Compliance
Protecting customer data and personal information is not only important to preserving brand reputation and reducing the threat of financial loss, but is required to demonstrate compliance with federal, state and international regulations and guidelines. Code Green Networks provides data loss prevention solutions that specifically address the requirement for organizations of all types to protect data and demonstrate compliance.
Code Green Networks provides affordable, easy-to-deploy and manage solutions that help organizations meet compliance requirements with GLBA, HIPAA, PCI, SOX and more than 35 state data privacy laws such as CA (California) SB 1386. In addition, Code Green Networks enables organizations to comply with recently published Federal Trade Commission (FTC) guidelines for protecting customer data and recent amendments to the Federal Rules of Civil Procedure (FRCP) that provide additional guidance for organizations in the event of legal electronic discovery.
Below is a summary of current federal, state and international regulations and guidelines and how Code Green Networks aids in demonstrating compliance:
| Regulations | Code Green Solution |
|---|---|
| Federal Trade Commission (FTC) Guidelines for Protecting Personal Information | Guidelines published by the Federal Trade Commission (FTC) in April 2007 provide significant detail on what the FTC considers to be reasonable and appropriate steps for businesses to protect the privacy of customer and employee data that they maintain (www.ftc.gov/infosecurity). These guidelines point to the need for data loss prevention solutions and form the basis for what will be considered best efforts in protecting personal information. By registering confidential customer and employee information stored in structured or unstructured content sources, Code Green Networks enables organizations to automate the process of inspecting and monitoring all network traffic to identify, audit and prevent potential violations. In addition, through the use of integrated, policy-based email encryption technology, organizations can automatically choose to encrypt communications that contain sensitive information. |
| Recent Amendments to the Federal Rules of Civil Procedure (FRCP) | The Federal Rules of Civil Procedure (FRCP) were amended in December 2006 to more explicitly address the role of electronically stored information in federal civil cases involving patents, copyrights, securities and other disputes. Shortly after the filing of a lawsuit, parties must meet and exchange descriptions of all electronically stored information relevant to the case. These amendments have clearly opened the door for the use of not only corporate email but also consumer WebMail services used by employees while on the company network in legal electronic discovery. Code Green Networks provides comprehensive data loss prevention for organizations that allows content authorities to specifically inspect and apply policies to consumer WebMail communications. |
| Gramm-Leach-Bliley Act (GLBA) | The Financial Services Modernization Act, also known as the Gramm-Leach-Bliley Act (GLBA), was established in 1999 and requires financial products and services providers to develop a comprehensive information security program to safeguard sensitive customer information such as social security and credit card numbers. By registering non-public personal information stored in structured or unstructured content sources, Code Green Networks enables organizations to automate the process of inspecting and monitoring all network traffic to identify, audit and prevent potential violations. |
| Health Insurance Portability and Accountability Act (HIPAA) | The Health Insurance Portability and Accountability Act (HIPAA) requires organizations entrusted with Protected Health Information (PHI) to protect this data against deliberate or inadvertent misuse or disclosure. By registering PHI data located in structured or unstructured content sources, Code Green Networks enables organizations to demonstrate compliance through inspection and monitoring of all network traffic to identify, audit and prevent potential violations. |
| Payment Card Industry (PCI) | The Payment Card Industry (PCI) group was formed in 2004 to create common industry security requirements acceptable to all cardholder associations such as Visa, and MasterCard. The standards define how cardholder and card authentication data must be stored, managed and processed to keep it secure. Code Green Networks provides comprehensive data loss prevention for organizations that store customer data including cardholder and card authentication data. By registering confidential data located in structured or unstructured content sources, organizations can automate the process of inspecting and monitoring all network traffic and identify, audit and prevent potential violations. |
| Sarbanes-Oxley Act (SOX) | The Sarbanes-Oxley Act (SOX), specifically Section 404, which took effect in November 2004, establishes key internal controls to improve timeliness, transparency, accuracy, and confidentiality of financial data. Code Green Networks provides comprehensive data loss prevention for organizations to monitor, inspect and prevent confidential financial information and intellectual property across all Internet communications channels. By registering confidential financial information located in structured or unstructured content sources, Code Green Networks enables organizations to demonstrate compliance through inspection and monitoring of all network traffic to identify, audit and prevent potential violations. |
| State Data Privacy Laws | Since the passing of CA SB 1386 in July 2003, more than 35 states have enacted laws that specifically protect consumer privacy. These state data privacy laws require organizations to safeguard data collected from consumers who reside in those states and in circumstances where private data has been potentially exposed, the organization must notify consumers who are affected. Code Green Networks provides comprehensive data loss prevention so organizations can monitor, inspect and prevent confidential or personal consumer information from being leaked out of the organization’s network. By registering confidential customer and employees data located in structured or unstructured content sources, Code Green Networks enables organizations to monitor, inspect and prevent personal information from being leaked out of the organization’s network. |
