Going forward, this might help California residents reduce the chances of their personal information being caught up in some breaches.
Hunton Andrews Kurth writes:
On September 26, 2025, following a public comment period, the California Privacy Protection Agency (“CPPA”) adopted its regulations concerning the Delete Request and Opt-Out Platform (“DROP”). The DROP is a tool developed to address the California Delete Act’s requirement that the CPPA establish an accessible deletion mechanism to allow consumers to request from registered data brokers the deletion of all non-exempt personal information related to the consumer through a single deletion request to the CPPA.
Under the Delete Act, the tool will be available to consumers by January 1, 2026. Starting August 1, 2026, data brokers must access the DROP system every 45 days to retrieve and process deletion requests. Data brokers should review the CPPA’s Final Statement of Reasons and Update to Informative Digest to prepare for compliance with their obligations under the Delete Act.
Read more at Privacy & Information Security Law Blog.