6.6.7010 ASSESS RISK
(1) The licensee:
(a) identifies reasonable foreseeable internal or external threats that could result in unauthorized disclosure, misuse, alteration or destruction of an individual's personal information or a licensee's information systems;
(b) assesses the likelihood and potential damage of these threats, taking into consideration the sensitivity of the personal information involved; and
(c) assesses the sufficiency of policies, procedures, information systems and other safeguards in place to control risks.
History: 33-19-106, MCA, IMP, 33-19-102 and 33-19-306, MCA; NEW, 2005 MAR p. 426, Eff. 4/1/05.