- (a) Identifies reasonably foreseeable internal and external threats that could result in unauthorized disclosure, misuse, alteration, or destruction of customer information or customer information systems;
- (b) Assesses the likelihood and potential damage of these threats, taking into consideration the sensitivity of customer information; and
- (c) Assesses the sufficiency of policies, procedures, customer information systems, and other safeguards in place to control risks.
The licensee:
Note: Authority cited: Sections 791-791.27, Insurance Code; and 15 U.S.C. Sections 6801, 6805, 6807 and 6824. Reference: Section 791, Insurance Code; and 15 U.S.C. Section 6825.
History
1. New section filed 11-22-2002; operative 3-24-2003 (Register 2002, No. 47).