Skip to main content

The CA Delete Act (SB 362) Passed the California Legislature Sept 15, 2023 – Why It Matters 

The CA Delete Act (SB 362) Passed the California Legislature Sept 15, 2023 – Why It Matters 

DeleteMe

September 15, 2023

Reading time: 4 minutes

The Delete Act is a legal framework that gives consumers powerful new rights restricting the collection and use of personal information by a diverse range of data brokers.

This framework for regulating the data broker industry was first proposed in congress in 2022, and was re-introduced in early 2023 in California, who has been leading the way in passage of new consumer data privacy law since 2018.

The core provision of the Delete Act is that it will require all data brokers operating in California to register with the new state privacy agency, and provide a single, universal opt-out mechanism for all CA residents.  

All registered companies will be required to delete and no longer track any information they have on individuals who exercise their rights via the state privacy agency. 

The law will not come into effect overnight: the provisions will not begin to be enforced until July of 2026.

There is always the possibility of “death by amendment” – where between passage and enforcement, the law is eventually watered down.  But we believe this is unlikely because of the strong, and still growing support from California voters for improved data privacy protections.

Today’s passage of the law in CA dramatically increases the likelihood that other states – and potentially Congress, who reintroduced their own version in June – will quickly follow suit, and enact similar standards. This is exactly what has happened with state data privacy laws after California first passed the CCPA. 

The implications for consumers, our data-driven economy, and our consumer privacy industry, are enormous.  

This is a big win for consumer rights

The passage of the Delete Act framework is a huge advance for consumer data privacy and signals continued momentum for stronger data privacy rights across the country.  

Exercising data brokers opt-outs is complex (by design), and laws like the Delete Act will require the industry to simplify and standardize processes, giving both consumers – as well as DeleteMe as a leader in Privacy as a Service – greater ability to protect personal information.

That said, individual state privacy agencies like California’s will remain under-resourced when it comes to monitoring and redressing the vast range of consumer data misuse that happens daily. And its why we strongly believe that the Privacy as a Service industry will continue to play an important role in helping provide transparency and confirmation of compliance to consumers and regulators.

Data broker warnings about economic harms are mostly overblown

The promised negative impacts warned about by the data broker industry are – for the most part – either minor, or simply wrong.  Claims of “increased risk of identity theft” are the most absurd, given the industry’s enablement of a vast expansion of consumer fraud and social engineering over the last decade.  The kinds of ‘knowledge-based authentication’ methods which data brokers pretend still functions as fraud-prevention have long been obsolete.

The law will be a significant blow to the digital advertising industry, as well as a range of data-mining services they rely upon; and it will affect some currently “free” service offerings where “consumer data is the real product”; but these costs are coming after a decade of wild-west abuse of sensitive personal information, and the data broker industry is more than capable of surviving and adapting to a world where consumers have stronger controls over their personal information.

The ‘Privacy as a Service’ industry that DeleteMe pioneered is empowered by this law

Things like Federal “Do Not Call Registry” (which is a comparable legal framework) did not end the robocalls problem for consumers. Similarly, the Delete Act will not end widespread collection and monetization of sensitive personal information.  Regulations are only ever as good as their enforcement mechanisms, and the problem that state privacy agencies are taking on will ultimately require the kind of auditing and active-intervention that the Privacy as a Service industry already does every day. 

Privacy protection for both individuals and executives/employees requires continuous monitoring and diligence.  Data brokers count on this – because the work required to opt out and protect your privacy at every place with your data is too great for 99% of individuals today to deal with. This underscores the need for legislatures to pass privacy protection laws that give voters privacy rights AND which enable Privacy-as-a-Service providers to help make it easy for people to continuously enforce these rights.

SHARE THIS ARTICLE
DeleteMe was created in 2010 when we realized the difficulty of navigating privacy issues in today’s interconnected and digital world. Our mission is to provide everyone with the power to control t…
DeleteMe was created in 2010 when we realized the difficulty of navigating privacy issues in today’s interconnected and digital world. Our mission is to provide everyone with the power to control t…
How does DeleteMe privacy protection work?
  1. Employees, Executives, and Board Members complete a quick signup
  2. DeleteMe scans for exposed personal information
    Opt-out and removal requests begin
  3. Initial privacy report shared and ongoing reporting initiated
  4. DeleteMe provides continuous privacy protection and service all year
Your employees’ personal data is on the web for the taking.

DeleteMe is built for organizations that want to decrease their risk from vulnerabilities ranging from executive threats to cybersecurity risks.

Want more privacy
news?

Join Incognito, our monthly newsletter from DeleteMe that keeps you posted on all things privacy and security.

Is employee personal data creating risk for your business?

DeleteMe provides business solutions for the enterprise, public orgs and public interest groups.

Is employee personal data creating risk for your business?

DeleteMe provides business solutions for the enterprise, public orgs and public interest groups.

Related Posts

10 Ways to Reboot Your Privacy at Work

When personal data is out there on the open web it can lead to privacy and security incidents at work that open you—and your company—up to risk. Fo…
DeleteMe
October 3, 2022

Our 2022 Cybersecurity Excellence Award Speech: How We Started, Where We’re Going

We are excited to announce that DeleteMe was recognized (twice!) with 2022 Cybersecurity Excellence Awards, an annual competition honoring ind…
DeleteMe
February 10, 2022

The Time is Now to Limit Russian Hacker Access to Publicly Available PII

Although the launch of ContiLeaks and the information revealed there didn’t slow the Russian Hacker gang down, it did provide everyone here a…
Will Simonds
March 10, 2022