, even if they do not meet the technical requirements. In that way, students abroad can feel they can speak to any institutional official overseas to report a crime. This is not a requirement, but is simply a good practice.
Federally Mandated Compliance Roles for HIPAA Covered Entities Only
PRIVACY OFFICER (FOR PURPOSES OF HIPAA - PERTAINS TO HIPAA COVERED ENTITLES ONLY)
The SUMMARY OF THE HIPAA PRIVACY RULE HIPAA Compliance Manual published by the United
States Department of Health and Human Services states the following with regard to
the designation of a privacy administration position:
Privacy Personnel. A covered entity must designate a privacy official responsible for developing and implementing its privacy policies and procedures, and a contact person or contact office responsible for receiving complaints and providing individuals with information on the covered entity's privacy practices. The HIPAA Privacy regulations (45 CFR Part 164.530(a)(1) require the designation of a privacy official who is responsible for the development and implementation of the entity's privacy policies and procedures. 45 CFR Part 164.530(a)(1)(ii) further requires that a covered entity must "designate a contact person or office who is responsible for receiving complaints under this section and who is able to provide further information about matters covered by the notice required by 搂164.520. Each SUNY campus should designate an individual to serve as the Privacy Official for that campus.
The Campus Privacy Official role is to:
- Oversee the HIPAA compliance activities of the campus, including the development, implementation and monitoring of campus HIPAA policies and procedures and workforce training;
- Serve as the campus resource for issues relating to HIPAA privacy;
- Work in concert with the Campus Security Official;
- Serve as the campus contact for issues/complaints relating to HIPAA privacy and be listed as the contact person on the campus' Notice of Privacy Practices; and
- Oversee campus responses to inquiries from patients and other outside parties. When
the campus suspects that a HIPAA privacy violation has occurred, the University Privacy
Officer should be notified of:
- the suspected breach;
- the investigation process that will be utilized;
- the findings of the investigation; and (d) the remediation steps that will be taken to prevent future incidents.
SECURITY OFFICER (FOR PURPOSES OF HIPAA, PERTAINS TO HIPAA COVERED ENTITIES ONLY)
STANDARD 搂 164.308(a)(2) requires assigned security responsibility.
In a SUMMARY OF THE HIPAA SECURITY RULE document published by the United States Department of Health and Human Services (HHS), covered entities must designate a Security Personnel. The summary states that "A covered entity must designate a security official who is responsible for developing and implementing its security policies and procedures.
The details of this designation are further detailed in an HHS/ DOJ Guidance document on the HIPAA Security Rule which discusses the security standards and administrative standards of the rule. The document states the following with respect to STANDARD 搂 164.308(a)(2) and the assigned security responsibility requirement:
The second standard in the Administrative Safeguards section is Assigned Security Responsibility. There are no separate implementation specifications for this standard. The standard requires that covered entities:
"Identify the security official who is responsible for the development and implementation of the policies and procedures required by this subpart [the Security Rule] for the entity." The purpose of this standard is to identify who will be operationally responsible for assuring that the covered entity complies with the Security Rule. Covered entities should be aware of the following when assigning security responsibility.
This requirement is comparable to the Privacy Rule standard at 搂164.530(a)(1), Personnel Designations, which requires all covered entities to designate a Privacy Official. The Security Official and Privacy Official can be the same person, but are not required to be. While one individual must be designated as having overall responsibility, other individuals in the covered entity may be assigned specific security responsibilities (e.g., facility security or network security). When making this decision covered entities should consider some basic questions. Sample questions for covered entities to consider:
Would it serve the organization's needs to designate the same individual as both the
Privacy and Security Official (for example, in a small provider office)?
Has the organization agreed upon, and clearly identified and documented, the responsibilities
of the Security Official?
How are the roles and responsibilities of the Security Official crafted to reflect the size, complexity and technical capabilities of the organization?
New York State Compliance Roles
AFFIRMATIVE ACTION OFFICER - NEW YORK STATE LAW
"New York State's policy is that equal opportunity will be assured in the State's
personnel system and that affirmative action will be provided in the administration
of that system in accordance with the requirements of the State's Human Rights Law,
the mandates of Title VII of the Federal Civil Rights Act of 1964 as amended, and
Executive Order No. 6 (1983). The Department of Civil Service is responsible for enforcing
the Executive Order and for developing comprehensive statewide affirmative action
policies, goals, objectives, and implementation strategies.
Executive Order No. 6 requires that each agency designate a full-time affirmative action officer and develop a written affirmative action program that includes specific goals and timetables for the prompt achievement of full and equal employment opportunities for minorities, women, disabled persons, and Vietnam era veterans at all occupational levels of State government.
Source: Governor's Office of Employee Relations, Handbook For Management/Confidential Employees.
CHIEF DIVERSITY OFFICER (CDO) - SUNY POLICY
According to the SUNY , the campus Chief Diversity Officer must "be a senior member of the campus administration, reporting directly to the president or provost" and will "work collaboratively with offices across campus including but not limited to, the offices of academic affairs, human resources, enrollment management, and admissions-to elevate inclusiveness and implement best practices related to diversity, equity and inclusion in such areas as the recruitment and retention of students and senior administrators, faculty and staff hires" and also "serve as part of a system-wide network of CDOs to support SUNY's overall diversity goals."
ENTERPRISE RISK MANAGEMENT ROLE - SUNY POLICY
The Enterprise Risk Management role was established by SUNY Policy, the . Each campus was required to designate an ERM role at their campus, and report to System Administration on the designation.
Efforts to identify the specific dutie of the campus Enterprise Risk Management role are currently ongoing as the policy is developed into procedures for the campuses to follow.
INTERNAL CONTROLS OFFICER - NEW YORK STATE LAW AND SUNY POLICY
Each campus location must designate an Internal Control Officer. This Officer must
coordinate with their campus each year to ensure compliance with the New York State
Internal Controls Act, and to report to System Administrations System-wide Internal
Controls Officer.
State Law:
SUNY Policies and Procedures:
Pursuant to the New York State Government Accountability, Audit and Internal Control Act (Act) this policy outlines the State University of New York's (University) formalized program of internal control, which is designed to ensure that the University has a system of accountability for and oversight of its operations and to assist the University in achieving its goals and objectives.
SUNY Policies and Procedures:
"Designate an internal control officer at the University and campus levels to implement and review the University's/campuses' Internal Control Programs. The University and each of its affected campuses are required to designate an internal control officer. Based upon the internal control officer's other responsibilities, it may be necessary to delegate certain operational aspects of the campus' internal control program to designated staff (such as an internal control coordinator). The prescribed qualifications and responsibilities as they relate to the internal control efforts are outlined in .
ETHICS OFFICER - STATE REQUIREMENT BY JCOPE, NYS ETHICS OVERSIGHT AGENCY, TO COMPLY
WITH NEW YORK STATE LAW
While no provision of New York law says that we must have an Ethics Officer, the role
is recognized by the oversight authority, the , and Ethics Officers have many roles to ensure compliance with the laws that are
within JCOPE's jurisdiction.
" The Joint Commission on Public Ethics ("JCOPE") administers and enforces the ethics laws that apply to appointees, officers and employees of New York State agencies, public authorities, public benefit corporations, and commissions ("Agency" or "Agencies"). The ethics laws apply to all of these covered persons, even those appointees who serve on an unpaid or per diem basis. Each Agency must designate an Ethics Officer to serve as the primary liaison to JCOPE.
OVERVIEW OF ETHICS OFFICER DUTIES AND RESPONSIBILITIES
- Serves as liaison between the Agency and JCOPE for statutory and other administrative obligations.
- Provides guidance to Agency officers and employees in the interpretation and implementation of ethics laws.
- Promotes a culture of integrity by fostering awareness of ethics laws and obligations and serves as a resource on ethics questions.
- Monitors ethics-related matters, including new laws, regulations, policies, and advisory opinions.
- Evaluates allegations and refers complaints to JCOPE as appropriate.
In addition, the Ethics Officer has the responsibility to ensure that both the agency and its personnel comply with the legal obligations related to the following subjects:
- Requirement to File an Annual Financial Disclosure Statement
- Mandatory Ethics Training for FDS Filers
- Approvals for Outside Activities
- Approvals for Honoraria
- Approvals for Official Activity Expense Payments
- Acceptance of Gifts (including Widely Attended Events)
Source: JCOPE's Role of an Ethics Officer information document
RECORDS MANAGEMENT OFFICER - SUNY POLICY
The Records Management Officer role is established by , pursuant to and The policy requires a Records Management Officer at each location, and states as
follows:
"Each campus should designate a local records management officer and notify the SUNY RMO of such designation. It is the responsibility of the campus RMO to report annually, by September 1 of each year, to the SUNY RMO on disposition actions taken by such campus during the previous academic year and to maintain the campus inventory of records. Requests for approval of retention schedules with shorter retention periods should be submitted by a campus through their local RMO to the SUNY RMO for transmittal to State Archives."
RECORDS ACCESS OFFICER/ FOIL OFFICER - SUNY POLICY AND NEW YORK STATE LAW
In accordance with , the law, and the procedure codifying the law, "requires each campus and the system
administration of the University to designate records access officers. Requests for
information from the campus or the system administration should be directed to the
respective records access officer at each location, as appropriate."
The term 'Records Access Officer' is synonymous with the term 'FOIL Officer.' The two roles are one in the same.
RESPONSIBLE UNIVERSITY OFFICIAL (CHILD PROTECTION POLICY) - SUNY POLICY
Pursuant to the , each campus must 'Designate a Responsible University Official for each Covered Activity'
under the policy. The Responsible University Official is the employee of the University
or University-affiliated organization, who has been designated by the Campus.
INFORMATION SECURITY OFFICER - SUNY POLICY
SUNY's Information Security Procedure, Information Security Guidelines, Part 1: Campus
Programs & Preserving Confidentiality, requires that each campus establish an Information
Security Officer, whose role is defined as "an assigned person (Officer) or group
(Office) or coordinated function (Oversight) that understands the Campus's information
security risk, the Program, and the meaning and intent of the University standards
for information security and who presents professionally and legally sound and timely
advice to executive management regarding appropriate action, ensuring the Program
is exposed to outside, professional perspective, especially that of the University's
central information security oversight function."
PRIVACY COMPLIANCE OFFICER - NEW YORK STATE LAW
with corresponding regulation , requires that SUNY System Administration and the SUNY State-Operated campuses each
designate a Privacy Compliance Officer in order to comply fully with the provisions
of article 6-A of the Public Officers Law, the Personal Privacy Protection Law. The
regulation states as follows: "A privacy compliance officer shall be designated by
the chief administrative officer of each State- operated campus. The name, title and
business address of the campus privacy compliance officer may be obtained from the
office of the chief administrative officer of each campus." SUNY's Compliance with
the codifies 8 NYCRR Part 315 by requiring that the University "designate a University employee who shall be responsible for ensuring that the agency
complies with all of the provisions of the PPPL (the Privacy Compliance Officer)." The regulation also states that the "Privacy compliance officers are responsible for ensuring appropriate responses to
requests for access to and for amendment or correction of records in accordance with
the Personal Privacy Protection Law. The designation of privacy compliance officers
shall not be construed to prohibit officials who have in the past been authorized
to make records available or to amend or correct such records from continuing to do
so. Privacy compliance offices shall ensure that personnel: (1) assist a data subject
in identifying and requesting personal information, if necessary; (2) describe the
contents of systems of records orally or in writing in order to enable a data subject
to learn if a system of records includes a record or personal information identifiable
to the data subject; (3) take one of the following actions upon locating the record
sought: (i) make the record available for inspection, in a printed form without codes
or symbols, unless an accompanying document explaining such codes or symbols is also
provided; (ii) permit the data subject to copy the record; or (iii) deny access to
the record in whole or in part and explain in writing the reasons therefor; (4) upon
request for copies of records, make a copy available upon payment of 25 cents per
page; (5) upon request, certify that a copy of a record is a true copy; or (6) upon
request, certify that: (i) the university or campus does not have possession of the
record sought; (ii) the university or campus cannot locate the record sought after
having made a diligent search; or (iii) the information sought cannot be retrieved
by use of the description thereof, or by use of the name or other identifier of the
data subject without extraordinary search methods being employed by the university
or campus." ()
DOMESTIC VIOLENCE LIAISON - SUNY POLICY TO COMPLY WITH THE NEW YORK STATE LAW ON DOMESTIC
VIOLENCE
adopted in 2007, required that all State Agencies, including SUNY, adopt a Domestic
Violence in the Workplace Policy. Each state agency was required to formulate and
issue a Domestic Violence in the Workplace Policy by August 1, 2008, all while using
the Office for the Prevention of Domestic Violence (OPDV) Model Domestic Violence
and the Workplace Policy as a guide. Each SUNY Campus is required to review their
policy ANNUALLY, and to submit any changes to the the SUNY System Affirmative Action
Officer.
The SUNY Model Domestic Violence Policy that was written to serve as a model for campus local policies, required that each campus location designate a Domestic Violence liaison who would serve as a point person at the campus for reporting to System Administration on Domestic Violence issues. The Model Domestic Violence and the Workplace Policy template, available on the , states the following with regard to the Domestic Violence campus role:
I. Workplace Safety Plans
By means of a domestic violence workplace safety response plan, [CAMPUS] shall make
employees aware of their options and available resources and help employees safeguard
each other and report domestic violence to designated officials.
a. The designated liaison between [CAMPUS] and SUNY System Administration is [NAME
OR OFFICE TITLE OF DESIGNATED AGENT]. This liaison will ensure campus wide implementation
of this policy, and serve as the primary liaison with System Administration regarding
this policy. The System Administration designated liaison will communicate with the
Office for the Prevention of Domestic Violence (OPDV) on behalf of campuses as it
relates to reporting.
PROJECT SUNLIGHT LIAISON - NEW YORK STATE LAW
Project Sunlight, a component of the Public Integrity Reform Act of 2011 (Ch. 399,
Part A, 搂4, L. 2011), is a New York State online database that provides the public
with an opportunity to see what entities and individuals are interacting with government
decision-makers at the various State entities. Effective January 1, 2013, State entities
(including SUNY & SUNY State-operated campuses) are required to report to the OGS
database 'appearances' by individuals/firms who 'appear' before State decision-makers
or persons who advise decision-makers (decision makers and decision advisors are considered
'covered individuals' under the law). The Project Sunlight database, hosted by the
NYS Office of General Services, aggregates the inputted data and makes it available
to the public for viewing. A New York State Project Sunlight Policy was developed
to clearly define what 'appearances' must be reported under the law.
Through Project Sunlight and the SUNY plan to outline compliance with the law, each campus is required to 'Designate one/several individuals responsible for entering data in the OGS Project Sunlight database.'