California just launched a new tool for broker privacy — and if you've ever wondered how your name, address, or phone number ends up on data broker lists, it's worth understanding.
What is DROP?
DROP stands for Delete Request and Opt-Out Platform. It's California's new system under the Delete Act, a state law focused on registered data brokers — companies that collect and sell personal information, often without a direct relationship with you.
Under the law, California residents can submit a single verifiable deletion request directed at brokers on the state's registry, instead of contacting each company individually.
DROP is operated by California's Privacy Protection Agency. The official program is at privacy.ca.gov/drop.
Why California passed the Delete Act
Data brokers buy, compile, and resell personal information — names, addresses, phone numbers, purchase histories, and more. That data can fuel targeted advertising, people-search sites, and in some cases identity-related risk.
Before DROP, opting out often meant filling out forms broker by broker, with no guarantee brokers would comply quickly or consistently.
The Delete Act is California's attempt to centralize that process and hold registered brokers accountable under one state framework.
The timeline
Two dates matter:
• January 1, 2026 — California residents can start submitting deletion requests through DROP.
• August 1, 2026 — Registered data brokers must begin processing those requests.
Removals won't happen everywhere overnight. Brokers come online gradually, so patience is part of the process regardless of how you pursue deletion.
Who is affected
DROP applies to California residents submitting requests through the state portal, and to data brokers registered under California's broker registry.
If you don't live in California, DROP doesn't apply to you directly — though other states have been watching California's approach as a potential model for broker regulation.
What DROP does — and doesn't — cover
DROP is built around registered data brokers on California's list. It is not a full personal privacy program on its own. It doesn't monitor breaches, scan the dark web, or alert you when your email shows up in a new incident.
It's one piece of the broker-deletion puzzle — an important one for California, but not the whole picture of personal data exposure.
Why this matters for broker privacy

