The CCPA will require covered businesses to carefully review and, in some cases, significantly alter their vendor agreements, and even one year after the law’s passage, significant areas of uncertainty remain. With insight from privacy lawyers from Credit Karma, Autodesk, Hogan Lovells, Perkins Coie and Booking Holdings, this second article in our series on CCPA-compliant vendor agreements covers the non-third-party exemption and the B2B moratorium, examines relevant case studies and provides key steps for ensuring vendor contracts are compliant with the CCPA. In part one, we examined the CCPA’s new definitions and the service provider exemption, their implications for vendor contracting, and examples of how companies have managed updates. See also “Third-Party Data Breaches Highlight the Importance of Vetting Vendors in Compliance With GDPR and CCPA” (Aug. 21, 2019).