With the enforcement of the California Consumer Privacy Act (“CCPA”) commencing on July 1, 2020, many businesses should be taking a close look at their CCPA service provider agreements. By way of background, the CCPA is a consumer-friendly privacy law that applies to various entities and their respective service providers. The CCPA provides consumers with protections and choices with respect to how their personal information is collected, used and shared by businesses and other entities. Consistent with the foregoing, the CCPA requires businesses to ensure that their service providers and other third-party partners refrain from exploiting the personal information that is shared with them.
The CCPA defines “service provider” as any entity “that processes information on behalf of a business and to which the business discloses a consumer’s personal information for a business purpose pursuant to a written contract.” Further, the CCPA contains an expansive definition of “personal information,” which includes “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”
Based on the foregoing, if they have not already done so, companies need to: 1) revise CCPA service provider agreements on a going-forward basis; and 2) draft CCPA-compliant amendments to existing agreements to ensure that their respective service provider partners are contractually obligated to refrain from using consumer information for prohibited commercial purposes.
Should I Revise My Service Provider Agreements for CCPA Compliance Purposes?[Read More]