• Products
    • Products

      • Governance Suite Combine all Spirion products to build a proactive privacy and security posture.
      • Sensitive Data Platform Scan, classify, remediate using SaaS solution
      • Sensitive Data Finder Automate Subject Rights Request processing
      • Sensitive Data Watcher Actively monitor and understand your data
    • Placeholder

      • Sensitive Data Manager Scan, classify, remediate using on-premise solution
    • Learn more

      • Sensitive Data Governance Framework Our framework outlines key stages of readiness to safeguard sensitive data and sustain compliance.
      • Spirion Data Risk Assessment If you don’t know where your sensitive data is located or where it is stored, you’re at risk for a data breach.
      • Platforms Interrogated
      • Integrated Solutions Explore how Spirion connects with other security apps and tools.
      • Spirion Marketplace Integrate with other security tools and check out resources that enhance your data protection program.
    • Sensitive data needs one clear protector.

      Discover. Protect. Comply. Spirion has all your sensitive data needs covered.
      See Governance Suite
  • Solutions
    • Industry Solutions

      • eCommerce
      • Finance
      • Healthcare
      • Higher Education
      • Manufacturing
      • Public Sector
      • Telecommunications
    • Security & Privacy Use Cases

      • DISCOVER: Sensitive data-at-rest is data-at-risk
      • CLASSIFY: Unify data governance efforts with context-rich classification
      • UNDERSTAND: Prioritize your data protection efforts with a DRA
      • CONTROL: Reduce the risk and cost of a data breach
      • COMPLY: Accelerate PCI-DSS compliance
      • COMPLY: Safeguard PII data to pass GLBA audits
    • Compliance

      • Overview
      • GDPR
      • CCPA
      • CMMC
      • CPRA
      • GLBA
      • HIPAA
      • The New York SHIELD Act
      • PCI DSS
      • Other
    • Cloud, servers, endpoints - wherever sensitive data lives, Spirion protects it.

      Everywhere is our territory.
  • Resources
    • Insights

      • Blog
      • Case Studies, White Papers, & Research
      • Podcast
      • Upcoming Events
    • Core Expertise

      • How to take a data-centric approach to security
      • What are cyber insurance requirements?
      • What is data lifecycle management?
      • What is data loss prevention?
      • What is a data risk assessment?
      • What is a data breach and how can it be prevented?
      • What is endpoint security?
      • What is a sensitive data governance framework?
    • Core Capabilities

      • Data Discovery Software Tools: Capabilities and Benefits
      • What is sensitive data discovery?
      • What is semantic data discovery?
      • What is data classification?
      • What is data remediation?
    • Cloud, servers, endpoints - wherever sensitive data lives, Spirion protects it.

      Everywhere is our territory.
  • Partners
  • Support
    • Support

    • Customer Success
    • Professional Services
    • Technical Support
    • Service Level Addendum (SLA)
    • Customer Support Policy
  • Company
    • Company

    • About Us
    • Become a Partner
    • Careers
    • Newsroom
    • Our approach
    • Privacy at Spirion
    • 15 Year Anniversary
  • Search
  • Customer Portal
  • Contact
Watch demo now
Watch demo now
  • Products
    • Governance Suite
    • Sensitive Data Platform
    • Sensitive Data Finder
    • Sensitive Data Manager
    • Sensitive Data Watcher
    • Learn more
      • Sensitive Data Governance Framework
      • Spirion Data Risk Assessment
      • Platforms Interrogated
      • Integrated Solutions
      • Spirion Marketplace
  • Solutions
    • Industry Solutions
      • eCommerce
      • Finance
      • Healthcare
      • Higher Education
      • Manufacturing
      • Public Sector
      • Telecommunications
    • Security Use Cases
      • DISCOVER: Sensitive data-at-rest is data-at-risk
      • CLASSIFY: Unify data governance efforts with context-rich classification
      • UNDERSTAND: Prioritize your data protection efforts with a DRA
      • CONTROL: Reduce the risk and cost of a data breach
      • COMPLY: Accelerate PCI-DSS compliance
      • COMPLY: Safeguard PII data to pass GLBA audits
    • Compliance
      • Overview
      • GDPR
      • CCPA
      • CMMC
      • CPRA
      • GLBA
      • HIPPA
      • The New York SHIELD Act
      • PCI DSS
      • Other
  • Resources
    • Insights
      • Blog
      • Case Studies, White Papers, & Research
      • Podcast
      • Upcoming Events
    • Core Expertise
      • How to take a data-centric approach to security
      • What are cyber insurance requirements?
      • What is data lifecycle management
      • What is data loss prevention?
      • What is a data risk assessment?
      • What is a data breach and how can it be prevented?
      • What is endpoint security?
      • What is a sensitive data governance framework?
    • Core Capabilities
      • Data Discovery Software Tools: Capabilities and Benefits
      • What is sensitive data discovery?
      • What is semantic data discovery?
      • What is data classification?
      • What is data remediation?
  • Partners
  • Support
    • Customer Success
    • Professional Services
    • Technical Support
    • Service Level Addendum (SLA)
    • Customer Support Policy
  • Company
    • About Us
    • Become a Partner
    • Careers
    • Newsroom
    • Our approach
    • Privacy at Spirion
    • 15 Year Anniversary
  • Customer Portal
  • Contact
Watch demo now

CPRA Compliance Software Shopping Guide

  • What is The California Privacy Rights Act (CPRA)?
  • Who enforces CPRA requirements?
  • What software solutions can help you be in compliance with CPRA?
  • What questions should you ask about the capabilities of a CPRA software solution?
  • What common mistakes do organizations make when choosing a CPRA software vendor?
  • Software solutions to help you stay compliant with CRPA

To stay in compliance and avoid costly fines and reputational risks, it’s key for organizations to stay on top of shifting privacy laws, which can vary widely by state. One state enacting a big change in 2023 is California. This year, the state is implementing a new privacy law, The California Privacy Rights Act (CPRA), which will repeal and replace the existing California Consumer Privacy Act. 

Here, we will give you an overview of what you need to know about this law and how to evaluate potential CPRA software options that can help you stay in compliance with it.

What is The California Privacy Rights Act (CPRA)?

The California Privacy Rights Act (CPRA), also known as the California Consumer Privacy Act (CCPA) 2.0, is a new privacy law that went into effect on January 1, 2023. It builds on the existing California Consumer Privacy Act (CCPA) and provides additional protections for consumers’ personal information.

One of the key provisions of the CPRA is the requirement for organizations to provide consumers with the ability to opt out of the sale of their personal information. Organizations must provide an easy way for consumers to opt-out on their websites to prevent this sale.

The CPRA also creates a new class of data known as “sensitive personal information.” This data is held to higher regulatory standards than previous definitions of personal information and also grants individuals greater control over the ways in which this information can be used by an organization.    

In order to be in compliance with the CPRA, businesses must also implement certain security measures to protect consumers’ personal information from unauthorized access, use, or disclosure. This includes implementing technical safeguards such as encryption and secure servers, as well as physical safeguards such as secure storage facilities.

Who enforces CPRA requirements?

To enforce these new requirements, the state has created a new enforcement agency, the  California Privacy Protection Agency (CPPA). The primary responsibilities of this organization are: education, rulemaking, enforcement, and certifications.  

Your organization is subject to CPRA requirements if it:

  • Earned $25 million in gross revenue the previous calendar year;
  • Processes the data of more than 100 thousand consumers; or
  • Earns more than 50% of revenue from the sale of personal information.

What software solutions can help you be in compliance with CPRA?

To be in compliance with CPRA, organizations will need to employ software technology that enables them to identify sensitive personal information wherever it exists in their information ecosystem. During this process, it’s common for organizations to uncover personal or sensitive information stored in systems that they didn’t even know about. Implementing a data-centric approach to information security should be your first step.  

To achieve this, investments in data discovery software tools with capabilities for classifying, monitoring, and remediating sensitive data are key. Once located, context-rich tags can be applied to ensure both personal information and the new category of sensitive personal information get the proper levels of protection. This labeling also enables you to closely monitor data so behavior that violates CPRA requirements can be swiftly identified, and any modifications or duplications can be just as efficiently remediated.

Some examples of additional software tools that can help you be in compliance with CPRA: 

  • Data privacy management platforms: These platforms provide a centralized location for managing and tracking consumer opt-outs and other data privacy requirements. They often include features such as automated opt-out tracking, data mapping, and consent management.
  • Encryption software: Encryption software helps protect personal information by converting it into a coded form that can only be accessed by those with the necessary decryption key. This can be especially useful for businesses that handle sensitive personal information, such as financial data or medical records.
  • Identity and access management software: This type of software helps businesses control and track who has access to specific areas of their systems and data. It can be used to prevent unauthorized access to personal information and ensure that only authorized individuals have access to sensitive data.

By implementing these types of software solutions, organizations can better protect consumers’ personal information and stay in compliance with the CPRA. 

In addition to deploying the right tools, the final component of meeting CPRA requirements is to employ a team of skilled IT, security, compliance, and legal professionals who are actively working together to meet security and compliance goals. Organizations should also regularly review and update their data privacy practices to ensure they are meeting the requirements of CPRA and other relevant compliance laws. 

What questions should you ask about the capabilities of a CPRA software solution?

Every vendor of data privacy software will tell you their solution is the best on the market for ensuring your organization’s compliance with privacy laws. However, this is not always the case. Be sure you take the time to evaluate any proposed CPRA software solution. Here are some questions to ask the vendor to get you started. 

  • Can you customize a user’s privacy experience? 
  • Does your solution protect data at its source? 
  • What happens if (and when!) these compliance laws change? 
  • Can your solution be easily refined? 
  • Does your solution easily automate opt-out requests? 

What common mistakes do organizations make when choosing a CPRA software vendor?

The mistakes that organizations make when choosing a CPRA software vendor tend to be similar to those made when selecting any other software vendor. Finding, evaluating, and implementing a new software solution can be a huge challenge, and will require significant investments in time and resources in order to deploy successfully. 

  • Vague requirements. Every organization will have different business requirements. Many organizations fail to get enough stakeholders involved to determine precisely what those requirements will be. This can result in selecting a solution that does not meet all of your needs. 
  • Relying on non-experts. Vendors will state that they have all the answers to your challenges if that’s what it takes to win your business. It’s critical to rely on input from leading experts in compliance regulations and data security before making a decision about the right solution for your organization. 
  • Short-term thinking. Software solutions for managing and protecting sensitive data must be designed for the ever-shifting landscape of privacy laws and regulations. Your software solution should be able to evolve with changing laws. 

Software solutions to help you stay compliant with CRPA

The best way to protect your sensitive data and remain in compliance with new laws like CRPA and other regulations is with a comprehensive solution designed to uncover, classify, remediate, monitor, and report on data wherever it resides.  

The Spirion Governance Suite fulfills these requirements and protects data with 98.5% accuracy, offers real-time monitoring and analytics, and features comprehensive integration with existing technology stacks. For more information, see the product in action or contact us to get the conversation started.

Ready to get started?

Schedule a personalized demo with one of our data security experts to see Spirion data protection solutions in action.

Watch demo now
Discover, protect and comply.

Protect sensitive information with a solution that is customizable to your organizational needs. When your job is to protect sensitive data, you need the flexibility to choose solutions that support your security and privacy initiatives.

Governance Suite →

Industry Solutions

Not knowing where sensitive client financial data resides and failing to take the right security precautions can be a costly mistake for your organization. Find out how Data privacy is treated in your sector.

Read more →

  • Products
    • Sensitive Data Platform
    • Sensitive Data Finder
    • Sensitive Data Watcher
  • Solutions
    • Industry Solutions
    • Security Use Cases
    • What is sensitive data discovery?
    • What is data loss prevention?
    • What is data classification?
  • More
    • Insights
    • Services
    • Company
    • Newsroom
  • Need Help?
    • Contact Us
    • Customer Portal
    • 646-863-8301​​​​​​​​​​​​​​​​​​​​​
    • PO Box 24312
      Tampa, FL 33623
LATEST BLOG POSTS
  • The role of data discovery and classification in DLP strategies
  • The data loss prevention (DLP) software shopping guide
  • Ransomware Payment: How to Determine the Worth of Your Data

© 2022 Spirion, LLC. All Rights Reserved
2202 N Westshore Blvd, STE 200 Tampa, FL 33607

  • Legal
  • Privacy
  • Sitemap