As the sweeping California Consumer Privacy Act (CCPA) finally comes into full force, many companies are still scrambling to understand the implications of the rules and achieve even a minimum standard of compliance.

The common attitude to complying with the CCPA and similar regulations—such as Europe’s GDPR—is to view it as an inconvenient box to check and move on as quickly as possible. But approaching CCPA as an isolated data management exercise misses an opportunity to leverage the law in more ambitious and beneficial ways: General counsels would do well to view CCPA compliance as a tool for strengthening risk management broadly, both internally and through their entire ecosystem of providers and partners.