6.6.7010    ASSESS RISK

(1) The licensee:

(a) identifies reasonable foreseeable internal or external threats that could result in unauthorized disclosure, misuse, alteration or destruction of an individual's personal information or a licensee's information systems;

(b) assesses the likelihood and potential damage of these threats, taking into consideration the sensitivity of the personal information involved; and

(c) assesses the sufficiency of policies, procedures, information systems and other safeguards in place to control risks.

History: 33-19-106, MCA, IMP, 33-19-102 and 33-19-306, MCA; NEW, 2005 MAR p. 426, Eff. 4/1/05.