It may come as welcome news to many professionals working within the legal and corporate fields that California Governor, Gavin Newsom, recently signed into law a bill creating a streamlined mechanism for consumers to request broad-scale deletion of personal data held by data brokers. Known as SB 362, or the “Delete Act”, its signing marks an important milestone in the evolving world of data privacy regulations.
Under this new regulation, consumers have a one-time mechanism to request that all data brokers delete any personal data associated within their identity. This represents a significant shift in the landscape of data privacy, providing consumers with unprecedented control over their personal data and its removal from databases held by data brokers. For an in-depth analysis, please read this full legislative update by Dorsey & Whitney LLP.
While this law presents significant advancements for consumer privacy, it also introduces important considerations for businesses falling within the definition of a data broker. These businesses must ensure their systems and practices are up to date and fully compliant with the Delete Act’s requirements.
Major factors that corporations and law firms should consider include:
- Understanding who is considered a “data broker” under this act.
- Ensuring processes are in place to handle delete requests, including the ability to confirm the identity of the person making the request.
- Assessing the potential impact of such deletion requests to ongoing business operations, including the continued use of personal data in situations where exceptions to the Delete Act apply.
- Incorporating this new regulatory requirement into existing privacy compliance programs.
In conclusion, the signing of the Delete Act signals an ongoing commitment to data privacy in California and presents new compliance considerations for firms and corporations in possession of personal data. As this dynamic legal terrain continues to evolve, legal professionals must stay tuned for further implications and changes in the data privacy landscape.