The responsible person designated under 960 CMR 2.05 shall, with respect to the system or systems for which he is immediately responsible:
- (1) ensure that the requirements of M.G.L. c. 66A and of 960 CMR 2.00 for preventing unauthorized access to or disclosure of personal data are followed;
- (2) receive complaints and objection; and
- (3) answer questions.