Have you ever been shopping online and bought something, then started receiving emails for similar items? Or perhaps your personal information was posted online, which led to online harassment or even stalking. Your personal information that you thought was protected was most likely sold to several different data broker websites.
There are a few ways to fight back against the sale of your data to third-party data broker sites, including:
- Opting out of information collection and publication;
- Hiring online content removal companies and services;
- Investing in online reputation management services;
- Not giving out your personal information.
At Minc Law, we have extensive experience with internet content removal and are well-versed in the subject of removing information from data broker websites.
In this post, we will take a look at what data brokers are and how they work, why you should remove your brokered personal information from their databases if you can, and a few strategies to remove yourself from data broker sites.
What is a Data Broker?
Data brokers are companies that collect your personal information and resell it to other companies for marketing purposes. They collect your information from various online sources under the guise of “business intelligence.”
These data brokers do not have a direct relationship with the consumers whose data they have collected, so most people are not even aware of what is happening. Intangible items like getting married or divorced, buying a home, having a baby, or even looking into colleges are triggering events that data brokers view as invisible gold.
Consumer data is one of the most lucrative industries in the world — in fact, data brokering is a $200 billion industry. Over time, a single email address can be worth an average of $89 — and this value can more than double if you are a frequent traveler. Because it is such a lucrative business, there are over 4,000 data and information broker companies worldwide.
How Data Broker Websites Work
If you have ever used a search engine, created a social media account, registered a cell phone or cable service in your name, or even completed a payroll form for your job, you have left an enormous electronic paper trail that has been bought and sold many times over.
Data brokers collect information in a few different ways:
- Public sources: Property records, court records, driver’s license and motor vehicle records, census data, birth certificates, marriage licenses, divorce records, state professional and recreational license records, voter registration records, bankruptcy records, etc.
- Commercial sources: Customers’ purchase histories along with the dates, dollar amounts, payment method used, loyalty cards, coupons, etc.
- Online sources: Social media platforms, web browsing activity, and quiz and gaming apps, among many others.
- The individual themselves: By not fully reading the fine print when signing up for something like a store loyalty card, the individual may freely give permission for their information to be sold.
When data broker sites gather your data, they look for your:
- Birth date,
- Contact information,
- Social security number, and
- Your personal, financial, religious, and political history.
Every move you make online is fair game. All transactions, affiliations, and relationships are of interest.
In short, data broker sites hope to profit off of anything and everything that makes you, you.
The Big Three: Types of Data Brokers
So, what do data brokers do with your data?
How your personal info is used depends largely on the type of broker that has obtained it. There are three main categories of data brokers:
- People-Search Sites: Gather information and host it on their site for public view. Any individual or company with internet access can find information on others with basic starting information. These are usually the first places people look when they are trying to “doxx” someone (examples: MyLife, White Pages, and InstantCheckmate)
- Marketing and Advertising: Create detailed dossiers on people that include information that will help craft custom marketing blasts (examples: Datalogix, Acxiom, and Intelius)
- Risk Mitigation: Identity verification products used to comply with regulations or prevent fraud when consumers attempt to make a transaction. Common examples are requests to verify your mother’s maiden name when you apply for a home loan (CoreLogic and eBureau sell risk mitigation products)
How Are Data Brokers Legal?
If this is your introduction to the data broker world, you must be wondering: Is it legal?
The answer is a complex one — but while it can be distressing to know your personal details being bought and sold right under your nose, hosting publicly available information such as your name, age and address is not illegal at all.
There is no overarching law in the United States that bars a website from hosting your personal data if the site’s purpose is not to be used to determine a person’s credit, insurance, or employment eligibility.
Data Broker Sites: Where “Doxxers” Get Their Ammunition
Doxxing (or doxing) is the practice of researching and publicly broadcasting private or identifying information, especially personally-identifying information (PII), about an individual or organization — usually with malicious intent.
Some people equate the aggregation and publication of personally identifiable information on data broker sites as a form of doxxing. This is because “doxxers” frequently obtain highly sensitive personal information from data brokers and data broker sites.
Some of the methods employed to obtain this information include searching publicly available data broker websites and social media websites, hacking, and social engineering.
Doxxing may be carried out for various reasons, including:
Difference Between Data Brokers & Consumer Reporting Agencies
What makes data brokers different from consumer reporting agencies (which generate reports for credit, insurance, or employment purposes)?
In short, consumer reporting agencies are regulated under the 1970 Fair Credit Reporting Act (FCRA).
This law allows you to access and correct errors in your credit report. It also only allows users of consumer reports to access that information in certain circumstances. For example, employers using consumer reports to screen employees or job applicants must obtain written permission and explain how they plan to use the report.
Users of the information for credit, insurance, or employment purposes have certain responsibilities they need to follow under the FCRA:
- Users can only obtain consumer reports for permissible purposes under the FCRA;
- They must notify the consumer when an adverse action is taken on the basis of such reports; and,
- They must identify the company that provided the report, so that the accuracy and completeness of the report may be verified or contested.
But data brokers that are not considered consumer reporting agencies are not regulated in the same way.
In fact, people-search sites often instruct users not to use that data as a substitute for a traditional background check. These types of sites are not supposed to be used for making decisions about credit, housing, employment, or insurance.
Whether or not sites NOT regulated by the FCRA are actually being used for those purposes, and how often that happens, is difficult to determine.
2014 FTC Report – A Call For Transparency & Accountability in the Data Broker Industry
In May 2014, the Federal Trade Commission concluded a study titled “Data Brokers: A Call for Transparency and Accountability” on nine different data brokers. The purpose of this study was to expose the way the data broker industry actually operates.
The FTC only enforces antitrust and consumer protection laws; it does not create them. However, it can present the findings of its investigations to Congress and ask them to enact legislation on issues that it oversees.
Based on this study’s findings, the FTC encouraged Congress to create a law that would (1) enable consumers to learn of the existence and activities of data brokers, and (2) give consumers reasonable access to information about themselves held by these entities.
Why You Should Remove Your Personal Information From Data Broker Websites
Having your personal information readily available for the public to view can come with some nasty and dangerous risks.
One of the most heinous threats is the possibility of identity theft. If you can obtain information about a certain individual online, you might be able to impersonate them, use their credit history, or get into a password-protected website if you can answer security questions correctly.
People-search sites offer their own alarming hazards, as well. Looking up your grandparents’ address online to send them a holiday card is innocent enough, but there are many people with far more sinister agendas.
People-search sites make it very easy for stalkers, catfishers, abusive ex-lovers, and scammers to obtain your location and phone number to harass you. It is also incredibly easy for unbalanced people to dox you on social media if you get into an argument with them.
Lastly, anyone could be subject to a terrible security breach. Companies’ security measures are not bulletproof, and their data ends up in the wrong hands — just take a look at these high-profile examples:
- The Equifax breach of 2017 affected more than 145 million people;
- Acxiom was breached in 2003 and over 1.6 billion records (including names, addresses, and emails) were stolen;
- Epsilon was hacked in 2011 and millions of people on email marketing lists were subject to spam and phishing attempts.
Online Reputation Management & Monitoring Tip: We recommend creating a free Google Alerts account to monitor your online reputation and the internet for specific keywords. Simply enter your name and the target keywords you want to monitor, how often you want to receive notifications, and create a Google Alert. You will then receive a Google Alert anytime your inputted keywords are mentioned anywhere online.
How to Remove Yourself From Data Broker Sites
Of course, the most effective way to avoid information leaks would be to go fully off the grid. Get a burner phone, only use a P.O. Box, and change your name to John Smith.
For most of us, though, this option is not realistic. That is why it is so important to do everything within our power to limit the reach of data broker websites as we go about our daily lives.
1. Opt-Out of Personal Information Collection
Most well-known data brokers offer an “opt-out” option for people to remove part or all of their data being published on that particular data broker site.
Every data broker site has its own policies on what data can be removed. Some sites will remove your entire profile, including your name, address, and phone number — while others will only remove select information, like your house and phone number, but not your legal name or street name.
Opt-out procedures can vary widely among brokers as well. Some sites require you to send physical letters or faxes or make phone calls. Others require copies of your driver’s license.
Master List of Data Broker Site Opt-Out Links
If you are interested in opting out everywhere you possibly can, we have compiled links to more than 50 sites below:
2. Utilize Content Removal Companies or Services
Lacking the time to go through the opt-out process? Online content removal services and companies like Minc Law’s Digital Risk Protection Service and DeleteMe will do all the work for you.
Make sure you understand your personal needs and consider all the services offered by various removal companies when choosing between them. Below is a helpful chart to get you started on your decision process:
|Digital Risk Protection service – hunt for search results containing personal and damaging information||Exclusively handles data broker removal requests|
|50+ sites in database and any other results will be attempted||41 sites in database|
|Experienced and licensed attorneys||Human operators, not robots|
|Provide monthly data reports and updates||Provide detailed quarterly reports|
|Offers search result de-indexing||DOES NOT provide de-indexing services|
|$3,500 retainer fee for attorney matter or $99/mo. for Digital Risk Protection services||$129/year|
3. Online Reputation Management
Since the majority of internet users do not scroll past the first page of search results, one reputation management strategy is to push negative content off of page one. This goal is achieved through a method called “suppression.”
To suppress content, create positive content that will show up on the first page of your search results. The more positive content you create, the less likely people are to see the negative content. Only 13 percent of internet users will view search results beyond four pages, so suppression can be nearly as effective as outright removal.
4. Stop Giving Out Your Information
Everywhere you turn, you are asked for personal details — but saying “no” whenever possible can help newer data from being published in the future.
Start by locking down your social media accounts. Public social media profiles are vulnerable to collection from data brokers. For example, your “about me” section on Facebook has data ripe for the taking, including:
- Your current name, maiden names, and aliases,
- Your current and previous workplaces,
- Colleges and high schools you have attended,
- Your current city, hometown, and previous addresses,
- Basic contact information,
- Websites and social links,
- Languages, religious and political affiliations, gender, date of birth, and sexual orientation,
- Romantic and familiar relationships,
- Blood donations,
- Life events.
If you are most concerned about receiving pesky advertisement emails or someone collecting your PII, you can try masking your email address, phone number, and even your credit card numbers when purchasing items online. Products like Blur are designed to hide your real personal data while still allowing you the same shopping liberties as anyone else.
Minc Law Reputation Management Tip: If you need to suppress negative search results, one simple tactic is to create social media accounts. When someone searches your name, your social media accounts will be the first results that appear. You can also write articles or even self-publish books that help you establish leadership within your industry.
When to Seek Legal Help With Data Broker Websites
If you have been the subject of a deceptive data collection practice or your privacy has been violated, you may want professional help resolving your situation.
It can be difficult (not to mention extremely time-consuming) to get through to the right people to have your sensitive information removed from sites like these, which is why legal help is sometimes the best solution.
Your attorney may be able to help you take legal action — including in one of the following ways — if your privacy has been violated or sensitive information has been leaked.
File a Federal Trade Commission Complaint
Consumers can file a complaint with the Federal Trade Commission (FTC) for any practices that a company is engaged in that they feel are unfair or harmful. Your complaint will go to the FTC complaint database, which is available to not only FTC staff but to other law enforcement as well.
California Consumer Privacy Act
If you are a California resident, you may have even more protection for your personal data. In 2020, the state passed a data broker law called the California Consumer Privacy Act (CCPA) that guarantees consumers residing in the state of California the right to:
- Know what personal info companies are collecting about them;
- Access that data;
- Find out where companies are selling their data;
- Opt-out of having their data sold;
- Delete the data that has already been collected.
Case Study: Spokeo, Inc. v. Robins
In 2010, Thomas Robins filed a class-action lawsuit in the U.S. District Court for the Central District of California (Spokeo, Inc v. Robins). He alleged that the “people-search engine” Spokeo, Inc. had violated the Fair Credit Reporting Act.
Robins alleged that while he was an unemployed resident of Virginia, he discovered inaccurate information about himself on Spokeo’s website. His profile falsely stated that he was a married parent in his 50’s, had a graduate degree, worked in a professional or technical field, and had a wealth level in the top 10%. His profile had an accompanying fake photograph attached.
In May 2019, after a lengthy mediation and the case had gone to the U.S. Supreme Court, both Robins and Spokeo were able to agree to a settlement detailing:
For three years, Spokeo may not publish any person’s credit scores unless it clearly states that its profiles may only be used for non-FCRA purposes.
Spokeo will include a hyperlink to an opt-out form on its privacy page on all website pages which include a “general navigation menu.”
Spokeo will include a disclaimer on its terms and conditions page that its site users may not use any information gained from the Spokeo service for any FCRA purposes.
Spokeo must include disclaimers that it does not qualify as a consumer reporting agency (CRA) as defined by the FCRA.
All Spokeo customers must certify and agree that they will not use the company’s website and any information gained from its services for any FCRA purposes.
The Cost to Remove Your Personal Information From the Internet
Because internet and content removal cases can vary in difficulty and length, most attorneys generally charge by the hour. Pricing also comes down to whether the case goes into litigation or not.
In most cases, however, pricing is something that we can accommodate upon request as part of our digital risk protection service (which is competitively priced relative to other comparable services).
Minc Law Digital Risk Protection Tip: If you are concerned about your digital privacy and risk, consider our digital risk protection services. We use a threat mitigation strategy to detect risk, analyze data, optimize your digital assets, and disrupt threats in real-time. If you are unfamiliar with the services we offer and would like an overview to see if it could benefit you, we recommend checking out our informative article, “Frequently Asked Questions About Digital Risk Protection“.
Data Broker Websites: A Problem, But We Can Help
In today’s digital world, protecting your sensitive personal information and privacy can feel like an impossible dream. Countless data and information broker sites have sprung up in recent years to make a profitable industry out of mining, compiling, and selling your information to the highest bidder.
But though it is impossible to protect your privacy completely unless you become an internet-less hermit in the wilderness, you can still fight to protect yourself by opting out of information collection and keeping tabs on your internet presence.
And if your privacy has been violated by a data broker website, it may be time to seek legal representation. At Minc Law, we have removed more than 50,000 pieces of damaging content and have 2,500 satisfied clients — and we can help you, too.
“If you are doubting this place for your situation DO NOT ANYMORE!!! Minc Law and especially Dayra their Paralegal has brought peace back in to our lives!!! We had an issue that we tried to resolve with other agencies who would only drive it down the in to the search, and Minc Law was able to completely remove it from any search possible in less than a week!!! Thank you Minc Law and an extra special THANK YOU to Dayra!!! You guys are the best!!!!!!!”
-JC, Sept 7, 2020
To learn more, contact us to schedule your free, initial no-obligation consultation by calling us at (216) 373-7706, speaking with a Chat Representative, or by filling out our online contact form.