Data brokers are a direct threat to our personal cybersecurity and privacy. They recklessly sell our personal information with very little oversight. They collect extensive information from public records on every person – name, address, number, email, age, relationships, social media accounts, etc. This can be used in scams, identity theft, and financial exploitation.

At BlackCloak, we are actively monitoring the outcome of California Senate Bill 362 (SB 362), the “California Delete Act.” This Bill aims to create an online portal where consumers can request data deletion from data brokers, carrying various implications for both data broker businesses and your personal cybersecurity. As of now, no federal law lets you prevent data brokers from collecting, selling, or publishing personal information.

This bill’s purpose is to give private individuals more control over their personal information and builds on California’s existing data broker registry by introducing the “accessible deletion mechanism”. This mechanism provides individuals with a single-click motion to ask every data broker in the registry to delete any information they have about you. As of June 1, 2023, SB 362 successfully passed through the California Senate and is considered a leap toward restoring control over your personal information in the digital world.

Many other organizations support the bill, including the Electronic Frontier Foundation (EFF) and Californians for Consumer Privacy. California’s 2022 GDP was $3.6T, making it the 5th largest economy in the world. This kind of economic standing has a direct impact on any industry it regulates, even outside of the state. 

If California is successful in passing SB 362, the California Privacy Protection Agency will be directed to create a deletion mechanism for individuals to make a request for their data to be removed from every data broker with a single, verifiable consumer request. It will also strengthen current California law requiring data brokers to register with the state and strengthen enforcement mechanisms against data brokers who fail to comply with the reporting requirement. 

Both provisions would be big wins for our personal cybersecurity safety. We will track the progression of this bill closely and we hope every other state, just like they did with Data Breach laws, looks to adopt similar provisions.