By now, we all know an organization can be a “business,” “service provider” or “third party” under the California Consumer Privacy Act. However, the questions of what a “third party” is and whether it is a mutually exclusive classification from “business” (or, to a lesser extent, “service provider”) still elicits widely divergent responses. And even if the California Privacy Rights Act passes Nov. 3, these questions will remain relevant.
We seek to demystify this classification conundrum by explaining that your organization is a “third party” whenever it receives personal information from another organization (unless your organization is receiving it in a “service provider” or similar capacity, as discussed in this article).
Read the Full Article on IAPP.org