The clock is already running
California’s enforcers are issuing real fines for failing to register as a data broker. And from Aug 1, 2026 every registered broker has to operate deletion-request processing through DROP every 45 days. Most small and mid-size brokers have nobody assigned to any of it.
Real fines, named companies (2024–2026)
Registration you’re missing
CA registration is $6,000/yr (plus up to a 2.99% card-processing fee), due by Jan 31, with a $200/day clock for non-registration. Texas, Oregon and Vermont each have their own registry, fee and deadline, and their own gap if you’re only filed in one.
The Aug 1 DROP desk
Every registered broker must pull deletion requests through DROP every 45 days, delete across all systems, keep a suppression list and report status, or face $200 per request, per day. At that rate, 100 unprocessed requests reaches six figures inside a week.
The done-for-you Registration & DROP Deletion Desk
We file all four states, manage every renewal deadline, and operate the recurring deletion processing as a service. Your team never touches a state portal or a 45-day cycle. This is operational delivery, not legal advice: we run the filings and the desk, and refer you to counsel for any legal opinion.
State filing fees are pass-through at cost: CA $6,000/yr (plus up to 2.99% card-processing fee), TX $300/yr, OR $600/yr, VT ~$100/yr. Those go to the states, not us.
We don’t guess whether you’re exposed. We check the public registries.
The four states publish their registries, and PRC/EFF cross-referenced them. We diff your name against public data and show you, free, in the snapshot.
Questions before the call
Are you a law firm?
No. We provide operational registration and deletion-processing services, not legal advice, and we don’t represent you before any regulator. For a legal opinion on whether you meet the data-broker definition, we’ll point you to counsel.
How do you know I’m exposed?
The four states publish their registries, and PRC/EFF cross-referenced them. We diff your company name across all four plus the CPPA enforcement list and show you the gaps, free, in the snapshot.
What exactly is the DROP desk?
Each cycle (every 45 days or less) we pull your deletion request batch, match identifiers, delete across the systems you connect, update your suppression list, file the status report, and keep an audit log.
How do you access my systems and keep our data secure?
We work with scoped, least-privilege access to only the systems needed to process deletions, and every action lands in an audit log. We don’t retain your customer data beyond the suppression list required to honor deletions. Access scope is agreed in writing before any work begins.
What if I’m not actually a data broker?
The Readiness Audit answers that in writing. If you’re out of scope, you walk away with documented clarity, and you only paid the audit fee.
What happens on the 15-minute call?
You share your company name. We diff it against the four state registries and the CPPA enforcement list, and you get a written gap summary showing where you’re exposed. No obligation to proceed.
What are the state fees?
Pass-through at cost: CA $6,000/yr (plus up to 2.99% card-processing fee), TX $300/yr, OR $600/yr, VT ~$100/yr. Those go to the states, not us.
Find out where you’re exposed, in 15 minutes
No charge, no pitch, no legal opinion. We diff your company across all four state registries and the enforcement list and tell you exactly where the clock is running.
Prefer to write directly? arshia@deletiondesk.comRun by Arshia Hamidi, operational filings and deletion-ops. I reply within 1 business day.