A licensee’s information security program shall be designed to do the following:
- (1) Safeguard the security and confidentiality of customer information.
- (2) Protect against any reasonably anticipated threats or hazards to the security or integrity of the information.
- (3) Protect against unauthorized access to or use of the information that could result in substantial harm or inconvenience to any customer.
Cross References
This section cited in 31 Pa. Code § 146c.5 (relating to examples of methods of development and implementation); and 31 Pa. Code § 146c.10 (relating to determined violation).