The California Consumer Privacy Act (CCPA) is designed to give California residents more control over their personal information and to hold businesses accountable for protecting that information. CCPA applies to for-profit businesses in California. It also requires that businesses implement security measures to protect against unauthorized access, exfiltration, theft, or disclosure of consumer's personal data. CCPA applies to all for-profit businesses that operates in California.
EventLog Analyzer can help businesses manage their CCPA compliance by providing real-time visibility into personal information usage, automating compliance processes, and generating reports and audit trails to demonstrate compliance to regulatory agencies.
Seamlessly collect and analyze log data from various web servers, like Microsoft IIS and Apache. EventLog Analyzer ensures the confidentiality and integrity of personal information stored on your web servers. The logging tool sends automated alerts when suspicious activity is detected, such as insider threats, account compromise, data exfiltration attempts, or unauthorized access. It also provides actionable insights and intuitive reports on web server errors—such as HTTP 502 bad gateway, HTTP forbidden, and HTTP unauthorized—to help you quickly troubleshoot server issues.
EventLog Analyzer's FIM feature examines logs, creates an audit trail that records all actions made to files containing personal information, and sends out insert alerts (on modifications, renames, creations, and deletions) to help you meet CCPA requirements. You can view detailed information on who made the change, what was changed, when, and from where. You can also audit permission changes and failed attempts associated with any file actions.
EventLog Analyzer audits USB device activities through Windows event logs and offers a thorough audit trail of all removable disk activity, including when disks are inserted or removed, when files are copied, and when disk properties are modified. This enables you to track and investigate suspicious or unauthorized removable disk activity. When removable devices, such as USB devices, are plugged into or taken out of the network, real-time notifications can be configured to notify the administrator immediately. The solution also has a predefined report that displays all USB and removable disk activities and detects data theft to prevent confidential data leaks.
To ensure CCPA compliance, data security administrators must continuously monitor network activity and extract data access information. You can meet this requirement by automatically collecting and analyzing logs from database servers such as Microsoft SQL, Oracle, and MySQL with EventLog Analyzer. If any suspicious activity occurs in your database servers—such as unauthorized logons, DDL or DML queries executed on the database, password changes, permission changes, privilege escalation, or role changes—you will be notified immediately. The solution also helps identify various cyberattacks, like SQL injection attacks, ransomware attacks, denial-of-service attacks, and brute-force attacks.
| CCPA requirements | Reports by EventLog Analyzer |
|---|---|
|
Section 1798.150.(a) "Any consumer whose nonencrypted and nonredacted personal information, as defined in subparagraph (A) of paragraph (1) of subdivision (d) of Section 1798.81.5, or whose email address in combination with a password or security question and answer that would permit access to the account is subject to an unauthorized access and exfiltration, theft, or disclosure as a result of the business’s violation of the duty to implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal information may institute a civil action." |
|
Collect, store, and analyze logs from perimeter devices, network devices, endpoint security solutions, web servers, database platforms, and applications from a centralized dashboard.
Learn moreVisualize log data collected from multiple sources and gain valuable insights into important network security events.
Learn moreCCPA applies to for-profit businesses in California that meet at least one of these criteria:
Both the General Data Protection Regulation (GDPR) and the CCPA are data privacy laws that have some similarities and differences. The GDPR applies to businesses that operate within the European Union (EU) or process the personal data of EU residents, while the CCPA applies to businesses that operate in California or process the personal data of California residents. The CCPA defines "consumer" as a California resident, and "personal information" as information that identifies, relates to, or describes a particular consumer or household. Unlike the CCPA, the GDPR imposes hefty fines for non-compliance.
The CCPA provides several important rights to California consumers, including:
The California Privacy Rights Act (CPRA) is a privacy law that builds upon the existing CCPA in California. Having taken full effect on January 1, 2023, it expands and strengthens the privacy rights of California residents by adding new provisions, such as the right to limit the use of sensitive personal information and the right to correct inaccurate personal information, additionaly it increases penalties for violations. The CRPA also created a new regulatory agency, the California Privacy Protection Agency, to enforce the law.
Our solutions undergo rigorous third-party audits to ensure compliance with the same global security and privacy standards we help you achieve.
