Drafting Vendor Agreements to Comply With California Consumer Protection Act: Steps to Take Now

Meeting CCPA Data Protection and Privacy Requirements, Avoiding Fines and Penalties, Applicability in Other States

Recording of a 90-minute CLE webinar with Q&A

Conducted on Wednesday, May 15, 2019

Recorded event now available

or call 1-800-926-7926
Program Materials

This CLE webinar will guide business and technology counsel for drafting or updating technology vendor agreements to meet the data protection and privacy requirements of the California Consumer Privacy Act of 2018 (CCPA). The panel will discuss the origins, applicability and standards of the CCPA, as well as practical compliance considerations to determine whether the CCPA applies to a business, due diligence tactics for evaluating existing technology vendor agreements, and language that should be incorporated in contracts to ensure compliance.


The CCPA is arguably the most comprehensive privacy regulation in the United States. The CCPA, while inspired by the European General Data Protection Regulation (GDPR), differs in many significant respects. As a result, companies that just finished their push to comply with the GDPR now also must now redirect their attention to the CCPA.

Failure to comply with the CCPA may cost businesses steep fines and present a significant risk to reputation and the loss of customer goodwill. Counsel to U.S. businesses and technology vendors must determine if their clients' vendor agreements are subject to the CCPA. If so, counsel should guide their clients in carefully evaluating and amending the contracts to ensure they are in line with the new data protection standards.

Counsel should especially strengthen the terms of the vendor agreements addressing liability and indemnity given the potentially significant sanctions for noncompliance with the CCPA.

Listen as our authoritative panel explains the critical requirements of the CCPA and steps companies and their counsel should take to ensure that their business practices and vendor contracts are compliant.



  1. Requirements of CCPA
  2. How the CCPA compares to other data privacy regimes, including the EU's GDPR
  3. Determining when the CCPA applies to a business' practices
  4. Performing due diligence on existing vendor agreements for CCPA compliance
  5. Drafting new vendor contracts or amending existing contracts--language to include


The panel will review these and other high priority issues:

  • What are the key features of the CCPA?
  • How does one determine if a business is subject to the CCPA?
  • What are steps companies and their counsel should take immediately to ensure vendor agreements comply with the CCPA?
  • Will the same rights be provided to all consumers regardless of residence?
  • What does "sale" of "personal information" and "commercial purposes" mean and how will that impact planning and compliance?
  • How will CCPA affect supply chain management especially between vendors, suppliers and other relationships?
  • What types of information do I need to ask vendors to provide to demonstrate compliance?
  • With CCPA-like laws being enacted by states across the U.S., what are some best practices to adopt in anticipation?


Bonner, Douglas
Douglas G. Bonner

Potomac Law Group

Mr. Bonner has more than 25 years of experience representing wireline and wireless providers, cable TV, VoIP and...  |  Read More

Shore, Rebecca
Rebecca Shore

Director, Global Privacy
Under Armour

Ms. Shore is a global privacy specialist and strategic planner focused on data privacy, policy development, and...  |  Read More

Other Formats
— Anytime, Anywhere

Strafford will process CLE credit for one person on each recording. All formats include program handouts. To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Video