California’s Delete Request and Opt-out Platform (DROP) act isn’t the first of its kind –other legislation in various forms have tried to curtail the activities of data brokers in the past few years, like the 2024 CFPB rule that intended to regulate data brokers by having them comply with the Fair Credit Reporting act. However, the DROP act closes a loop that started in 2020 when the state's residents elected to certify the right to stop a company from collecting and selling their data.
The DROP act follows in the footsteps of the 2023 Delete act by granting California residents the ability to request that hundreds of data brokers delete their personal information from their records, in a single query through a state platform. Already in effect as of January 1, 2026 it doesn’t automatically require an immediate deletion but only that the data broker delete the data within 90 days. The brokers also have until August 1 2026 to begin processing requests, and then they're required to delete information "at least once every 45 days."
That data is considered information that would be collected through an interaction where no one intended to expect a data broker. It is also the kind of data that is often involved in data breaches, identity theft and fraud and is considered highly sensitive. DROP has stated that minimizing this information could help Californian’s reduce unwanted spam and scam calls, texts and emails.
How to remove your data from the internet
If you live in California, you can head over to the DROP website to get started. You will have to provide some personal information online such as birthdate and prove residency by providing your address.
However, even if you don't live in that state, you can still take some steps to remove your information from data broker websites. If you use one of the best identity theft services, many of them also offer a feature to help you remove your data from data broker websites alongside their core services. And if you don't, definitely consider signing up because these services work best if you have them established before disaster strikes.
If you want to start bit by bit on your own, you can take those steps but fair warning: It is time consuming. Start by searching for your own information, then looking for it on people finder sites. Those sites have a way for you to request for you to remove your information, but each one may differ. If you'd rather not take that amount of time, a data removal service can do it for you. When we tried them out, we found DeleteMe.com and Privacy Duck to be both effective and quick, as far as data removal services go.
Other things you can do to protect your data online: use a VPN, reject cookies, read through privacy policies to see what's being collected, see if your antivirus software has any anti-phishing features that can be enabled to protect you, and lock down your social media and email accounts.
Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds.
More from Tom's Guide
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
