To embed, copy and paste the code into your website or blog:
The California Privacy Rights Act (CPRA), effective January 1, 2023, adds “contractors” to the list of entities that a business may entrust with customer data. So what is a “contractor?” And how are “contractors” different from other entities described by California privacy law, such as “service providers” or “third parties?”
As it turns out, the answer is surprising. Contractors are nearly identical to service providers, with just two differences: contractors are not data processors; and contractors must make a contractual certification in CCPA contracts. Moreover, contractors are not even new entities, and were already described in existing California privacy law.