Press Release

New FTC Guidance and FRCP Regulations Focus Business Attention on Monitoring and Securing Electronic Business Communications

Federal Trade Commission Guidance and Federal Rules of Civil Procedure Provide Significant Detail on Reasonable and Appropriate Practices for Information Security

SANTA CLARA, Calif., June 22, 2007 – Code Green Networks, a leading developer of data loss prevention solutions for protecting customer data and intellectual property,
is alerting businesses about the implications of new Federal Trade Commission (FTC) guidelines on protecting personal information and recent amendments to the Federal Rules of Civil Procedure (FRCP) regarding discovery of electronically stored information. Both of these are expected to have significant impact on how businesses monitor, protect and store their sensitive information.

Federal Trade Commission

In April, 2007, the FTC released important new guidelines entitled “Protecting Personal Information: A Guide for Business.” (www.ftc.gov/infosecurity) This FTC Guide provides significant detail on what the FTC considers to be reasonable and appropriate steps for businesses to protect the privacy of customer and employee data that they maintain.

The FTC guide emphasizes five principles that businesses should follow when implementing an information security plan. These are:
1. Take stock. Know what personal information you have in your files and on your computers.
2. Scale down. Keep only what you need for your business.
3. Lock it. Protect the information you keep.
4. Pitch it. Properly dispose of what you no longer need.
5. Plan ahead. Create a plan to respond to security incidents.

“Following the steps outlined in the FTC Guide should help companies identify actions that will help meet legal requirements in an area that has been plagued with practical uncertainty,” said Gerry Stegmaier, an attorney in the Washington, D.C. office of Wilson, Sonsini, Goodrich and Rosati.
In step three, Lock it, the FTC details several practices to protect personal information stored in computer systems.

These practices include:
• “Encrypt sensitive information that you send to third parties over public networks (like the Internet)…”
• “Caution employees against transmitting sensitive personally identifying data…via email. Unencrypted email is not a secure way to transmit any information.”
• “Monitor outgoing traffic for signs of a data breach.”

Federal Rules of Civil Procedure

The Federal Rules of Civil Procedure (FRCP) were amended on December 1, 2006 to more explicitly address the role of electronically stored information in federal civil cases involving patents, copyrights, securities and other disputes. Shortly after the filing of a lawsuit, the parties must meet and exchange descriptions of all electronically stored information relevant to the case. (www.uscourts.gov/rules/EDiscovery_w_Notes.pdf)

Some of the FRCP amendments that are especially germane to businesses include:
• “The wide variety of computer systems currently in use, and the rapidity of technological change, counsel against a limiting or precise definition of electronically stored information. . . . It includes any type of information that is stored electronically.” FRCP, Rule 34(a), Committee Note.
• Rule 26(a)(1) amended to make clear that a party must, without awaiting a discovery request, provide to other parties “a copy of, or a description by category and location of, all documents, electronically stored information, and tangible things” that the party “may use to support its claims or defenses.”
• Rule 34(a) now specifically provides that document requests may seek to “inspect, copy, test, or sample any designated documents or electronically stored information.”

“Electronic discovery has emerged as the most burdensome and expensive part of litigation by far,” said Sreekanth Ravi, Founder, Chairman and CEO of Code Green Networks. “Companies need to archive their electronic communications, including WebMail and Instant Messaging, and be able to access that information.”

While businesses can choose piecemeal technology solutions to implement these practices, the Content Inspection (CI) Appliance from Code Green Networks is the only solution that provides all of these capabilities integrated into a single, cost-effective appliance. The CI Appliance can inspect, monitor, retain and block all sensitive electronic communications leaving an organization over the Internet -- WebMail, SMTP email, blogging and Instant Messaging. Further, when it detects authorized transmissions of personal data in a SMTP email, it can automatically encrypt the email to ensure its security.

About Code Green Networks

Code Green Networks delivers data loss prevention solutions that protect private employee and customer information and safeguard intellectual property across all electronic communications channels. The company’s easy-to-deploy, easy-to-manage content inspection appliances rapidly detect and prevent potential data leaks, helping organizations automate compliance and mitigate risks from internal breaches that can result in loss of revenue, financial penalties and irreparable damage to a corporation's image, brand and customer loyalty.

©2008 Code Green Networks. All rights reserved.

All products mentioned in the release are trademarks or registered trademarks of Code Green Networks. All other trademarks, trade names and product names are used solely for the purpose of identification and are the property of their respective owners.