Vendor Risk Management Under the CCPA
Under the CCPA, a service provider processes personal information on a business’s behalf. As such, service providers will fall under your vendor risk management program. Businesses like yours should know what service providers are in use, what data they hold, and whether key contract provisions are in place. This information is critical for managing consumers’ requests to opt-out of the sale their personal information or to delete their personal information.
Under the CCPA, service providers have key responsibilities pursuant to written contracts. Service providers must not use, retain, or disclose consumers’ personal information other than for the specific purpose stipulated in the contract, or as otherwise permitted by the CCPA. With OneTrust Vendorpedia, track contractual terms and hold service providers accountable for personal information processing agreements.
The CCPA requires businesses to work together with service providers in certain scenarios to fulfill consumer rights requests, such as the right of data deletion or the right to opt-out of the sale of personal information. With OneTrust Vendorpedia, businesses can keep records of the service providers processing personal information to know which ones must help fulfill consumer rights requests.
Businesses subject to the CCPA should work with service providers that protect the privacy and security of consumers’ personal information. With OneTrust Vendorpedia, execute automated risk assessments on service providers and track and mitigate risks. Perform due diligence on thousands of service providers with aggregated intelligence within the Global Risk Exchange. Or, use Vendorpedia’s Vendor Risk Chasing Services to offload the assessment process entirely.
Generating regulator-ready reporting is critical to CCPA compliance. And when information is spread out in various spreadsheets and buried in emails, this recordkeeping becomes difficult. With OneTrust Vendorpedia, your business can leverage templated reports to demonstrate vendor risk management compliance as it relates to the CCPA.
Is your business’s vendor risk management program ready for the CCPA?
Track service providers and hold them accountable to the CCPA’s consumer rights requirements
Track key terms for service provider agreements to protect your organization and restrict the unauthorized use of personal information
Use CCPA reporting templates to generate analytics relating to the risks of your service providers