D.C. Mun. Regs. tit. 26, r. 26-A3616

Current through Register Vol. 71, No. 49, December 6, 2024
Rule 26-A3616 - ASSESS RISK
3616.1

The licensee shall:

(a) Identify reasonably foreseeable internal or external threats that could result in unauthorized disclosure, misuse, alteration or destruction of customer information or customer information systems;
(b) Assess the likelihood and potential damage of these threats, taking into consideration the sensitivity of customer information; and
(c) Assess the sufficiency of policies, procedures, customer information systems and other safeguards in place to control risks.

D.C. Mun. Regs. tit. 26, r. 26-A3616

Emergency Rulemaking published at 47 DCR 9052(November 10, 2000) [EXPIRED]; Emergency Rulemaking published at 48 DCR 2356(March 16, 2001) [EXPIRED]; as Emergency Rulemaking published at 48 DCR 6119(July 1, 2001) [EXPIRED]; as Final Rulemaking published at 48 DCR 8005 (August 24, 2001); as Final Rulemaking published at 50 DCR 1517(February 14, 2003)