Artifact GuideCaliforniaCalifornia data broker registry and DROP

California Delete Act Data broker registry and DROP

California data broker registry and DROP decisions should identify whether the entity is a data broker, which registration or deletion-platform duty applies, who owns the filing, and what evidence proves completion.

This page offers practical steps for implementation planning. Confirm legal and policy assumptions before implementation.

Back to main artifactReview sources
Author
Sorena AI
Published
May 9, 2026
Updated
May 9, 2026
Questions
3

Structured answer sets in this page tree.

Primary sources
3

Cited legal and guidance references.

Publication metadata
Sorena AI
Published May 9, 2026
Updated May 9, 2026
Overview

This page explains California Delete Act data broker registry and DROP obligations in plain English: which businesses must register, which businesses are excluded, what DROP does, and what evidence teams should keep. It focuses on the registration trigger, responsible owner, deadline, evidence record, and review path that privacy, legal, security, and compliance teams can apply.

Search this module

Find a question or answer quickly

3 of 3 questions
Question 1

What should teams do about the California data broker registry and DROP?

Teams should treat the California data broker registry and DROP as Delete Act operating duties, not as a generic CPRA privacy-notice update. Confirm whether the entity is a data broker, whether registration is required, and what DROP readiness work must be assigned.

Under the statute, a data broker means a business that knowingly collects and sells to third parties the personal information of a consumer with whom the business does not have a direct relationship. The statute also excludes entities covered by the federal Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, and the Insurance Information and Privacy Protection Act, as well as some processing exempt under Section 1798.146.

The safest first step is to identify the broker status analysis, registration owner, annual filing evidence, deletion-request workflow, vendor dependencies, and review date before assigning implementation work.

  • Write the registry or DROP decision in one sentence before drafting controls.
  • Attach the CPPA registry or DROP source URL and a short source quote to the evidence record.
  • Route unclear broker-status, exemption, or deletion-platform questions to privacy counsel before filing.
Citations
Question 2

What evidence should teams keep for California data broker registry and DROP under the California Delete Act?

Useful evidence is not just a privacy policy. Keep the source, threshold notes, request logs, GPC test evidence, notice screenshots, vendor terms, retention logic, and approval trail together.

  • Source URL and quote used for the decision.
  • Scope notes, screenshots, data-flow or system references, and role mapping.
  • Implementation ticket, approval record, exception notes, and review date.
Citations
Question 3

Which mistakes create risk when handling California data broker registry and DROP under the California Delete Act?

The common failure pattern is treating every California privacy issue as a generic CCPA notice update instead of checking CPRA amendments, sharing, sensitive data, GPC, and phased CPPA rulemaking.

  • Using an old threshold, deadline, source page, or contract template without checking current source text.
  • Treating a source-linked exclusion as a general exemption for every product or data flow.
  • Publishing notices, controls, or answers that do not match the actual product behavior.
Citations
Recommended next step

Turn registry and DROP work into assigned tasks

This California Delete Act guide turns turn data broker registry and DROP obligations into owners, evidence requests, review checkpoints, and reusable operating records inside Sorena.

Assessment workflow
Open Assessment Autopilot for California Delete Act

Turn California data broker registry and DROP into scoped questions, evidence fields, and review tasks.

Explore next step
Research workflow
Review California Delete Act source evidence

Use Research Copilot to answer follow-up questions with cited source material.

Explore next step
Talk to Sorena
Talk through implementation

Review scope, evidence, owners, and the next compliance actions with Sorena.

Explore next step
Primary sources

References and citations

Related guides

Explore more topics

California CPRA Checklist
Practical guidance for the California CPRA checklist, with practical decisions, evidence, edge cases, and external source citations.
California CPRA FAQ
Practical California CPRA FAQ guidance with implementation decisions, evidence, edge cases, and official California source citations.
California CPRA penalties and fines Guide
US CPRA guidance for penalties and fines, with practical decisions, evidence, edge cases, and external source citations.
California CPRA Requirements Guide
Practical guidance for California CPRA requirements, with practical decisions, evidence, edge cases, and external source citations.
California CPRA Risk Assessments, Cybersecurity Audits, and ADMT Guide
California CPRA guidance for risk assessments, cybersecurity audits, and ADMT, with practical decisions, evidence, edge cases, and external source citations.
California Data Broker Deletion Workflow Guide
California Delete Act and CPRA-adjacent guidance for data broker deletion workflows, with practical decisions, evidence, edge cases, and official citations.
California Data Broker Registry and DROP Guide
California Delete Act guide to the Data Broker Registry and DROP, with practical decisions, evidence, edge cases, and official source citations.
CPRA enforcement advisories: CPPA investigations, fines, and risk mitigation
US CPRA guidance for Enforcement Advisories, with practical decisions, evidence, edge cases, and external source citations.
CPRA Global Privacy Control (GPC): opt-out requirements and enforcement FAQ
US CPRA guidance for GPC, with practical decisions, evidence, edge cases, and external source citations.
US CPRA Applicability Test Guide
Practical guidance for the US CPRA applicability test, with practical decisions, evidence, edge cases, and external source citations.
US CPRA CCPA vs CPRA Guide
US CPRA guidance for CCPA vs CPRA, with practical decisions, evidence, edge cases, and external source citations.
US CPRA Compliance Guide
Practical guidance for the US CPRA compliance, with practical decisions, evidence, edge cases, and external source citations.
US CPRA Consumer Rights Workflow Guide
US CPRA guidance for Consumer Rights Workflow, with practical decisions, evidence, edge cases, and external source citations.
US CPRA Contract Terms Guide
US CPRA guidance for Contract Terms, with practical decisions, evidence, edge cases, and external source citations.
US CPRA Contracts Contractors And Service Providers Guide
US CPRA guidance for Contracts Contractors And Service Providers, with practical decisions, evidence, edge cases, and external source citations.
US CPRA Correction Rights Guide
US CPRA guidance for Correction Rights, with practical decisions, evidence, edge cases, and external source citations.
US CPRA Cppa Regulations Tracker Guide
US CPRA guidance for Cppa Regulations Tracker, with practical decisions, evidence, edge cases, and external source citations.
US CPRA Cyber Audit Readiness Workflow Guide
US CPRA guidance for Cyber Audit Readiness Workflow, with practical decisions, evidence, edge cases, and external source citations.
US CPRA Deadlines and Compliance Calendar Guide
US CPRA guidance for Deadlines and Compliance Calendar, with practical decisions, evidence, edge cases, and external source citations.
US CPRA DSAR And Correction Workflow Guide
US CPRA guidance for DSAR And Correction Workflow, with practical decisions, evidence, edge cases, and external source citations.
US CPRA GPC Handling Guide
US CPRA guidance for GPC Handling, with practical decisions, evidence, edge cases, and external source citations.
US CPRA GPC Handling Workflow Guide
US CPRA guidance for GPC Handling Workflow, with practical decisions, evidence, edge cases, and external source citations.
US CPRA Retention Guide
US CPRA guidance for Retention, with practical decisions, evidence, edge cases, and external source citations.
US CPRA Risk Assessment Intake Workflow Guide
US CPRA guidance for Risk Assessment Intake Workflow, with practical decisions, evidence, edge cases, and external source citations.
US CPRA Risk Assessment Template Guide
US CPRA guidance for CPRA Risk Assessment Template, with practical decisions, evidence, edge cases, and external source citations.
US CPRA Risk Assessments And Cybersecurity Audits Guide
US CPRA guidance for Risk Assessments And Cybersecurity Audits, with practical decisions, evidence, edge cases, and external source citations.
US CPRA Sensitive Personal Information Guide
US CPRA guidance for Sensitive Personal Information, with practical decisions, evidence, edge cases, and external source citations.
US CPRA Sensitive Personal Information Limits Guide
US CPRA guidance for Sensitive Personal Information Limits, with practical decisions, evidence, edge cases, and external source citations.
US CPRA Sharing and Cross-Context Behavioral Advertising Guide
US CPRA guidance for Sharing and Cross-Context Behavioral Advertising, with practical decisions, evidence, edge cases, and external source citations.
US CPRA vs Colorado Privacy Act Guide
US CPRA guidance for CPRA vs Colorado Privacy Act, with practical decisions, evidence, edge cases, and external source citations.
US CPRA vs Virginia Vcdpa Guide
US CPRA guidance for CPRA vs Virginia Vcdpa, with practical decisions, evidence, edge cases, and external source citations.
What should teams do about ADMT under the US CPRA?
US CPRA guidance for ADMT, with practical decisions, evidence, edge cases, and external source citations.
What should teams do about Contract Terms under the US CPRA?
US CPRA guidance for Contract Terms, with practical decisions, evidence, edge cases, and external source citations.
What should teams do about Correction Rights under the US CPRA?
US CPRA guidance for Correction Rights, with practical decisions, evidence, edge cases, and external source citations.
What should teams do about Cybersecurity Audits under the US CPRA?
US CPRA guidance for Cybersecurity Audits, with practical decisions, evidence, edge cases, and external source citations.
What should teams do about retention under the California CPRA?
California CPRA guidance for retention, including data minimization, privacy policy disclosures, evidence records, and official source citations.
What should teams do about Risk Assessments under the US CPRA?
US CPRA guidance for Risk Assessments, with practical decisions, evidence, edge cases, and external source citations.
What should teams do about Sensitive Personal Information Limits under the US CPRA?
US CPRA guidance for Sensitive Personal Information Limits, with practical decisions, evidence, edge cases, and external source citations.
What should teams do about Sharing and Cross-Context Behavioral Advertising under the California CPRA?
California CPRA guidance for Sharing and Cross-Context Behavioral Advertising, with practical decisions, evidence, edge cases, and external source citations.