Californians, This is Why You Still Need MySudo Despite the New “Delete Act”

california delete act

On October 10, California Governor Gavin Newsom signed the first law ever to force data brokers to delete personal data on request.

Dubbed the “Delete Act”, the new law will let Californians click a single button on the California Privacy Protection Agency website to either force the deletion of the data or forbid brokers from selling or sharing it.

The Delete Act affects around 500 registered data brokers in California and will impose penalties on non-compliant brokers by 2026. It’s the first regulation of its kind.

Until now, Californians could ask data brokers directly to erase information they collect about them, but the agencies did not have to delete the data that they acquired from other companies—which is most of it.

CA Sen. Josh Becker, who introduced the bill, said, “Data brokers spend their days and nights building dossiers with millions of people’s reproductive healthcare, geolocation, and purchasing data so they can sell it to the highest bidder. The Delete Act is based on a very simple premise: Every Californian should be able to control who has access to their personal information and what they can do with it.”

A win but will it work?


The Delete Act is a win because it sets a positive precedent for consumer privacy regulation, and is a leap forward for consumer control over their personal data. It will better protect the personal information that data brokers harvest, and reduce the risk of that information being hit by a data breach. California has the most registered data brokers of any US state and the most breached data brokers.

But the Delete Act won’t cover data brokers overseas, beyond the reach of US law, or any other companies that are notorious for building dossiers of personal data about citizens (we’re looking at you, Big Tech), so its reach is limited.

Enforcement could be a major stumbling block, too.

Cybersecurity strategist Maurice Uenuma told Infosecurity Magazine, “From a privacy standpoint, this is a wonderful, consumer-friendly concept; it addresses many of the pain points for privacy-conscious citizens to limit their data exposure. However, this will be very difficult to implement and enforce.”

Uenuma says that verifying that the deleted data is truly gone will be the biggest challenge (opponents of the law cite others too.) It will depend on organizational, procedural, and technological changes—and data brokers doing the right thing.

Uenuma recommends consumers request a certified “proof of erasure” at the end of the data deletion process.

We recommend that consumers also continue to use comprehensive privacy products like MySudo.

All-in-one privacy app MySudo

MySudo breaks the data trail that you leave behind every time you go online, making it difficult for data brokers to harvest valuable information to sell, and for criminals to steal sufficient data to commit identity theft and other crimes.

If you’re new to MySudo, it’s like a privacy shield. You create secure digital identities called Sudos and give each one its own dedicated phone number, email, private browser, handle, and virtual card*. Then it’s simply a matter of using the Sudo information instead of your own personal information online and even in-person (for example, you might give a Sudo number to a new date until you’re feeling safe in the relationship).

Bottom line is, MySudo and the Delete Act are both great tools for taking control of your personal information, privacy and safety. But the Delete Act can only reach so far and its enforcementis only as good as the California Privacy Protection Agency is resourced, and how true to their word data brokers prove to be.

It’s too soon to tell how well this law will work, so stay safe with MySudo.

Download now

Start here

Get the 4 steps to setting up MySudo to meet your real life privacy needs

*iOS and US only. Android and more locations coming soon

Suggested articles:

The Top 10 Ways Bad Actors Use Your Stolen Personal Information

A bad actor isn’t only a poorly skilled thespian (ha ha). It’s also a person (or group) who intentionally acts to cause harm to a…

Can an Existing Digital Identity Wallet Leverage a Hardware Security Module to Meet New EU Standards?

Anonyome Labs will co-present a paper with Australia’s Queensland University of Technology (QUT) at the 8th Symposium on Distributed Ledger Technology in Brisbane, Australia from…

Aries VCX: Another Proof Point for Anonyome’s Commitment to Decentralized Identity 

For nearly two years, Anonyome Labs has co-maintained an open source project from Hyperledger called Aries-VCX. VCX is an important decentralized identity (DI) community project,…