What Does the Term Data Broker Mean?
Data brokers are companies that collect and aggregate vast amounts of personal information. Also known as information brokers, these companies package and sell the data to other businesses, marketers, and even government and regulatory agencies.
While the U.S. Constitution prevents the government from accessing your sensitive data without due process, there are few laws that regulate the purchase of such data from data vendors [*].
To make matters worse, it’s not just legal entities that buy from data brokers. Scammers can just as easily buy sensitive consumer data from vendors on the open market.
As a result, you’re left vulnerable to identity theft, hacking, and the damaging consequences of discriminatory algorithms and biases.
Understanding privacy policies and opt-outs could be your only way to navigate the murky waters surrounding data brokers.
How Do Data Broker Sites Collect Personal Information?
Data brokers collect personal data by using a combination of scraping tools, online forms, and publicly accessible websites.
These data brokerage companies can build detailed dossiers about you — eventually seen on “white pages” or people-search websites — including demographic information, contact details, and even health records.
Here’s how it works:
- Data collection: Data brokers use various sources to gather information including your name, date of birth, phone number, address, and marital status. This data is gathered from what’s publicly available on the internet, furtively through software development kits or SDKs, and algorithms that can predict data points [*].
- Data segmentation: The brokers then use data management platforms (DMPs) to filter this data. They identify demographics with shared interests, behaviors, and more. Vendors that sell to other businesses also segment data based on attributes like industry, company size, revenue, and job titles.
- Profile creation: After filtering, the brokers append information such as age, gender, location, and purchasing behavior among other vectors. This process helps create a detailed description of each person.
- Data enrichment: Supplemental information from third-party sources are then mapped at this stage. For example, data brokers may compare public records and fraud reports to validate someone’s identity and address.
What Sources Do Data Brokers Use?
The Fair Credit Reporting Act (FCRA) sets guidelines for how data brokers collect and use consumer information. In addition, the FCRA also grants you the right to access, dispute, and correct your data.
The Consumer Financial Protection Bureau (CFPB) is the agency that enforces the FCRA and ensures that these companies comply with federal law [*].
For the most part, the data broker industry functions (and collects information) in legitimate ways — but largely out of public view.
Here are the six most common sources from which data brokers purchase, license, or otherwise acquire second-hand data:
- Public records are abundant sources of personally identifiable information (PII). Birth certificates, marriage licenses, divorce records, arrest records, voter registrations, motor vehicle records, census data, and bankruptcy records hold heaps of personal sensitive data.
- Credit card companies sell customer purchase propensities and bill repayment details to data brokers. Data brokers aggregate and anonymize this transaction data before reselling it to hedge funds, advertisers, and marketers.
- Web browser cookies store your information as you use mobile apps, smart home devices, social media accounts, and e-commerce sites. Data brokers may buy website cookies directly from websites and apps that observe your browsing activity.
- Retailers track your information through their websites, loyalty cards, and coupons. Data brokers may use this information to serve personalized ads or to assess your creditworthiness.
- Mobile apps may gather location data, device IDs, and other user information, such as your date of birth, interests, and address. Those apps that partner with data vendors may directly share this data using SDKs, or while serving ads that use real-time bidding (RTB) [*].
- Users themselves give companies consent to share data in several ways. When you sign online forms, complete surveys, or join loyalty programs, you may have just relinquished bits of PII.
Targeted ads aside, open information sharing puts consumers in the crosshairs of fraud. This is especially grim considering that the anonymized data collected can be de-anonymized with 99.98% certainty [*].
This may not be too hyperbolic given the results of a study that aimed to assess how at-risk 750 American senior executives might be [*]. 40% of online data brokers had the IP address of an executive’s home network.
Needless to say, hackers don’t need to lie in waiting for a data breach to expose individual and company data.
Types of Data Brokers
Data brokers profit by selling large volumes of personal or company dossiers. While one-time deals are common, many data brokers lease data access to third parties via subscriptions.
To understand how data brokers use and sell your data, here’s a breakdown of the four types of data brokers.
1. People search brokers
Spokeo, PeekYou, and PeopleSmart are examples of people search databases. On these sites, you can find personal information about someone by entering their name or other identifying details.
- How they work: People search sites compile names, aliases, birthdates, address histories, education information, employment details, marriage and divorce records, bankruptcy information, social media profiles, property records, interests and affiliations, and even details about your family members.
- Purpose: People search sites are like search engines that help you track down relatives or old friends. These sites are also sometimes used during background checks, to verify identities, or to locate potential customers.
- Drawback: Criminals can use the information for doxxing or blackmail. Maleeha Aziz, for instance, worries that extremists could get her information from people search sites to target American women in the reproductive justice community [*].
2. Marketing and advertising brokers
Some data brokers, such as Acxiom, Epsilon, and Datalogix, sell data for advertising and marketing purposes.
- How they work: These brokers create audience segments that combine purchasing behaviors with personal details. This information includes names, email addresses, interests, income, and even number of children.
- Purpose: Advertisers can use these data sets to personalize their marketing. A targeted approach helps companies serve relevant content, deals, and discounts.
- Drawback: Since data brokers aggregate third-party data from various sources, these profiles may be inaccurate or unreliable.
3. Risk mitigation data brokers
ID Analytics and Intelius are examples of data brokers that focus on risk mitigation. These companies build products to help verify potential customer identities and detect fraud.
- How they work: Risk mitigation data brokers collect and sell personal information about people to help organizations verify identities and detect fraud. For example, a lender might use a similar data broker to confirm that a potential borrower is indeed who they claim to be.
- Purpose: Granted the data is accurate, such vendors can help prevent identity theft and fraud.
- Drawback: If these data brokers supply false or misleading information about you, it could impact your chances of getting a job or buying a car.
4. Financial data brokers
The three major credit bureaus — Equifax, Experian, and TransUnion — are the key players here. There are also other financial data brokers, like Verisk and CoreLogic.
- How they work: Financial information brokers collect data from credit card companies and public records. The brokers stockpile reports, including details about your income, bankruptcies, delinquent accounts, and debts. The data may also include payment records for utility bills, cell phone contracts, and rental agreements.
- Purpose: These types of data brokers help financial institutions decide if someone qualifies for a loan. Lenders can determine what kind of loan and interest rate to offer a potential borrower. Credit and insurance underwriting companies also use this data — setting premiums for an insurance policy is one way.
- Drawback: Unscrupulous brokers could sell inaccurate data. Any false or misleading data could compromise someone’s chances of securing a line of credit.
The Difference Between Data Brokers and Consumer Reporting Agencies
Data brokers and consumer reporting agencies (CRAs) both collect and process information about consumers. However, there are some key differences.
In general, consumer reporting agencies are looked upon more favorably by the public. However, there have been instances — Spokeo, Inc. v. Robins — in which credit reporting agencies have transgressed the boundaries of the law.
The case began when Thomas Robins sued Spokeo, Inc. for willfully failing to comply with the FCRA’s requirements to ensure the accuracy of the information it provides [*].
Robins claimed that Spokeo published false information about his age, marital status, education, wealth, and employment, which harmed his employment prospects and caused him emotional distress.
⛳️ Related: How To Prevent Identity Theft and Its Devastating Effects →
How To Remove Yourself From Data Broker Sites
A study that analyzed 10 hacks of data brokers between 2012 and 2021 found the U.S. to be the most affected country — 210 million American records were exposed over the years [*].
Of the 506 registered data brokers under scrutiny, 23 had suffered data breaches. Further, misleading or irrelevant ads and errors by any third party that uses this data are also reasons why you may limit how your data is shared.
To remove yourself from data broker sites, you must first find your listing, verify your email, and then opt out. You can also use content removal services or Aura's data broker opt-out service.
Complete manual opt-outs from data brokers
Manually contacting data brokers to request that they remove your sensitive information from their systems is the first option. This method is time-consuming, but it helps.
Let's look at the process with a few popular data brokerages.
Removing your data from BeenVerified
- Visit BeenVerified’s opt-out website, and search for your listing by entering your name and state.
- Find your listing, and select the arrow on the right.
- Enter your email address, then perform the CAPTCHA.
- You’ll receive a confirmation email within a few minutes. Select Verify opt-out at the bottom.
- Next, you’ll be redirected to BeenVerified’s website to see an opt-out confirmation page.
- Your listing should be removed within 24 hours. You’ll receive a final confirmation to let you know that your opt-out has been completed.
Removing your data from Acxiom
- Go to Acxiom’s official website. Scroll down to the footer, and select Do Not Sell My Personal Information.
- Read through the information about the opt-out process and how Acxiom uses your information.
- Scroll to the bottom, where you’ll find the opt-out form.
- Complete the form to detail the information that you want to remove from Acxiom’s database.
- Select Submit, then provide a confirmation email.
- Open your email inbox to view the verification email from Acxiom, and click on the link.
- Mark the checkbox to confirm I'm not a robot; and finally, select Submit to complete your opt-out request. It can take up to two weeks for Acxiom to process your request.
Use content removal services
While manual opt-outs are free, setting them up takes time. Ironically, when you try to remove your data from data broker sites, you’ll need to give personal details. These services request your full name, mailing address, phone number, and email address.
Also, even after trawling through the process with multiple data brokers, you’re not done. You must keep checking the websites to see if they have re-added your information.
And worst of all, opt-out requests can’t help you delete marketing information that was already sold to other companies.
An automated content removal service helps you remove more of your information from data brokers and Google searches in less time.
DeleteMe is a popular tool that removes your data from leading broker sites like BeenVerified, Spokeo, and White. Plans start from $129 per year, with discounts for additional users [*].
Try Aura’s data removal services
Aura's digital security suite includes a privacy assistant that operates as a data broker removal service. If you sign up for any Aura plan, you’ll get access to its data broker opt-out services.
Aura saves you time by scanning known databases and lodging automatic requests to remove your data from data broker sites.
Reduce your digital footprint
The first step in protecting your online privacy is becoming more cautious about what you share on the internet.
- Delete accounts you rarely use. Whenever you create a new online account, your data is at greater risk of being shared or leaked. Manually revisit old email accounts, e-commerce store profiles, and mobile apps to close them down. In the future, choose guest accounts or email aliases to shop online safely.
- Scrub your data from Google. Manually search for your name, and take note of websites that show your information. Request to remove your personal information from Google. Besides the URLs, you will also have to select the reason for your removal request, such as personal information, legal issues, or outdated content.
- Contact website owners about your information. Your information could still be on other sites and social media platforms even after contacting Google. Try reaching out to site owners using their contact pages or by finding their contact details with a Whois search. When you make your removal request, provide videos or screenshots of the information.
How You Can Protect Your Privacy Online
- Use a virtual private network (VPN). Hackers can compromise unsecure public Wi-Fi in hotels, restaurants, and airports. With a VPN, you'll have an encrypted internet connection to hide your activity when you’re online.
- Scan for leaked passwords. Use Aura’s free password scanner to check if your email or any associated passwords have been exposed in data breaches. Also check for compromised accounts with Identity Guard’s Dark Web scanner, and scan your phone number on HaveIBeenPwned.com.
- Use a password manager. It’s easier to create and store unique passwords for all of your accounts with a dedicated app. Aura’s password manager makes it easy to create complex login credentials and update any weak passwords.
- Enable two-factor authentication (2FA). If an imposter has your password, 2FA will reduce the chance of account takeovers. Set up a biometric scan or use an authenticator app to add another security layer to your accounts.
- Take action on data breach notifications. In the United States, there is no federal data breach notification law that spans all industries and sectors. Each state or territory, however, has laws governing businesses that own or license computerized data that includes PII.
- Scan your devices for malware. A reputable antivirus software will detect and isolate malicious programs. You can also enable anti-track browser extensions to get peace of mind whenever you browse online.
- Use burner debit and credit cards. Virtual cards are good for one-time purchases or for shopping with an unfamiliar website or store. You can also lock virtual cards to a specific merchant, which minimizes the risk of credit card fraud.
- Freeze your credit with all three bureaus. If you spot any warning signs of identity theft, you can prevent fraudsters from opening new accounts in your name by initiating a credit freeze. Request the freeze by contacting each of the three credit reporting agencies individually.
- Remove yourself from direct marketing and telemarketing lists. Submit requests with sites like DMAchoice, OptOutPrescreen.com, and the National Do Not Call Registry to remove yourself from unwanted mailing lists.
- Report unscrupulous data brokers. If you believe that a data broker is in violation of privacy rights, submit a report with the FTC at reportfraud.ftc.gov or call 1-877-FTC-HELP (1-877-382-4357).
Opt-outs Are Not One-offs. Aura Can Help
Despite its benefits, the data brokerage industry has inherent data privacy risks that could expose you to fraud.
If you fall victim to identity theft, scammers could crater your credit score — harming your standing with financial institutions. Long term, the fraud could harm your chances of getting a loan, car, or job.
Aura offers a proactive solution to protect your privacy by removing your data from over 20 data broker sites. In the event of identity theft, Aura’s $1 million coverage can offset out-of-pocket expenses that are incurred as a result of the theft.