Login
Get a Demo

Watch On-Demand: See the most impactful trainings of 2025 and what teams are prioritizing for 2026.

CPRA Business Requirements and Best Practices

In this chapter, we will focus on business requirements and best practices for staying in compliance with the CPRA law. We'll look at a few real-world scenarios about employers working hard to meet the CPRA requirements regarding customer personal information.

CPRA Business Requirements and Best Practices

Privacy Policy Requirements

The CPRA requires businesses to include specific items in their privacy policy, including a list of all consumer rights and two or more designated methods for submitting requests allowed to consumers under CPRA. This includes a toll-free phone number or an email address for businesses that solely operate online. It should also include a list of categories of personal information the business collects or has collected in the preceding 12 months, and a list of sources from which consumer data is collected. Plus, the business purpose for collecting, selling, or sharing consumer data and categories of third parties to whom consumer information is sold or shared.

Privacy Policy Requirements

Organizational Methods of Response

An organization must have dedicated methods of delivering responses to individuals after they have made a lawful request regarding their personal data. As a best practice, the organization should train the employees who handle the responses and  include the details of their response methods in their privacy policy. And if your business falls under the scope of CPRA, you are also required to provide a "Do Not Sell My Personal Information (DNSMPI)" link to your customers.

Organizational Methods of Response
Get started today in 5 minutes
Additional CPRA Business Requirements

Let’s about more business requirements that organizations must follow in order to remain in compliance under the CPRA.

1
Must Respond to Consumer Requests

A best practice is for an organization to have a system to respond to consumer requests regarding their personal data. If possible, streamline and/or automate the system as the organization becomes more familiar with their process.

2
Must Provide Employee Training

Businesses must provide CPRA compliance training for members of their organization on an annual basis, such as EasyLlama’s CPRA course.

3
Must explain Rights & Provide Contact Info

Businesses are required to explain the rights consumers have under CPRA. This can be included in the organization's privacy policy. Consumers should have access to the business' contact information in the event they would like to exercise their rights as listed according to CPRA.

Requirements for handling the personal data of minors

Requirements for handling the personal data of minors

California privacy law gives kids the "right to opt in." Meaning, their personal information cannot be sold or shared unless they affirmatively authorize the use of such data. Children ages 13 through 16 years old must authorize the sale or sharing of their personal information. Children under the age of 13 years old must have a parent or guardian authorize the sale or sharing of the minor's personal information. CPRA requires businesses to wait for 12 months to request to resume the selling or sharing of personal data after a minor has chosen to opt out. 

Steps to Prevent a Data Breach

In order to protect personal information, CPRA requires businesses to take steps to prevent a potential data breach. 

Here are some myths to look out for:

  • -

    Each organization should have a breach management procedure in place, and also have an incident response plan in the event of a breach. 

  • -

    It is also up to the organization to notify consumers as soon as possible if a breach does occur.

  • -

    If a data breach involves 500 or more California residents, they must submit a single sample-notification copy to the California Attorney General or the California Privacy Protection Agency.

Image for See why 8,000+ businesses love EasyLlama
See why 8,000+ businesses love EasyLlama

EasyLlama’s extensive CPRA training program for Employers

EasyLlama’s CPRA training course is both engaging and interactive. Through this course, employees will gain knowledge on the rights granted to California customers, the responsibilities of businesses, the potential consequences of not complying with the CPRA, and the best methods for abiding by the law. All organizations that collect personal data from California residents can benefit from this program.

EasyLlama’s extensive CPRA training program for Employers

Helping over 8,000 organizations create a safer, more productive workplace

logo 1
logo 2
logo 3
logo 4
logo 5
logo 6
logo 7
logo 8
logo 9
logo 10
logo 11
logo 12
logo 13
logo 14
logo 15
logo 16
logo 17
logo 18
logo 19
logo 20
logo 21
logo 22
logo 23
logo 24
logo 25
logo 26
logo 27
logo 28
logo 29
logo 30
logo 31
logo 32
logo 33
logo 34
logo 35
logo 36
logo 37
logo 38
logo 39
logo 40
logo 41
logo 42
logo 43
logo 44
logo 45
logo 46
logo 47
logo 48
logo 49
logo 50
logo 51
logo 52
logo 53
logo 54
logo 55
logo 56
logo 57
logo 58
logo 59
logo 60
logo 61
logo 62
logo 63
logo 64
logo 65
logo 66
logo 67
logo 68
logo 69
logo 70
logo 71
logo 72
logo 73
logo 74
logo 75
logo 76
logo 77
logo 78
logo 79
logo 80
logo 81
logo 82
logo 83
logo 84
logo 85
logo 86
logo 87
logo 88
logo 89
logo 90
logo 91
logo 92
logo 93
logo 94
logo 95
logo 96
logo 97
logo 98
logo 99
logo 100
logo 101
logo 102
Get more from easyLlama
The Most Comprehensive online CPRA Training

Any organization that gathers personal data from California residents can benefit this course. The purpose is to educate employees to understand the regulations that govern how data is gathered, utilized, and shared in order to better advise them in protecting consumer data. The course covers:

Full Course Overview
Chapter 1: Introduction to CPRA Training
Chapter 2: What is CPRA?
Chapter 3: Consumer Rights
Chapter 4: Business Requirements and Best Practices
Chapter 5: CPRA Exemptions
Chapter 6: Enforcement and Penalties
Chapter 7: What Have We Learned?
Get more from EasyLlama
Discrimination in the Workplace
Discrimination in the Workplace
Learn more
Substance Use and Misuse
Substance Use and Misuse
Learn more
Introduction to Interviewing and Hiring Training
Introduction to Interviewing and Hiring Training
Learn more
lama
Empower Your People. Strengthen Your Workplace.
Schedule a demo to see how EasyLlama makes training easier, workplaces safer, and business outcomes stronger — all in one platform.
Get a Demo
lamalama