Understanding the Data Broker Market: Different Types of Data Brokers
Neil DuPaul
Reading time: 6 minutes

There’s an open secret when it comes to your personal data. Data brokers collect and sell your information—often without your knowledge or consent. They pull details from public records, online behavior, and social media, then sell it to businesses, marketers, government agencies, and even random people online. Scammers and other malicious actors can buy this information to create more targeted scams.
With consumer privacy laws now in effect in 19 U.S. states, individuals finally have the power to opt out of certain types of data collection. It’s important for consumers to understand that they may have the option to remove their information from data broker sites and to know how to exercise that option. This article explores the three main types of data brokers, why they matter to your privacy, and how to protect your personal information.
Data broker privacy concerns
Data brokers operate without direct interaction or consent from individuals, collecting and selling personal information from various sources. Unlike companies that obtain your data through privacy policies or customer agreements, data brokers gather information in the background and profit by selling it to third parties—often without your knowledge. These third parties could be businesses, financial institutions, government agencies, or even individuals using the data for purposes like targeted advertising or identity verification.
The lack of transparency in how brokers collect, store, and share data often raises significant privacy concerns, which is why these new consumer privacy laws specifically address data brokers. Additionally, there have been some significant data breaches affecting these kinds of brokers in recent years. Just a month ago, the B2B data broker National Public Data suffered a huge breach that exposed billions of financial records, including social security numbers.
Three types of data brokers
Within this market, there are different types of data brokers, each specializing in various forms of data collection, processing, or sale. These distinctions are important because they shape how the brokers operate, the legal frameworks they follow, and the potential risks they pose to individual privacy.
1 – “Big data” brokers (Equifax, Experian, TransUnion)
The first type consists of the “big data” brokers, many of which are well-known credit reporting agencies like Equifax, Experian, and TransUnion. While these data brokers do comply with regulations like the Fair Credit Reporting Act (FCRA), they also collect and handle huge amounts of personal and financial information.
The primary function of these credit reporting agencies is to collect, process, and distribute personal data for purposes like credit checks, identity verification, and marketing. Their data comes from a variety of sources, including financial institutions, government databases, and loyalty programs, enabling them to create detailed consumer profiles. Historically, these companies provided their services to major financial institutions and government agencies, but they have since expanded into areas like marketing and analytics.
Consumers may not need to worry as much about opting out of big data brokers like these, primarily because their services are often necessary for functions such as applying for loans or obtaining credit cards.
However, you’d be right to worry that potential data breaches could expose your financial data, as was the case in the Equifax breach in 2017. Opting out of these brokers is difficult, as their services are integral to the modern financial system, but ensuring that your information is correct and monitoring it regularly is advisable. If you do get a notification about a breach, make sure to check directly with the agency for next steps to protect your data. In all, these are relatively credible and operate under stringent regulations to provide essential services to the economy.
2 – B2B data brokers (National Public Data)
The second type of data broker is the business-to-business (B2B) data broker. These organizations focus on processing and selling aggregated or anonymized data to businesses rather than directly to consumers. Some examples are employment verification services or location data analytics companies. Although they handle large volumes of personal data, they argue that the data is often anonymized, which reduces regulatory scrutiny. National Public Data is one example of this type of data broker.
However, in many cases, malicious actors can cross-reference so-called anonymized data with information freely available online to violate individual privacy. So although B2B data brokers add value to the businesses they serve, their practices may ultimately compromise consumer privacy.
Unfortunately, these companies often operate in a gray area of data regulation. This is especially true in the U.S., where anonymization is not always well-defined or enforced, so there may not be clear opt-out mechanisms. Still, it is worth considering opt-out options when available, especially from companies involved in mobile or location tracking, as this type of data can be misused for intrusive purposes.
3 – People search data brokers (Spokeo, Intelius, BeenVerified)
Lastly, there’s the category of “people search” data brokers, which represent the most controversial and, historically, the least-regulated category of data brokers. These brokers, such as Spokeo, Intelius, and BeenVerified, allow anyone to search for personal information on individuals. These data brokers often sell data directly to consumers, and inevitably, scammers and fraudsters as well.
What makes these brokers particularly troubling is the lack of reporting about the sources of the data they sell, as well as the lack of accountability for the accuracy of that data. These companies may gather personal information from publicly available sources, social media profiles, public records, and sometimes even data breaches. Fortunately, recent lawsuits and scandals have shown many consumers just how far these “people search” brokers will go to violate privacy.
What’s worse, these data brokers like to make it difficult to remove personal data. However, many will now have to allow opt-outs under new state privacy laws. Unfortunately, while the more reputable services may honor opt-out requests, others operate in loosely regulated jurisdictions or states without comprehensive consumer data privacy laws, making it challenging to enforce opt-outs. Still, consumers should focus on removing their data from these sources whenever possible to avoid identity theft, doxing, or unwanted personal exposure.
Safeguarding PII in a data-driven world
In a world where personal data is constantly being collected and sold, understanding how to protect your privacy is crucial. To safeguard your personal data, familiarize yourself with your state’s privacy laws and learn how to opt out of data broker sites, especially those that expose sensitive information on people search platforms.
Taking proactive steps, such as conducting online searches to see where your data appears and requesting its removal, can reduce your exposure. Thanks to new privacy laws, you now have more control over your data. Use this power to protect your privacy and limit the reach of data brokers.
- Employees, Executives, and Board Members complete a quick signup
- DeleteMe scans for exposed personal information
Opt-out and removal requests begin - Initial privacy report shared and ongoing reporting initiated
- DeleteMe provides continuous privacy protection and service all year
DeleteMe is built for organizations that want to decrease their risk from vulnerabilities ranging from executive threats to cybersecurity risks.
Want more privacy
news?

Is employee personal data creating risk for your business?
