§ 146c.6. Assess risk.

 The licensee:

   (1)  Identifies reasonably foreseeable internal or external threats that could result in unauthorized disclosure, misuse, alteration or destruction of customer information or customer information systems.

   (2)  Assesses the likelihood and potential damage of these threats, taking into consideration the sensitivity of customer information.

   (3)  Assesses the sufficiency of policies, procedures, customer information systems and other safeguards in place to control risks.

Cross References

   This section cited in 31 Pa. Code §  146c.5 (relating to examples of methods of development and implementation).

---

No part of the information on this site may be reproduced for profit or sold for profit.

This material has been drawn directly from the official Pennsylvania Code full text database. Due to the limitations of HTML or differences in display capabilities of different browsers, this version may differ slightly from the official printed version.