Data Brokers 101: What They Are and How to Protect Your Info
Categories: Cybersecurity, Data, Data Brokers, Data Privacy, Data Safety, Digital Footprint, PII, Privacy Guides
Data brokers, at a glance
- What they do: collect and package personal data into profiles sold to marketers, risk teams, and others.
- Where data comes from: public records, apps, websites, location services, and retail purchases.
- Why it matters: fuels identity theft risk, discriminatory decisions, hyper-targeting, and exposure.
- Do this now: enable tracker blocking and a global privacy signal, reset mobile ad IDs, submit opt-outs, clean old social posts.
You may have never heard of Acxiom, Oracle, or Experian. Yet, these companies and thousands more like them know an incredible amount about you. They are data brokers, and they are the engines of a massive, multi-billion-dollar industry that buys, sells, and trades your personal information without your direct knowledge or consent.
So, what exactly are data brokers, what do they know about you, and most importantly, how can you protect yourself from them?
What Exactly Are Data Brokers?
At its simplest, a data broker is a company that collects personal information from a vast network of sources and then packages it into detailed profiles on individuals. These profiles are then sold to other companies for marketing, risk assessment, fraud detection, and more.
Think of them as digital middlemen. They don’t generate the data themselves; they simply collect it from countless sources, clean it up, organize it, and sell it to anyone willing to pay.
Myth vs Fact
| Myth | Fact |
|---|---|
| Incognito mode hides you from data brokers. | It only limits local history. Sites, apps, and SDKs can still collect and share data. |
| Opting out once removes you forever. | Data repopulates from new sources. Revisit opt-outs on a schedule and audit regularly. |
| Deleting a social post erases it everywhere. | Brokers or scrapers may already hold copies. You still need formal deletion requests. |
| All broker data is anonymous. | Location and device data can often be linked back to a person or household. |
| Sharing ID for a deletion request is unsafe by default. | Some brokers require verification. Provide the least data necessary and watermark any image you share. |
Where Do They Get Your Data?
This is the most alarming part. Data brokers build their profiles using a combination of public and private sources, often in ways you would never expect.
- Public Records: This is the easiest data for them to acquire. It includes things like your name, address, phone number, political party affiliation, property records, and even marriage and divorce records.
- Commercial Sources: This is where things get personal. They buy data from the companies you interact with every day. This includes retailers selling your purchase history, social media companies selling your public activity, and even apps on your phone selling your location history.
- Online Activity: Every click you make online, every website you visit, and every search query you type can be tracked, aggregated, and sold. This includes your browsing history, what you look at online, and your activity on social media platforms.
The result is a comprehensive profile that can include everything from your age, income, and profession to your hobbies, political leanings, health conditions, and even your likelihood to buy certain products.
Why Are Data Brokers a Threat to Your Privacy?
The sheer amount of data these companies hold on you creates significant risks.
- Identity Theft: Detailed profiles make it easier for malicious actors to steal your identity. The more information they have, the more convincing their scams can be.
- Discrimination and Bias: Data profiles can be used to make discriminatory decisions. For example, a landlord might use a profile to decide if you are a “risky” tenant, or an insurance company might use it to charge you higher rates based on your lifestyle or past purchases.
- Targeted Manipulation: This data is a powerful tool for political campaigns and advertisers who want to target you with highly specific messages, some of which may be misleading or manipulative.
- Personal Information Leaks: Data brokers are a huge repository of sensitive information. If their databases are breached, your personal information is at risk.
How to Protect Yourself from Data Brokers
Protecting yourself is a two-part process: reducing the data you generate and removing the data that’s already out there.
- Reduce Your Digital Footprint: Be more mindful of what you share online. Use private browsing modes, install ad-blockers, and be cautious about giving your information to companies, especially for free services.
- Opt-Out from Data Brokers: You have the legal right to ask data brokers to remove your information from their databases. However, this is a tedious process, as there are thousands of brokers, and you have to find each one and submit a request individually.
- Use a Tool to Clean Your Data: The most effective way to protect yourself is to go to the source of the data they collect. Data brokers scrape information from your publicly visible social media profiles. By regularly cleaning up your social media, you make it much harder for them to build a detailed profile on you.
This is where Redact is an invaluable tool. Redact helps you remove your old posts, comments, photos, and other content from a wide range of social media platforms. By mass deleting this information, you reduce the “surface area” of your online presence, making it much more difficult for data brokers to collect and sell your information.
Fight Back & Remove Your Data
Start here: high-impact brokers and people-finders
Prioritize large compilers and popular people-search sites. Have ready: full name, past addresses, email, phone, and a simple verification statement. Submit deletion and opt-out requests, then calendar a quarterly recheck.
- Acxiom: broad consumer and household profiles used across marketing.
- Epsilon: consumer privacy request portal for profile deletion or restriction. (Ads opt-out: legal.epsilon.com/optout)
- LiveRamp: identity resolution and data onboarding across platforms.
- LexisNexis: information suppression for public records and risk products.
- CoreLogic (Cotality): privacy form for client data. (HR/Employee data: employee-applicant form)
- TransUnion: privacy rights and opt-out portal, then use “Submit a request.”
- Data Axle: do-not-sell and deletion options for consumer databases.
- Neustar: privacy choices and opt-out options for identity products.
- Experian Marketing Services: EMS opt-out for marketing segments. (General hub: experian.com/privacy/opting_out)
- People-search sites:
- PeopleSearch.com: start here, then follow the on-site opt-out which routes through Whitepages after you locate your record.
- People-Search.org: removal is initiated from the record page once found. (How-to guide: Optery instructions)
Taking control of your digital footprint is the most powerful step you can take to protect your privacy in an age of data brokers.
