
The introduction of the Delete Request and Opt-out Platform (DROP) and the aggressive enforcement of the California Delete Act send a clear message: unregulated data brokerage is no longer acceptable.
The recent enforcement action against Datamasters—a marketing firm accused of selling sensitive health and demographic data without proper registration—shows just how seriously California regulators are taking privacy violations. As DROP prepares to launch in 2026, consumers need to understand what's changing. Contact our privacy attorneys to learn more.
The California Delete Act addresses a fundamental problem that earlier privacy laws couldn't fully solve: the hidden economy of data brokers. While the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) granted individuals the right to delete their personal information, exercising those rights was challenging when dealing with companies you'd never even heard of.
Data brokers operate in the shadows, quietly collecting and reselling your personal information from apps, websites, retailers, and countless other sources. The Delete Act brings this industry into the light by imposing strict requirements on businesses that buy or sell consumer data. Under the law, qualifying businesses must:
The Delete Request and Opt-out Platform (DROP) represents a fundamental shift in how Californians can control their personal information. Set to launch in 2026, DROP allows you to submit a single request that applies to all registered data brokers simultaneously. Think about it: instead of tracking down dozens of companies and sending individual deletion requests to each one, you'll be able to:
Once you submit a request through DROP, registered data brokers are legally obligated to act on it within the timelines specified by law. The platform is expected to expose companies that fail to register or deliberately ignore consumer rights—which brings us to the enforcement authority making all of this possible.
The California Privacy Protection Agency (CalPrivacy) is the first regulatory body in the United States created exclusively to enforce privacy laws. Unlike previous enforcement models that relied on the Attorney General's office juggling multiple responsibilities, CalPrivacy has dedicated authority to investigate, audit, and penalize businesses that violate California privacy statutes.
CalPrivacy wields significant enforcement powers, including:
The Datamasters case shows these powers aren't just theoretical—they're being actively used to protect consumer privacy.
Rickenbacher Data LLC, doing business as Datamasters, found itself in CalPrivacy's crosshairs for failing to register as a data broker as required by the Delete Act. Despite engaging in large-scale data trading involving California residents, the company missed the statutory registration deadline of January 31.
CalPrivacy imposed a $45,000 administrative fine for the registration failure, but the financial penalty was just the beginning. Due to ongoing and severe violations, the agency took the extraordinary step of barring Datamasters from selling California residents' personal information altogether.
What made this case particularly egregious? According to CalPrivacy's findings, Datamasters purchased and resold extensive datasets containing information about millions of individuals with specific medical conditions, including Alzheimer's disease, substance abuse disorders, and bladder incontinence.
This data was reportedly marketed for targeted advertising purposes, raising serious ethical concerns about exploitation, stigma, and potential harm to vulnerable populations.
The company's data trading went far beyond health information. Datamasters allegedly trafficked in lists segmented by:
The scale was staggering: hundreds of millions of data records containing names, phone numbers, email addresses, and physical mailing addresses.
This case carries far-reaching implications for the entire data broker industry.
Once DROP becomes operational, California consumers will gain a level of control over their personal data that's unprecedented in the United States. The platform is expected to:
For many people, DROP will be the first realistic opportunity to take back control of information that's been bought and sold without their knowledge for years.
When your privacy rights have been violated, you need legal representation that understands both the technical complexities and the human impact of data privacy law.
The Lyon Firm brings deep expertise in California privacy law. Our attorneys stay ahead of rapidly evolving regulations like the Delete Act, CCPA, and CPRA, ensuring you receive counsel based on the most current legal landscape. We've successfully represented clients in enforcement actions and privacy litigation across California.
We understand the stakes. If you're a consumer whose sensitive health information was sold without consent, we recognize that data privacy cases involve real harm and significant risk. We treat every case with the seriousness it deserves. For consumers, we fight to hold data brokers accountable for violations and seek maximum compensation for privacy breaches.
We explain complex issues clearly. Data privacy law involves technical concepts that can be difficult to understand. We take the time to explain your rights, your options, and the potential outcomes in plain language, so you can make informed decisions about your case.
We've built a track record of results. Our firm has successfully resolved data privacy disputes, negotiated favorable settlements. The Lyon Firm has the knowledge and experience to guide you through every step of the process.
Contact The Lyon Firm today for a consultation. When it comes to protecting your privacy rights, having experienced legal counsel on your side makes all the difference.
Taking the first step doesn’t have to be complicated. In just a few minutes, you can share the basics of your case, and our team will guide you from there: