applicants and licensees must have a written program appropriate to the
company's size and complexity, the activity conducted, and the sensitivity of
information at issue. The program must ensure the information's security and
confidentiality, protect against anticipated threats or hazards to the security
or integrity of the information, and protect against unauthorized access to or
use of the information.
Specifically, at a minimum the plan
described in subsection (1) of this section must:
(a) Designate an employee or employees to
coordinate the information security program;
(b)Identify and assess the risks to customer
implement safeguards to control the risks identified in the risk assessment and
regularly monitor and test the safeguards;
(d)Select service providers that can maintain
appropriate safeguards and oversee their handling of customer information;
(e)At least annually evaluate
and adjust the program in light of relevant circumstances, including changes in
business operations, or the results of testing and monitoring the effectiveness
of the implemented safeguards.
(3)The information security plan must be
maintained as part of your books and records.
Compliance with the federal
Gramm-Leach-Bliley Act and Regulation P, 12 C.F.R. Part 1016
, will be deemed
compliance with this subsection.
For more information access the FTC web
site on the Safeguards Rule at:
and see 16 C.F.R. 314
Wash. Admin. Code § 208-630-715
16-10-046, Filed 4/29/2016, effective