Section 26-A3616. ASSESS RISK  


Latest version.
  •  

    3616.1The licensee shall:

     

    (a)Identify reasonably foreseeable internal or external threats that could result in unauthorized disclosure, misuse, alteration or destruction of customer information or customer information systems;

     

    (b)Assess the likelihood and potential damage of these threats, taking into consideration the sensitivity of customer information; and

     

    (c)Assess the sufficiency of policies, procedures, customer information systems and other safeguards in place to control risks.

     

source

Emergency Rulemaking published at 47 DCR 9052(November 10, 2000) [EXPIRED]; Emergency Rulemaking published at 48 DCR 2356(March 16, 2001) [EXPIRED]; as Emergency Rulemaking published at 48 DCR 6119(July 1, 2001) [EXPIRED]; as Final Rulemaking published at 48 DCR 8005 (August 24, 2001); as Final Rulemaking published at 50 DCR 1517(February 14, 2003).