Organizations preparing for the California Consumer Privacy Act have heard it and read it before — to prepare for the CCPA, all organizations, including covered “businesses” and third-party vendors, must review their vendor contracts. What is not always (or ever) explained, however, is what reviewing actually consists of and how organizations benefit from ensuring such a review takes place.

Some organizations may want to ignore reviewing their vendor contracts based on the assumption that their current vendor management program is sufficient. Be careful. California continues to disrupt long-held compliance assumptions with the passage of the CCPA, including, for example, by narrowly defining which entities qualify as “service providers” under the act.

Read the full article in Law360 here.