Given the steep fines and risk to reputation that can come with failure to comply with the soon-to be-implemented CCPA, covered businesses must carefully review their existing agreements with third-party service providers. In this article, we provide an explanation of the CCPA’s new definitions, exclusions and implications for vendor contracting; how they will impact companies’ decisions; and practical strategies for updating vendor management programs, as presented by privacy lawyers from Credit Karma, Autodesk and Hogan Lovells during their presentation at the IAPP Privacy. Security. Risk. 2019 conference. A subsequent article will provide guidelines for specific contract language and will cover non-service provider exclusions and provisions. See also “Third-Party Data Breaches Highlight the Importance of Vetting Vendors in Compliance With GDPR and CCPA” (Aug. 21, 2019).