The licensee:
- (A) Identifies reasonably foreseeable internal or external threats that could result in unauthorized disclosure, misuse, alteration, or destruction of customer information or customer information systems;
- (B) Assesses the likelihood and potential damage of these threats, taking into consideration the sensitivity of customer information; and
- (C) Assesses the sufficiency of policies, procedures, customer information systems and other safeguards in place to control risks.
Source: 29 SDR 48, adopted September 20, 2002, effective March 1, 2003; 31 SDR 67, effective November 14, 2004.
General Authority: SDCL 58-2-40 , 58-2-41.
Law Implemented: SDCL 58-2-40 , 58-2-41.