Compliance Briefing — California Delete Act Signed Into Law
Governor Newsom signed California’s Delete Act (SB 362) on 10 October 2023, creating a single opt-out mechanism for data broker collection and imposing annual registration and auditing obligations.
On 10 October 2023 California enacted the Delete Act, empowering consumers to submit a single deletion request that data brokers must honor across their holdings. The law requires the California Privacy Protection Agency to build a centralized deletion mechanism by 2026 and mandates that data brokers register annually, attest to compliance, and undergo third-party audits every three years.
Data brokers face penalties for noncompliance and must disclose metrics on requests received and fulfilled. Consumer privacy teams and data governance leads should prepare for heightened deletion workflows, broker vetting, and contractual updates tied to CPPA oversight.
- SB 362 bill text provides statutory requirements and timelines.
- California data broker registry lists entities subject to the new deletion and reporting obligations.
Continue in the Compliance pillar
Return to the hub for curated research and deep-dive guides.
Latest guides
-
Third-Party Risk Oversight Playbook — Zeph Tech
Operationalize OCC, Federal Reserve, EBA, and MAS outsourcing expectations with lifecycle controls, continuous monitoring, and board reporting.
-
Compliance Operations Control Room — Zeph Tech
Implement cross-border compliance operations that satisfy Sarbanes-Oxley, DOJ guidance, EU DORA, and MAS TRM requirements with verifiable evidence flows.
-
SOX Modernization Control Playbook — Zeph Tech
Modernize Sarbanes-Oxley (SOX) compliance by aligning PCAOB AS 2201, SEC management guidance, and COSO 2013 controls with data-driven testing, automation, and board reporting.