A licensee shall develop and implement a comprehensive written customer information security program that
- (1) includes administrative, technical, and physical safeguards for the protection of customer information;
- (2) is appropriate for the size and complexity of the licensee and the nature and scope of the licensee's activities; and
(3) is designed to
- (A) ensure the security and confidentiality of customer information;
- (B) protect against any anticipated threats or hazards to the security or integrity of the customer information; and
- (C) protect against unauthorized access to or use of customer information that could result in substantial harm or inconvenience to a customer.
(Eff. 1/1/2005, Register 172)