The California Delete Act: How it affects organizations

Cole PrudenCCPA, Compliance, Data Protection, Personal Data, PII

california delete act SB 362 PII Tools

All it takes is one request, and poof… everything’s gone.

What is the California Delete Act

Sunny California has long been a leader in surfing, movie-making, and… consumer privacy? That’s right, and as of Jan. 1, 2024, the California Privacy Protection Agency (CCPA) is set to enforce a new law that could completely change data storage as we know it.

First introduced in April 2023, the California Delete Act, also known by its much sexier name “SB 362”, takes the consumer’s right to have their stored data removed to a whole new level. In the past, most data storers were expected to deal with Data Subject Access Requests (DSAR), where the consumer may or may not demand their stored data be deleted.

But now, with SB 362, the CCPA will “establish an accessible and 100% free deletion mechanism to allow consumers to direct all data brokers to delete their personal information” – and this is the important part – “with a single request”.

Then, to top it all off, data brokers will soon be “prohibited from selling or sharing the information of a consumer who has previously requested deletion, unless otherwise requested by the consumer.”

What businesses California Delete Act impacts

Do CCPA regulations and the new California Delete Act spell the end for all data brokers? What about all the other companies, institutes, organizations, etc. that store data on their users, customers, and employees? Is data storage dead?

Whoa, whoa, easy there. Let’s not get too ahead of ourselves. It’s safe to say that the 328 million terabytes of data created each day and stored by companies worldwide aren’t going anywhere fast. But we do need to prep ourselves for some fundamental changes in the coming years.

SOURCE: EXPLODINGTOPICS.COM

For starters, data brokers around the globe will need to streamline their information deletion process. Otherwise, they risk getting severely bogged down with endless detention requests for some poor intern to go through by hand.

For now, CCPA regulations are only applicable to California citizens and companies, but we can expect other states and even countries to follow suit. Anyone in the business knows that California might be the only one at the moment when in reality, it’s creating a path meant for all consumers worldwide.

When will the Delete Act go into effect

Let’s use our imagination here for a moment and picture what December 31, 2023, might be like. You’re at the annual company Christmas party, raising a toast to everyone’s successes and saying things like “Let’s do it all again!”, and “Here’s to a prosperous new year!”.

Then the clock strikes midnight, everybody cheers and some even share a New Year’s kiss. But just as the laughing and merry celebrations die down, the first email notification comes in. And then another. And then another… You hear someone in the crowd whisper, “What’s going on?”.

It’s now January 1, 2024, and the first deletion requests are here, demanding that all their stored data be wiped from your servers before you even finish your glass of champagne!

Alright, that might be a little dramatic, but we can safely say that things are about to change come 2024. How ready are you to handle new data deletion requests sent once the California Delete Act goes into force?

How to prepare for consumer deletion requests

Without a doubt, the best option for handling potentially hundreds or even thousands of deletion requests is to fully automate this process. And that’s when PII Tools steps in.

PII Tools software provides a completely unique solution to data deletion requests, which falls perfectly in line with the newest CCPA regulation. Our data discovery software allows data brokers and companies alike to scan for specific data across their entire environment, making it easy to pinpoint every piece of stored data for anyone with a deletion request.

And the best part: the entire process can be done automatically. Set AI-driven scans to automatically discover the data in question, and select each instance you want to delete. And not just delete but something we call “Secure Erasure”.


Secure Erasure effectively deletes the selected data from the PII Tools platform and removes its remote storage permanently. No ifs, ands, or buts. The data is gone forever, 0% chance of recovery, making this process fully compliant with the new California Delete Act.

Protection for Everyone

Whether you’re a data broker or just one of the millions of companies around the world that stores data on California citizens, you’re going to want to adhere to SB 362 as soon as possible. Not only to avoid trouble with the Feds but also to safeguard those who trust you with their information.

Protecting the privacy and rights of the people’s data you store has never been easy, and it may even seem like governments only want to make the process even harder. That’s why we developed PII Tools and its unique remediation options, to make handling deletion requests easier than ever while also keeping the user’s best interests in mind.

Why? Well… because it’s simply the right thing to do.

Experience True Peace of Mind with Secure Erasure on the PII Tools Demo