California DROP: What It Changes About Data Broker Removal
A practical guide to California DROP: who can use it, when brokers must process requests, and what proof to keep outside the state portal.
California has changed the shape of data broker opt-outs. Instead of asking residents to find hundreds of separate broker forms, the state now offers DROP, the Delete Request and Opt-out Platform, as a single route for eligible Californians to tell registered data brokers to delete and stop selling their personal information.
That does not mean every exposed profile vanishes today. It does mean the cleanup workflow has a new center of gravity: a state-run request, a broker processing timeline, and a status trail you should still back up with your own proof.
One-sentence answer: California DROP lets California residents submit one deletion and opt-out request to registered data brokers, but the safest cleanup plan still records the submission, watches the broker processing timeline, and rechecks public profiles outside the portal.
What DROP does
DROP is a state-run privacy tool from California. The public consumer flow verifies that you are a California resident, lets you create a profile with the basic matching information you choose to provide, and sends one request to more than 500 registered data brokers.
The important shift is aggregation. Before DROP, a person who wanted broad broker removal had to work through a long list of individual sites, each with a different form, confirmation email, proof demand, and recheck window. DROP gives eligible California residents one official route for the registered-broker layer.
Here is the practical version:
| Question | Practical answer |
|---|---|
| Who can use it? | California residents who can verify eligibility. |
| What does it send? | A deletion and opt-out request to registered data brokers. |
| Is it free? | Yes, according to the state site. |
| Does it cover every exposure? | No. It is for registered data brokers, not every public record, search result, social profile, breach record, or scam database. |
| Does it replace proof logs? | No. You should still save the request date, portal status, and public recheck results. |
Think of DROP as a stronger dispatch route, not a magic eraser.
The timeline matters
The California privacy site says DROP launched for consumer requests on January 1, 2026. It also says data brokers begin processing requests on August 1, 2026, and that brokers must delete data within the required timeline once processing begins.
That timing matters for expectations. If you submit now, save the proof now. But do not treat submission as a same-day deletion promise before the broker processing requirement is in force.
Use this calendar:
- Submit your DROP request if you are eligible.
- Save the submission date and any confirmation or status page.
- Record the August 1, 2026 processing milestone.
- Check status in DROP when updates become available.
- Recheck the exact public broker URLs after the processing window.
- Keep separate notes for profiles that are not covered by DROP.
Our broader data broker removal timeline still applies. The difference is that DROP changes how the request is sent for covered brokers, while the public verification work still happens after submission.
What DROP does not solve
DROP is meaningful because data broker removal has been too fragmented. It is not a full internet cleanup system.
You may still need separate handling for:
- Public records that remain at the source, such as court, property, voter, or business records.
- Search results that point to a source page even after a broker request is pending.
- Non-California rights requests if you do not qualify for DROP.
- Data brokers that are not registered or not covered by the DROP request.
- Old screenshots, scraped copies, breach dumps, forum posts, and scammer lists.
- Duplicate people-search profiles created from a different name, city, phone number, or address variant.
This is why a one-request tool should not make you stop looking. It should make you more organized. Use DROP for the covered broker layer, then maintain a separate 50-site opt-out list for high-risk records that need manual follow-up or non-California handling.
What to save when you submit
The safest DROP workflow is proof-first. You do not need to paste sensitive personal details into a casual spreadsheet, but you do need enough information to prove what happened and when.
Save:
- The submission date and timezone.
- The portal status or confirmation shown after submission.
- The identity verification route used, without storing unnecessary identity documents.
- Any list, count, or broker category visible in the portal.
- The exact public profile URLs you already knew about before submitting.
- A recheck date tied to the broker processing timeline.
- Any status update that says a broker matched, processed, denied, or could not match the request.
For profiles you have already found, record the broker name, public URL, visible identity fields, request date, current status, and next recheck date in a data broker opt-out proof log.
Why this matters beyond California
DROP is California-specific, but the pressure is broader. In 2026, the FTC warned data brokers about federal restrictions on providing sensitive American data to foreign adversaries. A February 2026 Joint Economic Committee minority report also estimated that identity theft stemming from four major data broker breaches cost U.S. consumers $20.9 billion.
Those are different legal and policy channels, but they point to the same consumer problem: brokered personal data is not just annoying marketing data. It can include addresses, account clues, identity signals, geolocation, financial attributes, and other details that help bad actors connect scattered records.
For individuals, the lesson is simple. Use official rights tools when available, but keep your own evidence. If a request disappears into a portal, a broker relists you, or a duplicate profile appears, your proof log is what turns the cleanup from memory into a trackable process.
What non-Californians should do
If you are not a California resident, do not pretend DROP applies to you. Use the rights and opt-out routes that actually match your state, country, and broker.
Start with:
- Search your name, phone number, old addresses, and email aliases.
- Save the exact broker URLs that expose you.
- File manual opt-outs with the highest-risk people-search sites first.
- Use state privacy rights where they apply.
- Recheck after each broker's stated processing window.
- Watch for relisting or duplicate profiles.
This is slower than a single portal, but the operating principle is the same: submit, save proof, recheck, and escalate only when the status is clear.
What to do today
If you are a California resident, check DROP eligibility and decide whether to submit through the official state portal. If you do, save the confirmation and calendar the broker processing timeline instead of assuming the work is complete.
If you are outside California, use DROP as a model for your own cleanup workflow: one inventory, one proof log, one recheck schedule, and clear labels for removed, pending, blocked, denied, and relisted records.
Leak Check Me is built around that proof-first rhythm: find exposed records, separate covered removal routes from public-source records, and keep cleanup status honest when a broker removes, stalls, denies, or relists a profile. Run a free leak check at leakcheckme.com when you want the cleanup to start from actual public exposure instead of guesses.