As someone who works in cybersecurity and privacy and who lives in California, I’ve been closely tracking CCPA since it was passed. The state statute, protecting consumers’ rights to access, request deletion of, and opt out of the sale of their personal information, went live in January. At the time, I conducted what I thought of as an initial experiment, to see what would happen when I requested my own data—which companies were prepared to send it, how much they would send, and how promptly they would respond. I approached Verizon, Facebook, Comcast, Google, LinkedIn, Ring, Amazon, YouTube, and Intuit, as well as some data brokers that are registered with the state, among others.