Keep in mind that “consumers” are generally defined as California residents for purposes other than temporary and may include customers, employees, business contacts, and others. CCPA generally defines “personal data” and may collect information that your company has not previously treated as personal data and can therefore reach its suppliers overall. Hopefully, too, like Sheldon and Amy, your written relationship agreement with your provider will help you define the relationship as a service provider under the CCPA. A website hosting provider would be a logical provider that should be considered a service provider based on the specifics of the agreement. For example, does the provider assert extensive rights to use the personal data collected on the site for its own purposes? Does the provider exchange consideration with external advertising agencies with regard to cookies and other tags placed on users of the site? In real life, relationships that are not defined can be unpleasant. In this DTR between you and your supplier, the CCPA therefore has few simple requirements. If you include them in your written agreement, you must comply with this part of the CCPA. And your provider may be your own service provider and not a random third party. There are many other things that need to be covered by the CCPA, such as privacy notices, management of individual rights, no sell buttons, minimum security requirements.

but we can save them for another item. If the seller is not a “service provider”, is the disclosure still a “sale”? No no. Instead of looking at the CCPA definition (the web is full of definitions), we can see how the law applies to supplier companies. Initially, ccpA would apply to “companies that collect or determine purposes and funds intended for data for commercial purposes”. Whatever the gist of your business, it`s likely that you`ll be counting on third parties to help you with day-to-day procedures. You can be a great option when it comes to almost every aspect of the business, and give yourself more time to manage the most important items while outsource those that don`t necessarily require internal audit. However, relying on third parties also means that you must be mindful of the new requirements of the California Consumer Privacy Act (CCPA), which was passed on January 1, 2020 will come into effect. As it stands, the CCPA promises to immediately influence your negotiated agreements with third parties, especially if you are currently selling data to them. In this article, we will outline (1) how the CCPA defines third parties; 2. what requirements it imposes on undertakings that use third parties; and (3) how you can ensure that your business meets these requirements.

If you`re not sure if your business is required to comply with the CCPA, take our free CCPA quiz before continuing further. When it comes to your customers` personal data, your supplier needs to “keep it in your pantry,” as singer Lyle Lovett says. Your supplier may only use the personal data you provide to him to the extent necessary for the fulfillment of the “business purpose” for which you have engaged him. The CCPA says it`s normal to use personal data to meet a company`s operational needs, including activities such as auditing, detecting security incidents, fulfilling orders, executing transactions, processing payments, etc. [3] On January 1, 2020, the California Consumer Privacy Act (CCPA), which applies to companies` handling of California consumers` personal data, has become law. When a company is subject to the CCPA, one of the many tasks is to change its agreements with all of its suppliers who process the personal data collected by the company. . . .