ZixIt Launches Analysis Service to Assess and Manage e-Mail Security Risks

April 24, 2002

ZixAuditor(TM) service assists organizations in meeting regulatory compliance and ensuring the use of legally appropriate practices in using e-mail

ZixIt Corp. (Nasdaq:ZIXI), a global leader in secure e-messaging services, today announced it has launched ZixAuditor(TM), a unique assessment service that examines and analyzes an organization's inbound and outbound e-mail communications to identify regulated, high-risk, or proprietary content.

Initial observations from ZixAuditor assessments show that organizations do not have an adequate understanding of the kinds of information that are transmitted through their e-mail systems, and that over 23 percent of corporate e-mail contains information that should not be transmitted without appropriate security. One particularly significant observation was that 14 percent of the e-mail transmissions of a typical healthcare organization included "protected health information," which under federal law includes personal medical or insurance data that must today be safeguarded against security breaches.

The failure to protect sensitive information against interception can lead companies to suffer loss of intellectual capital, harm to their reputations, regulatory penalties, civil liabilities, and financial losses. A wide range of new federal laws and initiatives -- including regulations issued under the Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act ("HIPAA"), as well as privacy enforcement actions by the Federal Trade Commission ("FTC") -- are imposing unprecedented legal requirements for the protection of financial, medical, and other sensitive personal information on companies in the financial services, health care, e-commerce and other sectors.

Corporations, their directors, and their officers may be held liable for a failure to monitor and prevent known risky practices. ZixAuditor allows organizations to identify risky e-mail practices by their employees and associates in order to assess current liabilities and to monitor practices as part of ongoing compliance programs. The service was specifically developed to fill the need for an effective diagnostic tool to identify and manage the risks associated with e-mail communications over the Internet.

"Many organizations are simply unaware just how much high risk, proprietary, and regulated content is sent and received via e-mail over the Internet everyday with no security," said Daniel S. Nutkis, vice president, strategy and products, ZixIt. "Organizations are shocked to learn just how much sensitive information they are sending via e-mail, and additionally how much sensitive information about them is contained in messages being received from vendors, business partners, and others."

Tested and used with Fortune 500 companies, ZixAuditor is built around a sophisticated lexicon that enables the identification of messages that contain legal, health, financial, human resources, and other legally protected or valuable, proprietary information. The lexicon was created in consultation with Preston Gates & Ellis LLP, a Seattle-based law firm with a strong focus on intellectual property rights, electronic communications, and federal privacy regulations. ZixIt expects to continue to work with Preston Gates & Ellis LLP to refine and improve the lexicon based on customer experience, and taking into account changing regulations and practices. As part of each assessment the lexicon will be customized to include terminology specific to the customer organization.

"The lexicon created by ZixIt is unique and is one of the keys to making ZixAuditor an effective assessment tool," said Jeffrey P. Fusile, National Partner-in-Charge of PricewaterhouseCoopers' HIPAA Consulting Practice. "ZixAuditor provides organizations with an easy and effective way to understand their current use of e-mail, and how their privacy and security policies, procedures and technologies will need to change to meet the rapidly growing list of privacy and security requirements."

"Organizations in the financial services and healthcare sectors face particular challenges in complying with increased regulation around the protection of individuals' personal data," said John R. Christiansen, an experienced privacy attorney at Preston Gates & Ellis LLP and chairman of the firm's Technology Security Team. "For example, HIPAA already requires healthcare organizations to maintain `safeguards' to protect information against `reasonably anticipated' security threats, and the Gramm-Leach-Bliley Act imposes a similar obligation on financial institutions. While most organizations may not yet realize it, these obligations put them at risk right now. Failure to even identify, much less properly address e-mail usage and security risks could easily lead to liability problems for many companies."

ZixAuditor, which is now generally available, can be utilized as a one-time assessment, providing detailed reports on e-mail patterns, or as part of an ongoing compliance program by which organizations can monitor and document their remediation or compliance initiatives. Pricing starts at approximately $15,000 per assessment. For additional information about ZixAuditor, contact ZixIt at 866/257-4949.