--- title: "California Data Broker Deletion Workflow Guide" canonical_url: "https://www.sorena.io/artifacts/us/california-privacy-rights-act/data-broker-deletion-workflow" source_url: "https://www.sorena.io/artifacts/us/california-privacy-rights-act/data-broker-deletion-workflow" author: "Sorena AI" description: "California Delete Act and CPRA-adjacent guidance for data broker deletion workflows, with practical decisions, evidence, edge cases, and official citations." published_at: "2026-05-09" updated_at: "2026-05-09" keywords: - "California CPRA" - "Data Broker Deletion Workflow" - "California CPRA Data Broker Deletion Workflow" - "compliance checklist" - "practical guidance" - "Compliance" - "Regulatory guidance" --- **[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform [Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io) --- # California Data Broker Deletion Workflow Guide California Delete Act and CPRA-adjacent guidance for data broker deletion workflows, with practical decisions, evidence, edge cases, and official citations. *Artifact Guide* *US* *Data Broker Deletion Workflow* ## California Delete Act Data Broker Deletion Workflow Data broker deletion workflow decisions under California privacy law should be written in operational language: who is in scope, what must happen, what evidence proves it, and when escalation is needed. This page helps teams decide how to build and document a deletion workflow, including who is in scope, what evidence to capture, and when to escalate exceptions. Confirm legal and policy assumptions before implementation. Use this page to build a California data broker deletion workflow that shows who must act, what must be deleted, what evidence to retain, and when to escalate exceptions or review outcomes. ## How should a Data Broker Deletion Workflow run under the California CPRA? Start with the governing rule, then check whether the business is a data broker, whether the request is a deletion request under Section 1798.99.86, and whether any exceptions or related opt-out rules apply before assigning the action and deadline. - Capture the request, product, role, data flow, jurisdiction, and deadline. - Check the source-linked rule and route exceptions before implementation. - Record the action taken, owner, reviewer, evidence location, and next review date. - Keep a plain-language output that support, product, legal, security, and compliance teams can all understand. Sources for this answer: - [California legislative bill text](https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202320240SB362&ref=sorena.io) - Delete Act bill source for the statutory deletion mechanism and the data-broker workflow duties behind DROP. - [California data broker registry](https://cppa.ca.gov/data_broker_registry/?ref=sorena.io) - CPPA registry source for confirming registration status and the DROP registration step used in data-broker deletion workflow triage. - [Data Broker Registry](https://cppa.ca.gov/data_broker_registry/?ref=sorena.io) - CPPA registry source for confirming registration status and the DROP registration step used in data-broker deletion workflow triage. ## What fields should the Data Broker Deletion Workflow template capture? A useful template captures business threshold, consumer/data category, request or signal type, vendor role, response deadline, notice/control evidence, and escalation reason. - Source URL and source quote so reviewers can trace the rule back to the official text. - Entity, product, service, system, data category, and user group. - Decision result, control action, owner, reviewer, due date, and escalation reason. - Evidence attachment, approval note, exception note, and review cadence. Sources for this answer: - [California data broker registry](https://cppa.ca.gov/data_broker_registry/?ref=sorena.io) - CPPA registry source for confirming registration status and the DROP registration step used in data-broker deletion workflow triage. - [Data Broker Registry](https://cppa.ca.gov/data_broker_registry/?ref=sorena.io) - CPPA registry source for confirming registration status and the DROP registration step used in data-broker deletion workflow triage. - [DATA BROKER REGISTRY / DELETE ACT](https://cppa.ca.gov/regulations/pdf/data_broker_reg_delete_act_statute_eff_20260101.pdf?ref=sorena.io) - CPPA statutory compilation for the Data Broker Registry and Delete Act provisions effective January 1, 2026. ## How should teams review and improve the Data Broker Deletion Workflow? Review the workflow after CPPA rulemaking updates, ad-tech changes, vendor changes, new data categories, consumer complaints, enforcement advisories, or material product changes. - Track recurring exception categories and update intake questions. - Remove fields that never affect the decision. - Add fields when reviews show missing source evidence or unclear ownership. - Confirm generated markdown and page content include the same visible source-linked guidance. Sources for this answer: - [California legislative bill text](https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202320240SB362&ref=sorena.io) - Delete Act bill source for the statutory deletion mechanism and the data-broker workflow duties behind DROP. - [California data broker registry](https://cppa.ca.gov/data_broker_registry/?ref=sorena.io) - CPPA registry source for confirming registration status and the DROP registration step used in data-broker deletion workflow triage. - [Data Broker Registry](https://cppa.ca.gov/data_broker_registry/?ref=sorena.io) - CPPA registry source for confirming registration status and the DROP registration step used in data-broker deletion workflow triage. - [DATA BROKER REGISTRY / DELETE ACT](https://cppa.ca.gov/regulations/pdf/data_broker_reg_delete_act_statute_eff_20260101.pdf?ref=sorena.io) - CPPA statutory compilation for the Data Broker Registry and Delete Act provisions effective January 1, 2026. *Recommended next step* *Placement: after the practical guidance* ## Turn California data broker deletion workflows into assigned work This California Delete Act guide turns turn data broker deletion workflows into owners, evidence requests, review checkpoints, and reusable operating records inside Sorena. - [Open Assessment Autopilot for California data broker workflows](/solutions/assessment.md): Turn Data Broker Deletion Workflow into scoped questions, evidence fields, and review tasks. - [Review California Delete Act source evidence](/solutions/research-copilot.md): Use Research Copilot to answer follow-up questions with cited source material. - [Talk through California data broker deletion implementation](/contact.md): Review scope, evidence, owners, and the next compliance actions with Sorena. ## Primary sources - [California legislative bill text](https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202320240SB362&ref=sorena.io) - Delete Act bill source for the statutory deletion mechanism and the data-broker workflow duties behind DROP. - Quote: "requires the Agency to establish an accessible deletion mechanism" - [California data broker registry](https://cppa.ca.gov/data_broker_registry/?ref=sorena.io) - CPPA registry source for confirming registration status and the DROP registration step used in data-broker deletion workflow triage. - Quote: "Data brokers must register and pay the annual fee between January 1-31, 2026, through the Delete Request and Opt-Out Platform (DROP)." - [Data Broker Registry](https://cppa.ca.gov/data_broker_registry/?ref=sorena.io) - CPPA registry source for confirming registration status and the DROP registration step used in data-broker deletion workflow triage. - Quote: "Data brokers must register and pay the annual fee between January 1-31, 2026, through the Delete Request and Opt-Out Platform (DROP)." - [DATA BROKER REGISTRY / DELETE ACT](https://cppa.ca.gov/regulations/pdf/data_broker_reg_delete_act_statute_eff_20260101.pdf?ref=sorena.io) - CPPA statutory compilation for the Data Broker Registry and Delete Act provisions effective January 1, 2026. - Quote: "DATA BROKER REGISTRY / DELETE ACT effective 01/01/2026" - [Delete Request and Opt-Out Platform (DROP)](https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill%5Fid=202520260SB361&ref=sorena.io) - Supports Data Broker Deletion Workflow under the California CPRA. - Quote: "Instructions on how to register in 2026 Data brokers must register and pay the annual fee between January" ## Related Topic Guides - [California CPRA Checklist](/artifacts/us/california-privacy-rights-act/checklist.md): Practical guidance for the California CPRA checklist, with practical decisions, evidence, edge cases, and external source citations. - [California CPRA FAQ](/artifacts/us/california-privacy-rights-act/faq.md): Practical California CPRA FAQ guidance with implementation decisions, evidence, edge cases, and official California source citations. - [California CPRA penalties and fines Guide](/artifacts/us/california-privacy-rights-act/penalties-and-fines.md): US CPRA guidance for penalties and fines, with practical decisions, evidence, edge cases, and external source citations. - [California CPRA Requirements Guide](/artifacts/us/california-privacy-rights-act/requirements.md): Practical guidance for California CPRA requirements, with practical decisions, evidence, edge cases, and external source citations. - [California CPRA Risk Assessments, Cybersecurity Audits, and ADMT Guide](/artifacts/us/california-privacy-rights-act/risk-assessments-cybersecurity-audits-and-admt.md): California CPRA guidance for risk assessments, cybersecurity audits, and ADMT, with practical decisions, evidence, edge cases, and external source citations. - [California Data Broker Registry and DROP Guide](/artifacts/us/california-privacy-rights-act/data-broker-registry-and-drop.md): California Delete Act guide to the Data Broker Registry and DROP, with practical decisions, evidence, edge cases, and official source citations. - [California Delete Act data broker registry and DROP guide](/artifacts/us/california-privacy-rights-act/faq/data-broker-registry-and-drop.md): California Delete Act guidance for the data broker registry and Delete Request and Opt-Out Platform (DROP), with owners, evidence, and official sources. - [CPRA enforcement advisories: CPPA investigations, fines, and risk mitigation](/artifacts/us/california-privacy-rights-act/faq/enforcement-advisories.md): US CPRA guidance for Enforcement Advisories, with practical decisions, evidence, edge cases, and external source citations. - [CPRA Global Privacy Control (GPC): opt-out requirements and enforcement FAQ](/artifacts/us/california-privacy-rights-act/faq/gpc.md): US CPRA guidance for GPC, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA Applicability Test Guide](/artifacts/us/california-privacy-rights-act/applicability-test.md): Practical guidance for the US CPRA applicability test, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA CCPA vs CPRA Guide](/artifacts/us/california-privacy-rights-act/ccpa-vs-cpra.md): US CPRA guidance for CCPA vs CPRA, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA Compliance Guide](/artifacts/us/california-privacy-rights-act/compliance.md): Practical guidance for the US CPRA compliance, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA Consumer Rights Workflow Guide](/artifacts/us/california-privacy-rights-act/consumer-rights-workflow.md): US CPRA guidance for Consumer Rights Workflow, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA Contract Terms Guide](/artifacts/us/california-privacy-rights-act/contract-terms.md): US CPRA guidance for Contract Terms, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA Contracts Contractors And Service Providers Guide](/artifacts/us/california-privacy-rights-act/contracts-contractors-and-service-providers.md): US CPRA guidance for Contracts Contractors And Service Providers, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA Correction Rights Guide](/artifacts/us/california-privacy-rights-act/correction-rights.md): US CPRA guidance for Correction Rights, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA Cppa Regulations Tracker Guide](/artifacts/us/california-privacy-rights-act/cppa-regulations-tracker.md): US CPRA guidance for Cppa Regulations Tracker, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA Cyber Audit Readiness Workflow Guide](/artifacts/us/california-privacy-rights-act/cyber-audit-readiness-workflow.md): US CPRA guidance for Cyber Audit Readiness Workflow, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA Deadlines and Compliance Calendar Guide](/artifacts/us/california-privacy-rights-act/deadlines-and-compliance-calendar.md): US CPRA guidance for Deadlines and Compliance Calendar, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA DSAR And Correction Workflow Guide](/artifacts/us/california-privacy-rights-act/dsar-and-correction-workflow.md): US CPRA guidance for DSAR And Correction Workflow, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA GPC Handling Guide](/artifacts/us/california-privacy-rights-act/gpc-handling.md): US CPRA guidance for GPC Handling, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA GPC Handling Workflow Guide](/artifacts/us/california-privacy-rights-act/gpc-handling-workflow.md): US CPRA guidance for GPC Handling Workflow, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA Retention Guide](/artifacts/us/california-privacy-rights-act/retention.md): US CPRA guidance for Retention, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA Risk Assessment Intake Workflow Guide](/artifacts/us/california-privacy-rights-act/risk-assessment-intake-workflow.md): US CPRA guidance for Risk Assessment Intake Workflow, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA Risk Assessment Template Guide](/artifacts/us/california-privacy-rights-act/cpra-risk-assessment-template.md): US CPRA guidance for CPRA Risk Assessment Template, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA Risk Assessments And Cybersecurity Audits Guide](/artifacts/us/california-privacy-rights-act/risk-assessments-and-cybersecurity-audits.md): US CPRA guidance for Risk Assessments And Cybersecurity Audits, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA Sensitive Personal Information Guide](/artifacts/us/california-privacy-rights-act/sensitive-personal-information.md): US CPRA guidance for Sensitive Personal Information, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA Sensitive Personal Information Limits Guide](/artifacts/us/california-privacy-rights-act/sensitive-personal-information-limits.md): US CPRA guidance for Sensitive Personal Information Limits, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA Sharing and Cross-Context Behavioral Advertising Guide](/artifacts/us/california-privacy-rights-act/sharing-and-cross-context-behavioral-advertising.md): US CPRA guidance for Sharing and Cross-Context Behavioral Advertising, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA vs Colorado Privacy Act Guide](/artifacts/us/california-privacy-rights-act/cpra-vs-colorado-privacy-act.md): US CPRA guidance for CPRA vs Colorado Privacy Act, with practical decisions, evidence, edge cases, and external source citations. - [US CPRA vs Virginia Vcdpa Guide](/artifacts/us/california-privacy-rights-act/cpra-vs-virginia-vcdpa.md): US CPRA guidance for CPRA vs Virginia Vcdpa, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about ADMT under the US CPRA?](/artifacts/us/california-privacy-rights-act/faq/admt.md): US CPRA guidance for ADMT, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Contract Terms under the US CPRA?](/artifacts/us/california-privacy-rights-act/faq/contract-terms.md): US CPRA guidance for Contract Terms, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Correction Rights under the US CPRA?](/artifacts/us/california-privacy-rights-act/faq/correction-rights.md): US CPRA guidance for Correction Rights, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Cybersecurity Audits under the US CPRA?](/artifacts/us/california-privacy-rights-act/faq/cybersecurity-audits.md): US CPRA guidance for Cybersecurity Audits, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about retention under the California CPRA?](/artifacts/us/california-privacy-rights-act/faq/retention.md): California CPRA guidance for retention, including data minimization, privacy policy disclosures, evidence records, and official source citations. - [What should teams do about Risk Assessments under the US CPRA?](/artifacts/us/california-privacy-rights-act/faq/risk-assessments.md): US CPRA guidance for Risk Assessments, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Sensitive Personal Information Limits under the US CPRA?](/artifacts/us/california-privacy-rights-act/faq/sensitive-personal-information-limits.md): US CPRA guidance for Sensitive Personal Information Limits, with practical decisions, evidence, edge cases, and external source citations. - [What should teams do about Sharing and Cross-Context Behavioral Advertising under the California CPRA?](/artifacts/us/california-privacy-rights-act/faq/sharing-and-cross-context-behavioral-advertising.md): California CPRA guidance for Sharing and Cross-Context Behavioral Advertising, with practical decisions, evidence, edge cases, and external source citations. --- [Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us) (c) 2026 Sorena AB (559573-7338). All rights reserved. Source: https://www.sorena.io/artifacts/us/california-privacy-rights-act/data-broker-deletion-workflow