The licensee:
- (a) Identifies reasonably foreseeable internal or external threats that could result in unauthorized disclosure, misuse, alteration or destruction of customer information or customer information systems.
- (b) Assesses the likelihood and potential damage of these threats, taking into consideration the sensitivity of customer information.
- (c) Assesses the sufficiency of policies, procedures, customer information systems and other safeguards in place to control risks.
Author: Commissioner of Insurance
Statutory Authority: Code of Ala. 1975, §§27-2-17, 27-7-44; 15 U.S.C. §§6801-6827.
History: New Rule: May 6, 2003; effective May 16, 2003. Filed with LRS May 7, 2003. Rule is not subject to the Alabama Administrative Procedure Act.