Data Brokers Are Selling Your Personal Information

The average American appears on 50-100 data broker sites. These companies actively trade data with each other, so removing yourself from one broker does not stop others from having your information. Your data propagates through broker networks within weeks of appearing on a single site. A comprehensive removal strategy needs to target all brokers simultaneously, not one at a time.

In most US states, yes. The United States has no comprehensive federal data privacy law, so data brokers operate in a largely unregulated space. California's CCPA, Virginia's VCDPA, Colorado's CPA, and a handful of other state laws give residents the right to opt out of data sales. The EU's GDPR provides stronger protections. But in the majority of states, data brokers face no legal obligation to stop selling your information unless you explicitly opt out — which is why proactive removal matters.

Data brokers typically obtain SSN fragments (usually the last 4 digits) from public court records, bankruptcy filings, and property transactions that include partial SSN information. Full SSNs are more commonly found in data breaches and dark web marketplaces. Some data aggregators purchase SSN-adjacent data from financial institutions and credit reporting agencies. This is why monitoring for identity theft alongside data broker removal is essential for complete protection.

Yes, unless restricted by state law. While COPPA (Children's Online Privacy Protection Act) limits what websites can collect from children under 13, it does not prevent data brokers from compiling information about minors from public records, school directories, and other offline sources. Children's names, addresses, and family connections frequently appear on people search sites alongside their parents' profiles. Some states like California and Illinois have passed additional protections, but most have not.

While HIPAA protects medical records held by healthcare providers and insurers, data brokers find workarounds. They purchase prescription data from pharmacies (which was legal until recently challenged), aggregate health-related purchases (vitamins, medical devices, fitness data), and compile information from health apps and wearable devices that fall outside HIPAA. Some brokers create "health scores" by inferring conditions from purchase patterns and web browsing behavior, which they sell to insurance companies and employers.

Most data brokers refresh their records every 30-90 days by re-scraping public records, purchasing updated datasets, and crawling websites. Some people search sites like Spokeo and BeenVerified update weekly or even daily for certain data types. This means that even after you successfully remove your information, it can reappear within a few weeks as brokers re-acquire it from their sources. Ongoing monitoring and repeated removal requests are necessary to keep your data off these sites.

Credit bureaus (Equifax, Experian, TransUnion) are regulated under the Fair Credit Reporting Act (FCRA), which gives you legal rights to dispute inaccurate information and limits who can access your report. Data brokers operate outside FCRA regulation — they sell information to anyone willing to pay with no obligation to verify accuracy, and you have no federal right to dispute incorrect data they hold. Credit bureaus report your financial behavior; data brokers compile everything else about your life and sell it without restriction.

In most states, data brokers operate legally under current law, making lawsuits difficult unless they violate a specific state privacy law (like CCPA in California) or misuse your data in a way that causes demonstrable harm. If a broker refuses to honor a valid opt-out request under CCPA, VCDPA, or CPA, you may have grounds for a complaint with your state attorney general. Class action lawsuits have been filed against brokers for data breaches, but simply possessing and selling your public record data is generally not actionable.

The average consumer's data generates between $0.50 and $250 per year depending on the demographic profile. High-value profiles — homeowners, high earners, expecting parents, people with specific medical conditions — fetch premium prices. The entire data broker industry generates over $200 billion annually. A single detailed consumer profile can sell for $0.10 to $0.50 per lookup on people search sites, but the volume is staggering: some brokers process billions of lookups per year.

We currently scan and remove from 1,500+ data broker sources including all major people search sites, background check services, and data aggregators. We also submit formal CCPA right-to-know requests to enterprise data brokers like Acxiom, Oracle, LexisNexis, and Epsilon that don't have public-facing opt-out forms. Our coverage continues to expand as we discover new brokers. After removal, we monitor continuously and re-submit removal requests when your data reappears.