Redacta ·  Start with a private exposure scan built around your details.
Back to blog
Privacy Rights4 min read

California DROP and the Delete Act: What Data Broker Deletion Actually Covers

California DROP gives residents a central way to request data broker deletion in 2026, but people-search cleanup still needs source checks and monitoring.

California's Delete Request and Opt-out Platform, usually called DROP, is one of the most important consumer privacy changes in the United States this year. It gives California residents a central place to tell registered data brokers to delete and stop selling their personal information.

That is useful. It is also not the same thing as deleting every public mention of you from the internet.

The practical way to use DROP is to treat it as a powerful data broker request channel, then keep a separate cleanup plan for people-search pages, search results, public records, and listings that reappear.

What DROP Does

California's official DROP page says eligible California residents can submit a deletion request to registered data brokers through one platform. The California Privacy Protection Agency data broker page explains that brokers must begin processing DROP requests on August 1, 2026, then access the system at least every 45 days.

In plain English: DROP is meant to replace the worst part of broker cleanup, which is finding hundreds of companies and submitting the same basic request over and over.

It is strongest for personal information held by registered data brokers. That can include information assembled from public records, commercial sources, online activity, and broker-to-broker resale pipelines.

What DROP Does Not Automatically Fix

DROP does not make every exposure disappear on contact. It does not remove source public records. It does not guarantee that every people-search site has the exact record you care about, matches you correctly, or processes the request without follow-up. It also does not remove Google results by itself.

The California Attorney General's CCPA page is worth reading because it makes the broader point: privacy rights have designated methods, identity verification, and exceptions. A deletion request can be real and still need a second step.

For users, that means the right question is not "Did I submit DROP?" The better question is "What changed after DROP, what stayed visible, and what needs manual cleanup?"

A Clean California Deletion Workflow

If you are a California resident, start with DROP because it is the broadest single request you can make to registered brokers. Save the confirmation and the submission date.

Next, search for your highest-risk details. Use your full name plus your city, current address, old address, phone number, and close relatives. Do not give new sensitive information to random sites just to search yourself.

Then create a short exposure list:

  • People-search profile URLs that show your current address
  • Pages showing phone numbers, emails, relatives, or household members
  • Broker pages that have their own opt-out form
  • Search results that still show sensitive snippets
  • Public records or source pages that probably cannot be removed

Submit direct opt-outs to sites that still show the record. DROP can reduce broker-side holdings, but a live people-search profile may still need that site's own removal flow.

After a source page changes, check search results. If Google is still showing a stale snippet or cached exposure, use Google's removal tools rather than assuming the index will update immediately.

Finally, schedule a recheck. Broker records come back because source feeds, public records, and other brokers keep repopulating databases.

Where Redacta Fits

Redacta's role is not to pretend a law makes the internet clean overnight. The useful work is finding the exposed records, prioritizing the ones that create real risk, submitting removal requests where removal is available, and keeping evidence of what changed.

That evidence matters. A good privacy cleanup should leave you with source URLs, screenshots, request dates, outcomes, and follow-up dates. If a listing returns, you should not have to start from memory.

For a practical priority order, see what to remove from people-search sites first.

Bottom Line

DROP is a major improvement for California residents. Use it. But do not stop there if your home address, phone number, relatives, or personal email are still visible.

The strongest privacy workflow in 2026 is layered: use DROP for registered brokers, use direct opt-outs for live people-search pages, use search-result removal when sensitive snippets remain, and monitor for reappearance.