PrivacyChecker

What Data Brokers Know About You (And How to Stop Them)

PrivacyChecker Team·
data brokersprivacyopt-outpersonal dataCalifornia DELETE Act

There's an entire industry built on selling your personal information

Right now, hundreds of companies you've never heard of are buying, packaging, and reselling your personal data. These companies are called data brokers, and they operate one of the least understood yet most pervasive industries in the digital economy. They know where you live, what you earn, who your relatives are, and what you bought last Tuesday — and they'll sell that information to anyone willing to pay.

What exactly is a data broker?

A data broker is a company that collects personal information about consumers from a variety of public and private sources, aggregates it into detailed profiles, and sells or licenses it to other businesses, individuals, or organizations.

Some of the biggest names in the industry include Acxiom, Experian (beyond their credit bureau role), Oracle Data Cloud, LexisNexis, and people-search sites like Spokeo, BeenVerified, and Whitepages. There are an estimated 4,000+ data broker companies operating globally, and most people can't name a single one.

What data do they actually collect?

The short answer: almost everything. Data brokers build shockingly comprehensive profiles that can include:

  • Identity information — Full name, date of birth, aliases, Social Security Number fragments
  • Contact details — Current and past addresses, phone numbers, email addresses
  • Financial data — Estimated income, net worth, credit score ranges, mortgage and loan details
  • Consumer behavior — Purchase history, brand preferences, online browsing habits
  • Demographic data — Marital status, number of children, education level, occupation
  • Social connections — Names of relatives, roommates, neighbors, and known associates
  • Health-related inferences — Conditions you may have searched for, pharmacy purchases, health insurance status
  • Political and religious affiliations — Voter registration, donation history, church membership

A single data broker profile can contain over 1,500 data points about one person. When multiple brokers cross-reference their datasets, the picture becomes disturbingly complete.

Where do they get your data?

Data brokers pull from a wide range of sources, both online and offline:

Public records

Court records, property deeds, voter registrations, marriage and divorce filings, business registrations, and professional licenses are all publicly available and routinely scraped.

Commercial sources

Loyalty card programs, warranty registrations, purchase histories from retailers, and subscription data are bought and sold between companies. That grocery store rewards card? It's feeding data into broker databases.

Online activity

Tracking cookies, social media profiles, app usage data, location data from mobile devices, and website browsing history all end up in broker databases — often through third-party advertising networks.

Self-reported information

Surveys, sweepstakes entries, online quizzes, and account registrations provide data that people voluntarily hand over, often without reading the fine print.

How to find yourself in data broker databases

The first step to regaining control is understanding what's already out there. Here's how to start:

  1. Search people-finder sites — Visit Spokeo, BeenVerified, Whitepages, FastPeopleSearch, and TruePeopleSearch. Search for your name and see what comes up. You'll likely find your address, phone number, age, and relatives listed.
  2. Run a PrivacyChecker scan — Use our personal data exposure scanner to check how your information appears across the web, including data broker listings and breach databases.
  3. Google yourself — Search your full name in quotes, combined with your city or state. Check the first five pages of results for people-search listings.
  4. Request your Acxiom profile — Acxiom, one of the largest data brokers, allows you to view the data they hold about you at aboutthedata.com.

How to opt out of data brokers

Every data broker is legally required to honor opt-out requests, but they don't make it easy. The process is intentionally tedious, and each broker has its own procedure.

Manual opt-out steps

For each data broker:

  1. Find their opt-out or privacy page (usually buried in the footer of their website)
  2. Verify your identity — most require you to submit your name, address, and sometimes a photo of your ID
  3. Submit the removal request
  4. Wait for confirmation (processing times range from a few days to several weeks)
  5. Check back — some brokers re-add your data after a period of time, so you'll need to repeat the process

The problem? There are hundreds of brokers, and doing this manually can take 40+ hours of work. Many people start the process and give up after the third or fourth site.

Automated removal services

Services like DeleteMe, Kanary, Optery, and Privacy Duck handle the opt-out process on your behalf. They submit removal requests to dozens or hundreds of data brokers and monitor for re-listings. Prices typically range from $100 to $250 per year.

These services save enormous amounts of time, but it's important to understand that they can't guarantee 100% removal — some brokers are slow to comply, and new brokers appear regularly.

The California DELETE Act: A game-changer for data privacy

California's DELETE Act (SB 362), which went into full effect in 2026, is the most significant data broker regulation in the United States. It created the California Data Broker Registry and, crucially, established a single opt-out mechanism — one request that applies to every registered data broker in California.

Here's what the DELETE Act means for you:

  • One request, hundreds of removals — Instead of contacting each broker individually, California residents can submit a single deletion request through the state's portal
  • Mandatory broker registration — Data brokers operating in California must register with the state or face fines of $200 per day
  • Regular deletion cycles — Brokers must process deletion requests every 45 days
  • Enforcement teeth — The California Privacy Protection Agency can fine non-compliant brokers up to $40,000 per violation

Even if you don't live in California, the DELETE Act has a ripple effect. Many brokers apply California-level protections nationwide rather than maintaining separate systems for different states.

Ongoing protection strategies

Opting out once isn't enough. Data brokers continuously re-collect information, so protecting your privacy is an ongoing effort:

  • Freeze your credit with all three bureaus (Equifax, Experian, TransUnion) — it's free and prevents new accounts from being opened in your name
  • Use a P.O. Box or virtual mailbox for online purchases and registrations
  • Limit social media exposure — Set profiles to private and avoid sharing your phone number, birthday, and location
  • Use email aliases — Services like SimpleLogin or Apple's Hide My Email prevent your real address from spreading to broker databases
  • Regularly scan for exposure — Run periodic checks with PrivacyChecker to see what new information has surfaced

Take back control of your personal data

Data brokers thrive on consumer ignorance. The moment you start looking, you'll be surprised — and probably unsettled — by how much of your life is available for sale. But knowledge is the first step toward action.

Scan your personal data exposure now →