Personal Data Privacy & its Important Impact on Business

It’s official! We’ve released our annual Personally Identifiable Information (PII) Exposure Risk Report.

The findings show how personal data privacy has changed over the last year. It also paints a less-than-rosy picture of how much information about our lives – email addresses, home addresses, phone numbers, date of birth, and social media accounts – is on the web. 

Please confirm your business email address to download the full 2023 PII Exposure Risk Report.

In doing our day-to-day work empowering individuals and organizations to reclaim their privacy by removing PII from public data broker sites like Intelius, Spokeo, People Finder, and ZoomInfo, we get a bird’s eye view of the number of people and amount of data each source currently covers. 

We track this information to identify trends in personal data exposure and the business risks associated with it, which include:

• Personal threats (e.g., harassment, doxxing, swatting)
• Financial fraud  (e.g. identity theft, payments fraud, account breach)
• Corporate information security risks
  • Social engineering (phishing, smishing, vishing)
  • Account takeover (e.g. credential stuffing, knowledge-based authentication bypass, MFA bypass attacks)
  • Corporate espionage
• Reputational attacks (e.g. spoofing, deepfakes, brand-theft)

This is the first time we’ve analyzed our data through the business user lens. The report provides some important insights about personal data privacy for security leaders, including:

• How many pieces of sensitive, personally identifying information the average American has available on the web
  
• The overall exposure and annual growth rate of PII for business users
  
• What age ranges reflect the highest level of personal data exposure
  
• How Americans are uniquely exposed by people search sites and data brokers compared to International users

Our collective lack of control over our personal information is causing real problems across the economic landscape. Higher levels of available PII detail lead to more sophisticated forms of consumer fraud and more effective corporate social engineering and credential-stuffing methods.

The 2023 PII Exposure Risk Report shows that the personal data privacy landscape continues to change. More pieces of information available about people create new opportunities for exploitation. Hackers and criminal organizations are leveraging new tools that make cross-referencing of public sources easier and faster, driving the growth of business and consumer personal data privacy risks.

We’re strong advocates for better personal data privacy laws in the US. We believe regulation of the data broker industry and stricter limitations on personal data collection and sale remain long overdue.

The American Data Privacy and Protection Act, proposed in Congress in 2022, would provide a welcome step forward to protecting our data privacy if reconsidered in 2023.

But without strong enforcement, it is unlikely by itself to change the current status quo.