Skip to main content

Understanding the Data Broker Market: Different Types of Data Brokers

Understanding the Data Broker Market: Different Types of Data Brokers

Neil DuPaul

January 27, 2025

Reading time: 6 minutes

There’s an open secret when it comes to your personal data. Data brokers collect and sell your information—often without your knowledge or consent. They pull details from public records, online behavior, and social media, then sell it to businesses, marketers, government agencies, and even random people online. Scammers and other malicious actors can buy this information to create more targeted scams.

With consumer privacy laws now in effect in 19 U.S. states, individuals finally have the power to opt out of certain types of data collection. It’s important for consumers to understand that they may have the option to remove their information from data broker sites and to know how to exercise that option. This article explores the three main types of data brokers, why they matter to your privacy, and how to protect your personal information.

Data broker privacy concerns

Data brokers operate without direct interaction or consent from individuals, collecting and selling personal information from various sources. Unlike companies that obtain your data through privacy policies or customer agreements, data brokers gather information in the background and profit by selling it to third parties—often without your knowledge. These third parties could be businesses, financial institutions, government agencies, or even individuals using the data for purposes like targeted advertising or identity verification.

The lack of transparency in how brokers collect, store, and share data often raises significant privacy concerns, which is why these new consumer privacy laws specifically address data brokers. Additionally, there have been some significant data breaches affecting these kinds of brokers in recent years. Just a month ago, the B2B data broker National Public Data suffered a huge breach that exposed billions of financial records, including social security numbers.  

Three types of data brokers

Within this market, there are different types of data brokers, each specializing in various forms of data collection, processing, or sale. These distinctions are important because they shape how the brokers operate, the legal frameworks they follow, and the potential risks they pose to individual privacy.

1 – “Big data” brokers (Equifax, Experian, TransUnion)

The first type consists of the “big data” brokers, many of which are well-known credit reporting agencies like Equifax, Experian, and TransUnion. While these data brokers do comply with regulations like the Fair Credit Reporting Act (FCRA), they also collect and handle huge amounts of personal and financial information. 

The primary function of these credit reporting agencies is to collect, process, and distribute personal data for purposes like credit checks, identity verification, and marketing. Their data comes from a variety of sources, including financial institutions, government databases, and loyalty programs, enabling them to create detailed consumer profiles. Historically, these companies provided their services to major financial institutions and government agencies, but they have since expanded into areas like marketing and analytics.

Consumers may not need to worry as much about opting out of big data brokers like these, primarily because their services are often necessary for functions such as applying for loans or obtaining credit cards. 

However, you’d be right to worry that potential data breaches could expose your financial data, as was the case in the Equifax breach in 2017. Opting out of these brokers is difficult, as their services are integral to the modern financial system, but ensuring that your information is correct and monitoring it regularly is advisable. If you do get a notification about a breach, make sure to check directly with the agency for next steps to protect your data. In all, these are relatively credible and operate under stringent regulations to provide essential services to the economy. 

2 – B2B data brokers (National Public Data)

The second type of data broker is the business-to-business (B2B) data broker. These organizations focus on processing and selling aggregated or anonymized data to businesses rather than directly to consumers. Some examples are employment verification services or location data analytics companies. Although they handle large volumes of personal data, they argue that the data is often anonymized, which reduces regulatory scrutiny. National Public Data is one example of this type of data broker. 

However, in many cases, malicious actors can cross-reference so-called anonymized data with information freely available online to violate individual privacy. So although B2B data brokers add value to the businesses they serve, their practices may ultimately compromise consumer privacy. 

Unfortunately, these companies often operate in a gray area of data regulation. This is especially true in the U.S., where anonymization is not always well-defined or enforced, so there may not be clear opt-out mechanisms. Still, it is worth considering opt-out options when available, especially from companies involved in mobile or location tracking, as this type of data can be misused for intrusive purposes.

3 – People search data brokers (Spokeo, Intelius, BeenVerified)

Lastly, there’s the category of “people search” data brokers, which represent the most controversial and, historically, the least-regulated category of data brokers. These brokers, such as Spokeo, Intelius, and BeenVerified, allow anyone to search for personal information on individuals. These data brokers often sell data directly to consumers, and inevitably, scammers and fraudsters as well. 

What makes these brokers particularly troubling is the lack of reporting about the sources of the data they sell, as well as the lack of accountability for the accuracy of that data. These companies may gather personal information from publicly available sources, social media profiles, public records, and sometimes even data breaches. Fortunately, recent lawsuits and scandals have shown many consumers just how far these “people search” brokers will go to violate privacy. 

What’s worse, these data brokers like to make it difficult to remove personal data. However, many will now have to allow opt-outs under new state privacy laws. Unfortunately, while the more reputable services may honor opt-out requests, others operate in loosely regulated jurisdictions or states without comprehensive consumer data privacy laws, making it challenging to enforce opt-outs. Still, consumers should focus on removing their data from these sources whenever possible to avoid identity theft, doxing, or unwanted personal exposure. 

Safeguarding PII in a data-driven world

In a world where personal data is constantly being collected and sold, understanding how to protect your privacy is crucial. To safeguard your personal data, familiarize yourself with your state’s privacy laws and learn how to opt out of data broker sites, especially those that expose sensitive information on people search platforms.

Taking proactive steps, such as conducting online searches to see where your data appears and requesting its removal, can reduce your exposure. Thanks to new privacy laws, you now have more control over your data. Use this power to protect your privacy and limit the reach of data brokers.

SHARE THIS ARTICLE
Neil DuPaul is a seasoned marketing professional currently serving as the Director of B2B Marketing at DeleteMe. With over two decades of experience, Neil has honed his skills in executing impactfu…
Neil DuPaul is a seasoned marketing professional currently serving as the Director of B2B Marketing at DeleteMe. With over two decades of experience, Neil has honed his skills in executing impactfu…
How does DeleteMe privacy protection work?
  1. Employees, Executives, and Board Members complete a quick signup
  2. DeleteMe scans for exposed personal information
    Opt-out and removal requests begin
  3. Initial privacy report shared and ongoing reporting initiated
  4. DeleteMe provides continuous privacy protection and service all year
Your employees’ personal data is on the web for the taking.

DeleteMe is built for organizations that want to decrease their risk from vulnerabilities ranging from executive threats to cybersecurity risks.

Want more privacy
news?

Join Incognito, our monthly newsletter from DeleteMe that keeps you posted on all things privacy and security.

Is employee personal data creating risk for your business?

DeleteMe provides business solutions for the enterprise, public orgs and public interest groups.

Is employee personal data creating risk for your business?

DeleteMe provides business solutions for the enterprise, public orgs and public interest groups.

Related Posts

10 Ways to Reboot Your Privacy at Work

When personal data is out there on the open web it can lead to privacy and security incidents at work that open you—and your company—up to risk. Fo…
DeleteMe
October 3, 2022

Our 2022 Cybersecurity Excellence Award Speech: How We Started, Where We’re Going

We are excited to announce that DeleteMe was recognized (twice!) with 2022 Cybersecurity Excellence Awards, an annual competition honoring ind…
DeleteMe
February 10, 2022

The Time is Now to Limit Russian Hacker Access to Publicly Available PII

Although the launch of ContiLeaks and the information revealed there didn’t slow the Russian Hacker gang down, it did provide everyone here a…
Will Simonds
March 10, 2022