The Delete Act, California’s SB 362, is a game-changer! It’s got everyone in the privacy market talking about Delete Act compliance. Data brokers must now register with the California Privacy Protection Agency (CPPA) and disclose info they collect. By Jan 2026, a CPPA website will let Californians control, delete, and opt-out of data tracking. That’s a single website for consumers to request ALL of their data be deleted, by all companies doing business in California or with Californians. A monumental step in championing data privacy rights!
Many are wondering if they should comply with the Delete Act using Data Security Posture Management software. At first glance you might think it’s just a small step forward from the existing California Consumer Privacy Act (CCPA) legislation, which gave consumers the right to request that a company delete their personal information. It’s a bigger deal than it seems. The first dirty secret of CCPA compliance is that the number of inquiry and delete requests has been fairly low. That low volume is due in part to consumers having to do this with 25-50 companies they do business with on average. That’s going to change. With a single website in place, consumers will start requesting their info be deleted much more often. A lot more often. Delete Act compliance is a high priority initiative for 2024.
The second dirty secret of CCPA is that most companies couldn’t comply with it completely and were exposed. They under-invested in the data technology required. A seemingly simple delete request reveals a problem organizations have struggled with for decades – customer data is fragmented across hundreds of databases and applications. In order to delete a customer’s data, you first have to link it all together. And when asked to delete data today, a lot of companies will delete the most easily found, but not all, of the customer’s data. Different technologies are required to comply with the Delete Act – Data Security Posture Management, Data Catalog, Data Quality, and Master Data Management; using those existing technologies to address the Delete Act is how a Data Security Consultant can help you ensure compliance.
Beyond the immediate requirements for data brokers, this Act underscores the urgency for ALL companies to deeply understand and manage their data. Delete Act compliance is looming. Two years isn’t a long time to link all of that customer data together. It’s time to understand and assess your Data Security Posture Management, embrace the challenges ahead, and seize the opportunities. Let’s redefine the future of data privacy together.
QSG’s monthly newsletter is filled with insights, best practices, and success stories from our customers’ experiences in utilizing modern technology to improve their business.