Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for January 16, 2026. I’m Tim Walden. Thanks to Sentilink for supporting the ITRC and this podcast. Each week, we look at the most recent events and trends related to data security and privacy. This week, we’re talking about something privacy advocates have dreamed of for years — a delete button for your personal data.
Show Notes
Follow on LinkedIn: www.linkedin.com/company/idtheftcenter/
Follow on Twitter: twitter.com/IDTheftCenter
Show Transcript
Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for January 16, 2026. I’m Tim Walden. Thanks to Sentilink for supporting the ITRC and this podcast. Each week, we look at the most recent events and trends related to data security and privacy. This week, we’re talking about something privacy advocates have dreamed of for years — a delete button for your personal data.
On January 1, 2026, California launched a new online system called DROP, short for Delete Request and Opt-out Platform. It’s the first website in the world where residents – and only California residents - can ask hundreds of data brokers to delete the personal information they’ve collected and sold, all through one verified request.
This new capability comes from the California Delete Act, an update to California’s existing privacy laws that expands the state’s 2018 Consumer Privacy Act and 2020 Privacy Rights Act. Together, those laws laid the foundation for CalPrivacy — California’s privacy watchdog agency — which now oversees data brokers and ensures they comply with the new rules.
Here’s how it works: once you verify that you’re a California resident, you can log into DROP, fill out a simple form, and request that every registered data broker remove your information from their systems.
That includes companies that may have compiled details like your name, address, phone number, income level or even where you’ve traveled with your phone.
Data brokers have until August 1, 2026, to start processing those requests. After that, each missed deletion could cost them $200 per dayper request, so the penalties for ignoring consumers’ privacy rights are steep.
It’s worth noting that DROP won’t erase public records like property or voter registration data, but it is likely to make a significant dent in the digital marketing ecosystem that fuels targeted ads, spam callsand emails, and people-search websites.
This is a major milestone for data privacy in the United States, and a signal that other states may soon follow.
That’s an important point – other states will have to pass their own versions of a “Delete Act” in order for their residents to have the same kind of control over the collection and use of personal information. Or Congress would have to pass a law that applied to all U.S. states and territories.
One thing to keep in mind...businesses retain the ability to deny a delete request if removing the information would defeat efforts to prevent fraud. Legitimate data brokers help ensure people are who they claim to be when opening and accessing accounts, reducing the number of cases of identity theft, fraud, and scams.
Even if you don’t live in California, you can still take steps to protect your data by using privacy-focused browsers, reviewing your browser, app, and social media account settings, and supporting stronger privacy laws in your state.
If you’ve received a data breach notice or believe your personal information has been misused, you can speak with an expert ITRC advisor on the phone, via text message, chat live on the web, or exchange emails during our normal business hours (6 a.m.-5 p.m. PT). Just visit www.idtheftcenter.org to get started.
