CCPA and CPRA 2.0: Navigate the California Compliance Alphabet Soup

Finally — 2020 is almost over. But before you breathe that sigh of relief, ask yourself: Am I prepared for the impending changes to privacy compliance laws? Whether you’re a PI-pro, or wishing we were talking pie instead — stick around. Our team has a huge pile of resources for you to ring in the New Year with a stress-free compliance plan.

Let’s take a quick dive into the world of the complex world of California consumer protection laws.

Basics, Please. What are these acronyms?

CCPA is the California Consumer Privacy Act. CPRA is the California Privacy Rights Act.

Good start. What is CCPA?
CPRA was adopted in 2018, and chances are, you’re already compliant within your organization (particularly if you do a lot of business in California). But for the uninitiated, and per the Golden State’s Department of Justice, CCPA includes:

Fair enough. So what’s the deal with CPRA?
The citizens of California voted for CPRA via a ballot measure on Nov. 3, 2020. It takes CCPA and, basically, bolsters it quite a bit. For you, this means taking a look at your current compliance in terms of protecting your clients’ privacy. CPRA is way more specific. 



Spirion_Briefing_CISO Banner with titleDoes CPRA replace CCPA?
Nope. It serves more to augment the initial law, rather than replace it. What’s the best way to break down the differences? Attend our upcoming Web Briefing — here’s a sneak preview of this session. Hear a conversation between Data Connectors Chief Strategy Officer Michael Hiskey and Spirion’s Scott Giordano from the Atlanta Virtual Cybersecurity Summit in the video below:


There are 49 other states aside from California, and I’m in one of them. Does this apply to me?

You have to meet one of three standards to fall under the law. 

  1. Your business pulls at least half of your annual revenue from sharing or selling the personal information of California customers.
  2. Your business has a gross revenue greater than $25 million
  3. Your business buys/sells/shares the personal information of greater than 100,000 California customers or households. 

Remember — all you need is ONE of those three. That makes this legislation fairly far-reaching, much like many of the state’s consumer protection laws. 

For instance, anyone who has ever manufactured and sold a product to anyone in the U.S. knows that California laws strong-arm the entire industry into posting CA Prop. 65 warnings on, well, basically everything (we’re talking aloe vera, parking garages, and coffee). That means that even if you roast your coffee beans in Oregon, but sell it over state lines, you need to carry a Prop. 65 warning on your packaging. 

So, if you meet the criteria, welcome to the wild West Coast. You’re expected to comply with CPRA as well as its predecessor, CCPA. And, if your goal is customer happiness and good business practice, then it makes sense to adhere to these guidelines — even if you have a very small number of customers or clients from California.

The challenge is in preparing your business for CPRA compliance — and, in a hurry. The measure that passed in November is going into law on January 1, 2021. 


This is bigger than me. How do I learn more?
Fortunately, you don’t need a degree from a prestigious California law school to navigate these laws, because Spirion’s Scott Giordano already did that for you. Hop onto our Web Briefing on Dec. 17th at 2PM ET, and hear from Scott and a full panel of CISOs on how to help your business handle these changes and protect your customers’ data.

CCPA and CPRA 2.0: Navigate the California …

Hot Topics in Cybersecurity Posted by Jen Greco on Dec 8, 2020

The Dire Consequences of the Cybersecurity Skills Gap

Our friends at ISC^2 have competed their 2020 Cybersecurity Perception study. And if it teaches us anything, it’s that cybersecurity is a pretty darn great career path – just not one that most respondents would want to pursue themselves. 

It’s sort of the career equivalent of that rom-com trope — “I love you, but I’m not in love with you.” Generally speaking, people are happy to be “friends” with cybersecurity… but they’re just not looking for a relationship right now. Sigh.

This news actually lands somewhere between heartening and disheartening. After all, only 1% of the 2500 people surveyed described cybersecurity as a “bad” career path. Who wouldn’t want to be generally considered smart, technically skilled and as “good guys fighting cyber crime” — as the survey summary suggests? But, as great as it is on this side of the fence, 69% say that while it’s a good career path, it’s not one they’d be interested in taking on.

The study found that Generation Z (those currently younger than 24) have the most negative view on cybersecurity as a career path. This is troubling, as the job market is flooding with more “Zoomers” each year (as the Boomers make their way to the Social Security office). 

So where’s that leave us? With an ever-growing 3 million (million!!) open jobs in cybersecurity across the globe, the study is a good reminder that we need to leave the door open for younger generations to pour in.

ISC^2 agrees, a widening the appeal of cybersecurity to include non-technical components and a variety of different roles, increasing educational opportunities, and developing a more focused effort in recruiting. 

At the New Orleans & Little Rock Cybersecurity Summit on Sept. 24, Michael Osterman of Osterman Research discussed the widening skills gap in the industry. In fact, he cited that his research found that three in five organizations found that the skills shortage is either “serious” or “very bad.”

The biggest issue is in filling positions related to proactive threat hunting and threat intelligence. Staffing issues on these topics presents a major issue within organizations — nearly a third of organizations reported that the lack of professionals skilled in proactive threat hunting presented a serious or extremely serious problem.

The Dire Consequences of the Cybersecurity …

Hot Topics in Cybersecurity Posted by Jen Greco on Sep 23, 2020