Login
Get a Demo

Live Dec 18: See 2025’s Most Impactful Trainings and What to Prioritize in 2026 – Save Your Seat.

Exemptions to the California Privacy Rights Act (CPRA)

There are some organizations and types of information that are exempt from compliance with CPRA. In this chapter we will take a brief look at some of these unique situations and what information is considered to be exempt.

Exemptions to the California Privacy Rights Act (CPRA)

Organizations and Information Exempt from CPRA

There are certain organizations and types of information that are exempt from compliance with CPRA law. Organizations that do not collect personal information from California residents are exempt. Financial information that is collected according to the California Financial Information Privacy Act (CalFIPA) or the Gramm Leach-Billey Act (GLBA) is also exempt, as well as consumer reporting information that is also subject to the Fair Credit Reporting Act (FCRA).

Organizations and Information Exempt from CPRA

Healthcare Information Exempt from the CPRA

Personal health information (PHI) collected by a covered entity or business associate as defined by the Health Insurance Portability and Accountability Act (HIPAA) is exempt, however, any information that is not considered PHI will be subject to CPRA. Clinical trial data and information covered under the Federal Policy for the Protection of Human Subjects is also exempt.

Healthcare Information Exempt from the CPRA
Get started today in 5 minutes
Nonprofit Compliance with the CPRA

While many nonprofit organizations are exempt from CPRA, there are cases where a nonprofit would fall under the scope of the law. A nonprofit may be required to comply with CPRA if it meets any of the following guidelines:

1
Commercial Activity

If a nonprofit engages in commercial activity, its revenue-generating activities may be required to be CPRA compliant, or if the nonprofit enters into a joint venture with a for-profit company, both may need to evaluate whether or not the venture will require CPRA compliance. 

2
Contractual For-Profit Relationships

If the nonprofit has contractual relationships with for-profit entities, CPRA may also require subsidiaries of the for-profit company to comply with CPRA, and that would include nonprofit organizations.

3
For-Profit Subsidiaries

If a nonprofit has a for-profit subsidiary, it would need to ensure that the data collected by that subsidiary was CPRA compliant.

CPRA Exempt Information

The following information may be exempt from CPRA law. If you think your organization or certain types of data collected are exempt from CPRA, it is best to consult a legal expert to ensure compliance with the law.

Here are some myths to look out for:

  • -

    Clinical trial data and information covered under the Federal Policy for the Protection of Human Subjects

  • -

    Financial information collected according to CalFIPA or GLBA

  • -

    Personal health information (PHI) collected under HIPAA

  • -

    Consumer reporting information subject to the FCRA

  • -

    Certain types of driver information data

Image for See why 8,000+ businesses love EasyLlama
See why 8,000+ businesses love EasyLlama

The most comprehensive CPRA training available for employers & Employees

The purpose of EasyLlama’s CPRA course is to educate staff members on the collection, utilization, and sharing of data in accordance with regulations, so that protecting customer information can be achieved more effectively. Additionally, interactive quizzes and simulated scenarios will help increase understanding and make compliance management more convenient.

The most comprehensive CPRA training available for employers & Employees

Helping over 8,000 organizations create a safer, more productive workplace

logo 1
logo 2
logo 3
logo 4
logo 5
logo 6
logo 7
logo 8
logo 9
logo 10
logo 11
logo 12
logo 13
logo 14
logo 15
logo 16
logo 17
logo 18
logo 19
logo 20
logo 21
logo 22
logo 23
logo 24
logo 25
logo 26
logo 27
logo 28
logo 29
logo 30
logo 31
logo 32
logo 33
logo 34
logo 35
logo 36
logo 37
logo 38
logo 39
logo 40
logo 41
logo 42
logo 43
logo 44
logo 45
logo 46
logo 47
logo 48
logo 49
logo 50
logo 51
logo 52
logo 53
logo 54
logo 55
logo 56
logo 57
logo 58
logo 59
logo 60
logo 61
logo 62
logo 63
logo 64
logo 65
logo 66
logo 67
logo 68
logo 69
logo 70
logo 71
logo 72
logo 73
logo 74
logo 75
logo 76
logo 77
logo 78
logo 79
logo 80
logo 81
logo 82
logo 83
logo 84
logo 85
logo 86
logo 87
logo 88
logo 89
logo 90
logo 91
logo 92
logo 93
logo 94
logo 95
logo 96
logo 97
logo 98
logo 99
logo 100
logo 101
logo 102
Get more from easyLlama
The Most Comprehensive online CPRA Training

Any organization that gathers personal data from California residents can benefit from the CPRA training course. The purpose is to educate employees to understand the regulations that govern how data is gathered, utilized, and shared in order to better advise them in protecting consumer data. The course covers:

Chapter 1: Introduction to CPRA Training
Chapter 2: What is CPRA?
Chapter 3: Consumer Rights
Chapter 4: Business Requirements and Best Practices
Chapter 5: CPRA Exemptions
Chapter 6: Enforcement and Penalties
Chapter 7: What Have We Learned?
Get more from EasyLlama
Discrimination in the Workplace
Discrimination in the Workplace
Learn more
Race Discrimination in the Workplace
Race Discrimination in the Workplace
Learn more
Socioeconomic Diversity in the workplace
Socioeconomic Diversity in the workplace
Learn more
lama
Empower Your People. Strengthen Your Workplace.
Schedule a demo to see how EasyLlama makes training easier, workplaces safer, and business outcomes stronger — all in one platform.
Get a Demo
lamalama