[Code of Federal Regulations]
[Title 16, Volume 1]
[Revised as of January 1, 2003]
From the U.S. Government Printing Office via GPO Access
[CITE: 16CFR314.3]

[Page 407-408]
 
                     TITLE 16--COMMERCIAL PRACTICES
 
                   CHAPTER I--FEDERAL TRADE COMMISSION
 
PART 314--STANDARDS FOR SAFEGUARDING CUSTOMER INFORMATION (EFF. 5-23-03)--Table of Contents
 
Sec. 314.3  Standards for safeguarding customer information.

    (a) Information security program. You shall develop, implement, and 
maintain a comprehensive information security program that is written in 
one or more readily accessible parts and contains administrative, 
technical, and physical safeguards that are appropriate to your size and 
complexity, the nature and scope of your activities, and the sensitivity 
of any customer information at issue. Such safeguards shall include the 
elements set forth in Sec. 314.4 and shall be reasonably designed to 
achieve the objectives of this part, as

[[Page 408]]

set forth in paragraph (b) of this section.
    (b) Objectives. The objectives of section 501(b) of the Act, and of 
this part, are to:
    (1) Insure the security and confidentiality of customer information;
    (2) Protect against any anticipated threats or hazards to the 
security or integrity of such information; and
    (3) Protect against unauthorized access to or use of such 
information that could result in substantial harm or inconvenience to 
any customer.