A Checklist outlining key steps to take when planning and performing data security risk assessments. It addresses data security risk assessment requirements found in federal and state laws, industry standards, and best practices, such as the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule, the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, state data security laws that protect personal information, federal and state regulators' expectations for reasonable data security practices. This Checklist is designed to be used with Practice Note, Data Security Risk Assessments and Reporting.