The California Consumer Privacy Act (CCPA) requires reasonable security measures to be implemented to protect personal information from unauthorized access, destruction, modification or disclosure. For data stored in files and folders that reside on a Windows system, the deployment of UserLock and FileAudit will help prove to regulators you are effectively protecting the access to your customer’s personal data.
Protecting personal data for California citizens
Inspired by GDPR, the new CCPA privacy law is designed to protect the data privacy rights of citizens living in California.
In short, it forces companies to be transparent about what’s being done with personal data. It gives citizens the control over how their data is used, shared or sold. If they disapprove, they are given the chance to opt-out and demand the data is deleted.
Confusion still resigns over the exact interpretation of personal data, but it can include email address, online handles and IP address, as well as more traditional identifiers such as name, address and social security number.
CCPA requires reasonable security measures to avoid class-action liability
In addition to these improved consumer privacy rights, the CCPA requires “reasonable security measures are implemented to protect this personal information from unauthorized access, destruction, use, modification or disclosure.” Enforced by the California Attorney General, the failure to have ‘reasonable security measures’ might result in non-compliance and accompanying financial penalties.
There’s also the risk of class-action suits from consumers. Perhaps the most concerning for companies is that the CCPA provides a “private right of action” in instances where there’s a theft or disclosure of non-encrypted or non-redacted personal information. In the case of such a data breach, statutory damages can be awarded if it is shown the company has violated the law and failed in its duty to implement reasonable security measures.
Ensure the proper access to, and usage of, personal data
Like many compliance standards, trying to meet “reasonable security measures” is confusing at best. But at the core of any compliance mandate is the desire to keep data secure, only allowing access to those who are authorized and need it for business reasons.
To both know and demonstrate that this is the case for your organization requires visibility and control on who has access to the network, and what actions are being taken upon the sensitive data inside. This is where UserLock and FileAudit can help you to comply with these new CCPA standards.
Stop unauthorized access to personal data at the logon with UserLock
Compliance starts with improving login security.
The logon is the most compelling point at which to stop potentially inappropriate access (again, read: compliance breach) from ever happening.
UserLock makes this easy by working alongside Windows Active Directory to add two-factor authentication, contextual access policies and real-time insight around all user logins. It ensures only the appropriate access to systems and the data inside. A full audit trail allows you to track down threats and prove compliance.
With UserLock an organization can:
- Verify the identity of all users & ensure access to the network and, eventually, personal data is identifiable, audited and attributed to an individual user
- Prevent unauthorized access by rendering genuine but compromised employee logins useless to would-be attackers
- Eradicate careless user behavior like password sharing to reduce the risk of unauthorized access from internal threats
- Flag suspicious access events in real time, meaning an administrator can immediately respond and further protect access to the network and personal data within
Monitor the access to and usage of personal data with FileAudit
IT needs to have constant visibility into what personal data is being accessed, by whom, when, from where, etc.
This information helps you remain vigilant against inappropriate access and help you to spot unusual activity such as large amounts of data accessed or nonstandard access times.
With FileAudit you get more than just logs and information. It protects data, across the whole organization, with real-time insights and the opportunity to immediately react with an automated response.
With FileAudit an organization can:
- Identify inappropriate access (and access attempts) through real-time monitoring and alerting, giving the IT department the ability to review and remediate issues
- Send alerts when FileAudit detects mass access, copying, deletion or moving of files (a strong indication of a compliance breach)
- React to the alert with an automated response, direct from the FileAudit console
- Indicate where the user has accessed the file from, including different workstations on site or mobile devices remotely — all by tracking and identifying the source IP address
- See who has access to what thanks to a centralized overview of the NTFS permissions
- Centralize and archive all file access events occurring on one or several Windows systems and in the cloud, generating an always available, searchable and secure audit trail