Photo of Laura Hamady

Laura serves as counsel in the firm’s Privacy + Cyber practice. She brings more than 15 years of experience in privacy and cybersecurity related matters. Laura is an industry-experienced privacy leader and has served in senior privacy leadership positions at a variety of large companies across various industry spaces, including Twitter, Visa, PayPal, Chronicle (a Google company), Groupon, Levi’s Takeda Pharmaceuticals, and more.

On July 5, the California Privacy Protection Agency (CPPA) published a Notice of Proposed Rulemaking regarding Data Broker Registration pursuant to Senate Bill 362 (the Delete Act). The Delete Act requires the CPPA to establish an accessible deletion mechanism. This mechanism allows a consumer, through a single verifiable consumer request, to request that every data broker delete any personal information related to that consumer held by the data broker or associated service provider or contractor. The stated aim of the proposed rulemaking is to clarify and enhance the registration process for data brokers.

The Delete Act (SB 362), signed into law by California Gov. Gavin Newsom on October 10, imposes additional disclosure and registration requirements on data brokers. It requires data brokers to support deletion requests through a central “deletion mechanism” managed by the California Privacy Protection Agency (CPPA). The law also empowers consumers to request deletion of their personal information from all registered data brokers with a single submission.