CISO/Security Vendor Relationship Podcast and Series can be found at CISOSeries.com. A newly proposed provision in the Consumer Data Protection Act (CDPA) could result in jail time for intentional data privacy violations. We're not scared. We're still peeping into your digital lives on the latest episode of the CISO/Security Vendor Relationship Podcast. This show, like all the previous ones is hosted by me, David Spark (@dspark), founder of Spark Media Solutions and Mike Johnson, CISO of Lyft. Our sponsored guest this week is Will Ackerly, co-founder and CTO of Virtru. Special thanks to Virtru for sponsoring this episode. As a reader, I know you’re always worried about your data. That’s why Virtru is providing a free copy of Forrester’s 14-page report on the Future of Data Security and Privacy to readers for a limited time. Click here to grab your copy while it’s still available. On this episode Why is everybody talking about this now? Huge fines and massive jail time for intentional violations of data privacy. Do the new provisions in the CDPA go too far or are they just right? What's a CISO to do? Listener Bradley Teer of Armor Cloud Security asks, “What’s the scariest moment or event that's ever happened in your career as a security practitioner?" What's Worse?! Two listeners, Rick McElroy of Carbon Black and Jamie Leupold of PreVeil asked the same question for this week's game. It's a question Mike knew was eventually going to be asked. Please, Enough. No, More. We talk about data privacy in today's segment. Can we get beyond the discussion of GDPR? Ask a CISO On a previous episode we talked about the meager adoption of multi-factor authentication. We concluded that it was still too complicated to use. So what's encryption's excuse? Why isn't encryption available and used by all? How does the security paradigm change if everyone is sending encrypted messages?