Legal Compliance: California Delete Act

Home » Compliance Guides & Checklists » Data Broker Compliance Solutions » California Delete Act » Page 3

California’s Delete Act significantly expands California’s existing data broker framework by introducing operational compliance obligations involving registration governance, consumer deletion rights, centralized request processing, operational accountability controls, and regulator-facing compliance readiness.

The law amends California’s existing data broker requirements under Cal. Civ. Code § 1798.99.80, et seq., and establishes enhanced governance expectations applicable to qualifying data broker activities involving California residents.

The Delete Act places substantial emphasis on operational deletion workflows, registration accountability, disclosure governance, documentation practices, and participation in California’s centralized Delete Request and Opt-Out Platform (“DROP”). The registration requirements became effective January 1, 2024. Centralized DROP deletion obligations will phase in beginning in 2026.

Operational Focus Areas.

Organizations evaluating California Delete Act obligations should pay particular attention to:

Data broker applicability analysis,
Annual registration and reporting requirements,
Consumer deletion workflow governance,
DROP participation requirements,
Operational deletion timelines,
Vendor and data governance procedures, and
Audit-ready documentation practices.

Organizations Commonly Use These Resources To:

Evaluate California data broker applicability,
Operationalize registration and disclosure procedures,
Prepare for DROP workflow implementation,
Strengthen deletion governance and documentation practices,
Support audit and regulator response readiness, and
Maintain defensible data broker compliance operations.

Select a compliance area below to access the operational compliance systems relevant to your organization.