← Back to all briefings
Data Strategy 5 min read Published Updated Credibility 50/100

Data Strategy Briefing — August 20, 2025

California’s Delete Act requires the statewide deletion mechanism for data brokers to go live by January 1, 2026, making August 2025 the final design window for unified erasure operations.

Zeph Tech Research Lead

Research lead, Zeph Tech

Timeline plotting source publication cadence sized by credibility.
3 publication timestamps supporting this briefing. Source data (JSON)

Executive briefing: California Senate Bill 362 (Delete Act) mandates that the California Privacy Protection Agency (CPPA) launch a centralized deletion system by January 1, 2026. Registered data brokers must connect to the platform, honour verified deletion requests within 45 days, and certify compliance annually starting in 2026. Organisations that sell or license personal data should complete technical integrations, evidence identity verification procedures, and prepare for expanded enforcement powers that include monetary penalties for non-compliance.

Key data strategy checkpoints

  • Broker inventory. Catalogue all business units engaging in data brokerage under California Civil Code Section 1798.99.80 and ensure 2025 registrations reflect the CPPA-administered registry.
  • Deletion orchestration. Build workflows to propagate Delete Act requests across internal systems and downstream partners, documenting completion evidence.
  • Identity proofing. Implement robust verification to prevent fraudulent deletion requests while respecting the Act’s limits on additional consumer data collection.

Operational priorities

  • API integration. Align engineering teams with CPPA technical specifications for the deletion mechanism and rehearse sandbox testing once available.
  • Certification preparation. Draft annual compliance attestations covering process controls, third-party oversight, and record retention to submit beginning in 2026.
  • Cross-jurisdiction alignment. Harmonise Delete Act responses with CCPA/CPRA, Virginia, and Colorado deletion obligations to avoid conflicting suppression lists.

Enablement moves

  • Educate commercial and product teams on restrictions against selling the personal data of minors, which tighten under the Delete Act.
  • Establish KPIs for deletion request turnaround time, error rates, and partner confirmations, reporting them to executive privacy steering committees.

Sources

Zeph Tech unifies global deletion operations, integrating California’s centralized mechanism with identity proofing and suppression governance across marketing ecosystems.

Timeline plotting source publication cadence sized by credibility.
3 publication timestamps supporting this briefing. Source data (JSON)
Horizontal bar chart of credibility scores per cited source.
Credibility scores for every source cited in this briefing. Source data (JSON)

Related briefings

Curated signals from the same pillar or overlapping topics.

Continue in the Data Strategy pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

  • California Delete Act
  • Data broker compliance
  • Deletion requests
  • Data governance
Back to curated briefings