What Is a Data Broker? How They Get Your Info and How to Stop Them
Data brokers collect, package, and sell your personal information to anyone who pays. Learn exactly how they operate, where they get your data, and what you can do about it in 2026.
Search your full name on Google. If your home address, phone number, or the names of your relatives appear in the results, a data broker put them there.
A data broker is a company that collects, packages, and sells personal information about private individuals, typically without their knowledge, consent, or any direct relationship with the people whose data they trade. The data brokerage industry in the US generates an estimated $250 billion in annual revenue. Most consumers have never heard of it.
This guide explains exactly what data brokers are, where they get your information, what they do with it, and what legal rights you have to make them stop.
What Data Brokers Are, and Are Not
What they are:
Data brokers are information intermediaries. They collect raw data from many sources, aggregate and enrich it into structured consumer profiles, and sell access to those profiles to buyers ranging from marketers to insurers to anyone willing to pay for a subscription.
The industry divides into several distinct segments:
- People-search sites: Whitepages, Spokeo, TruePeopleSearch, Radaris, BeenVerified, and hundreds of similar sites that publish your address, phone number, relatives, and background data in searchable format
- Background check providers: Instant Checkmate, Intelius, TruthFinder, sell consumer reports to landlords, employers, and individuals
- Marketing data aggregators: Acxiom, Epsilon, Oracle Data Cloud, sell segmented consumer lists to advertisers, direct mailers, and insurers
- B2B lead generators: ZoomInfo, Apollo.io, Lusha, sell professional contact data to sales teams and recruiters
- Risk intelligence firms: LexisNexis, TransUnion TrueAccord, sell identity verification and risk scoring to lenders and financial institutions
What they are not:
Data brokers are not hackers. They do not breach databases to get your information. They compile it from legal sources, which is both the reason they operate openly and the reason the harm is so widespread.
How Data Brokers Get Your Information
The information in your data broker profile came from sources you touched, most of them legitimate, many of them invisible to you in the moment.
Public Records
In the United States, a wide range of government records are legally public and accessible to anyone. Data brokers systematically scrape and purchase these datasets:
- Voter registration records: Name, address, date of birth, party affiliation, and voting history. Most states sell or make available voter roll data; some states (California, for example) have restricted access, but many do not.
- Property records: Every real estate transaction, purchase price, deed, property tax records, is recorded with the county. These records are searchable by name and address.
- Court records: Civil lawsuits, criminal charges, divorce filings, bankruptcy petitions, eviction records, and restraining orders are typically public.
- Business registrations: When you file for an LLC or corporation, the state requires contact information that becomes a public record. Many founders unknowingly put their home address on state filings.
- Professional licenses: Doctor, lawyer, contractor, and real estate agent licenses include identifying information and are public by regulation.
- Marriage and divorce records: Depending on the state, marriage licenses and divorce decrees include names, addresses, and ages.
Commercial and Transactional Data
Every commercial transaction you complete potentially feeds the data broker ecosystem:
- Loyalty and rewards programs: When you sign up for a grocery store card, airline miles, or retail membership, your purchase history becomes a commercial asset that retailers sell to data aggregators.
- Warranty and product registration: Registering a new appliance or electronics product is largely a data collection mechanism. Most manufacturers sell this data.
- Sweepstakes and contests: Entering promotional sweepstakes is one of the most efficient ways your data enters marketing databases.
- Real estate and mortgage inquiries: Requesting a mortgage quote generates a credit inquiry that credit bureaus sell as a "trigger lead" to competing lenders.
Digital Behavioral Data
The digital layer adds behavioral and interest data to the public records foundation:
- Mobile app location data: Location permissions granted to weather apps, navigation apps, and retail apps are frequently monetized. A single app's location data, aggregated across millions of users, creates a commercial location tracking dataset.
- Website tracking pixels: Third-party tracking scripts embedded in websites (often Facebook Pixel, Google Analytics, or advertising networks) track your browsing behavior and feed it to advertising data brokers.
- Social media scraping: Public LinkedIn profiles, Facebook posts, Twitter/X bios, and Instagram posts are scraped by B2B brokers and enrichment services to correlate professional and personal identities.
Data Purchased from Other Brokers
The data broker ecosystem is deeply interconnected. Brokers routinely purchase enrichment data from each other, creating compounding profiles. Your entry in Whitepages may include data originally sourced from three or four separate commercial databases.
What Your Data Broker Profile Contains
A typical consumer profile maintained by a major people-search site includes:
| Data type | Source |
|---|---|
| Full legal name and aliases | Public records, commercial data |
| Current address and address history | Property records, voter rolls, utilities |
| Phone numbers (all known) | Commercial databases, reverse-phone sources |
| Email addresses | Commercial data, social media scraping |
| Date of birth and age | Voter registration, commercial data |
| Relatives and household members | Property records, commercial data |
| Neighbors and neighborhood | Property data, geographic enrichment |
| Estimated household income | Census data, property value, commercial inference |
| Property ownership and value | County assessor records |
| Criminal and arrest records | Court records, arrest databases |
| Political party affiliation | Voter registration |
| Professional history | LinkedIn scraping, B2B databases |
A premium background check report may also include vehicle registrations, business associations, social media profile links, and historical litigation records.
Who Buys Your Data and Why
Understanding who purchases your data helps explain why data brokers exist and why they resist removal requests.
Direct marketers: Companies purchase consumer lists filtered by demographics, income, location, and purchase interests to send targeted mail, email, and phone solicitations.
Lenders and insurers: Some lenders and insurance companies use "alternative credit data" from brokers to make decisions about consumers without traditional credit histories. Insurance companies use lifestyle and behavioral data (legally, in most states) to set premiums.
Landlords and property managers: Tenant screening companies pull from background check data brokers to assess rental applicants, often including data beyond what standard credit reports contain.
Employers: Pre-employment screening services pull from multiple data broker sources. Beyond criminal history, some services include social media monitoring and public records searches.
Recruiters and salespeople: B2B data brokers sell professional contact data that enables cold outreach. If you receive unsolicited recruiter messages on LinkedIn or cold emails at a personal address, your data was purchased.
Scammers and identity thieves: While brokers do not intentionally market to criminals, the same data they sell legally is accessible through people-search sites that anyone can query. A home address, mother's name, and recent employer, all findable on Spokeo or BeenVerified, provides the raw material for social engineering attacks.
Your Legal Rights to Demand Deletion
The United States has no comprehensive federal data broker law. What exists is a patchwork of state laws that collectively cover a majority of the population.
California (CCPA/CPRA): The California Consumer Privacy Act is the strongest US consumer privacy law. California residents can demand deletion of their personal data from any company that collects it, including data brokers. Brokers must respond within 45 days. The California Delete Act (2023) creates a single-click deletion platform (DROP) launching in 2026.
Virginia (VCDPA), Colorado (CPA), Texas (TDPSA), Connecticut (CTDPA): These states have enacted privacy laws giving residents deletion and opt-out rights substantially similar to California's.
Vermont and Oregon: These states require data brokers to register annually and disclose their opt-out mechanisms, giving residents a clearer roadmap for finding and using their rights.
GDPR (EU residents): The right to erasure under Article 17 is enforceable against any company processing EU residents' data, regardless of where the company is based.
Practical reality: Even outside these jurisdictions, most major brokers will honor deletion requests to avoid managing geographic compliance complexity. Citing CCPA in a deletion request is effective nationwide for most mainstream brokers.
How to Remove Your Data from Data Brokers
Option 1: DIY (free)
Manually submit opt-out requests to each broker. The top 10 people-search sites take about 3 hours. A full pass across 500+ brokers takes 8–12 hours spread across several days. See the complete free removal guide.
Option 2: First-party tool (low one-time cost)
OfflistMe generates legally structured opt-out emails for 500+ brokers, sent from your own email address, no ID upload, no subscription, no third-party holding your data. The first-party approach bypasses the "authorized agent verification" friction that slows commercial services.
Option 3: Subscription service
Incogni ($95.88/year), Optery ($39–$349/year), and DeleteMe ($129/year) offer automated ongoing monitoring and re-submission. Useful for high-risk individuals or those who want fully hands-off management. See the service comparison for independent effectiveness data.
Frequently Asked Questions
Is the data broker industry legal?
Yes, in most of the United States. Selling personal data compiled from public records is generally legal under current law. State privacy laws like CCPA create individual opt-out rights but do not prohibit the industry from operating.
Can data brokers sell my health information?
Covered health data under HIPAA (information held by healthcare providers and insurers) cannot be sold without authorization. However, "wellness" and lifestyle data inferred from purchasing behavior and app usage, which is not HIPAA-covered, is regularly sold by marketing data brokers.
Why does my data keep coming back after I opt out?
Data brokers re-ingest from public records continuously. Any new public record event, a court filing, property transaction, voter registration update, can create a new profile entry. Opt-outs require periodic re-submission, typically annually. See the data reappearance guide for the full cycle.
Are credit bureaus the same as data brokers?
Credit bureaus (Equifax, Experian, TransUnion) are a specific regulated category of data company governed by the FCRA. They also operate separate marketing data divisions (Acxiom/LiveRamp for Equifax, Experian Marketing Services) that function as traditional data brokers. The credit reporting functions are regulated; the marketing data functions are largely not.
The 2025–2026 Regulatory and Enforcement Shift
The data broker industry is experiencing its most significant regulatory pressure in its history, with several major developments in 2025–2026 that materially affect what consumers can do:
California's DROP Platform (January 2026):
The CPPA's Delete Request and Opt-Out Platform is the first government-operated mechanism allowing Californians to submit a single deletion request to all registered data brokers. Starting August 1, 2026, brokers must process deletions within 90 days and maintain suppression lists. Over 500 brokers are registered. This is a landmark shift: instead of the consumer chasing each broker individually, a single government submission triggers mandatory compliance across the entire California-registered broker ecosystem.
FTC Enforcement Escalation (2025–2026):
The FTC launched what legal observers called an "unprecedented crackdown" on data brokers in 2025–2026. Key actions included enforcement against brokers selling sensitive location data, specifically calling out brokers that tracked individuals to sensitive locations (abortion clinics, religious centers, support group meetings, domestic violence shelters). The FTC's actions signaled that selling location and other sensitive data without meaningful consent is a Section 5 unfair practices violation.
Gravy Analytics breach (2025):
The major location data broker Gravy Analytics suffered a significant breach exposing consumer location data. The breach confirmed the theoretical risk that data broker databases present: aggregated location data is not just commercially valuable, it is a target for hostile actors. The FTC cited the breach in its 2026 enforcement priorities.
The global regulatory direction:
The EU's GDPR continues to be enforced with escalating fines (Meta received a €1.2 billion GDPR fine in 2023 for cross-border data transfers). The UK's ICO has issued several fines against people-search sites for unlawful data processing. Australia passed its Privacy and Other Legislation Amendment Act in 2024 expanding individual data rights. The global regulatory trend is unambiguously toward stronger consumer data rights and stronger enforcement.
Data brokers operate legally but often harmfully, monetizing your personal information without meaningful consent. The opt-out rights that exist under CCPA and state equivalents are your primary lever. Exercise them, and maintain them annually, since the system continuously rebuilds what you remove.
Start removing your data from 500+ brokers →
Related Guides
Understand your privacy rights
Every removal request cites a specific statute. These plain-English explainers show what each law covers and how enforcement actually works.
Related Data Broker Removal Guides
Take back your privacy today
Remove your personal information from data brokers and platforms in seconds.
Remove Your Personal Data NowFrom $7.00 one-time · 546 data brokers · No subscription