3616.1 The licensee shall:
- (a) Identify reasonably foreseeable internal or external threats that could result in unauthorized disclosure, misuse, alteration or destruction of customer information or customer information systems;
- (b) Assess the likelihood and potential damage of these threats, taking into consideration the sensitivity of customer information; and
- (c) Assess the sufficiency of policies, procedures, customer information systems and other safeguards in place to control risks.
SOURCE: Emergency Rulemaking published at 47 DCR 9052(November 10, 2000) [EXPIRED]; Emergency Rulemaking published at 48 DCR 2356(March 16, 2001) [EXPIRED]; as Emergency Rulemaking published at 48 DCR 6119(July 1, 2001) [EXPIRED]; as Final Rulemaking published at 48 DCR 8005 (August 24, 2001); as Final Rulemaking published at 50 DCR 1517(February 14, 2003).