A new law bill has been signed in the US compelling data brokers to delete all personal data of state residents upon request.
Dubbed the “Delete Act” (SB 362), this legislation will provide rights to the residents with a single “delete button” accessible via the California Privacy Protection Agency website, affecting roughly 113 registered data brokers in the state and imposing penalties on non-compliant brokers by 2026.
As collectors of vast amounts of personal information, data brokers are often prime targets for data breaches. From a privacy standpoint, this concept addresses many of the pain points for privacy-conscious citizens to limit their data exposure. However, this will be very difficult to implement and enforce.
One of the central obstacles is the ability to verify and prove that the deleted data is truly gone, a process dependent on:
- Finding and collecting all the consumer’s data.
- Permanently and verifiably deleting that data.
For consumers seeking assurance that their personal data has been permanently eliminated, the recommendation is to request a certified “proof of erasure” at the conclusion of the data deletion process.
The Delete Act represents a significant step towards empowering individuals to regain control over their data. Still, its long-term success hinges on the ability of data brokers to adapt to the new regulation and provide the transparency and proof consumers need to trust that their data is genuinely erased. This new legislation sets a precedent that could inspire similar privacy initiatives nationwide.