There are roughly 4,000 companies whose entire business is buying, selling, and trading your personal information. Almost none of them have ever interacted with you. Most you have never heard of. Together, they make an estimated $250 billion a year. The input they monetize is you. This guide explains who they are, how the industry actually works, what they have on you, and what you can practically do about it.
The short version: A data broker is a company that collects personal information about you from public records, online activity, purchase history, and other commercial sources, then sells or licenses that information to other businesses, marketers, employers, insurance companies, government agencies, and sometimes anyone with a credit card. You usually have no direct relationship with them. They often have you anyway.
The scale: how big this actually is
A few numbers to set the floor:
- ~4,000 data brokers operate in the US, depending on how you count. Vermont and California, the two states that require broker registration, list a few hundred each, but those are only the ones that meet the legal definition.
- $250+ billion annual global industry, with the US representing the largest single market.
- 80 to 150 sites on average publish identifying information about a typical US adult, including home address, phone number, family members, and age.
- 2.5 billion+ consumers have files at Acxiom (now LiveRamp), one of the largest single brokers.
- $0.01 to $5 is what your basic contact and demographic data typically sells for per record. Detailed profiles with behavioral data sell for more.
The industry exists because public records are legally public, web tracking is largely unregulated at the federal level, and the marginal cost of selling the same data set ten times is essentially zero.
The three types of data brokers (the framework)
Most articles lump every data broker together. The reality is that there are three distinct business models, and they collect different data, sell to different buyers, and require different opt-out approaches.
Marketing data brokers
The biggest and most invisible. These companies aggregate consumer demographic, behavioral, purchase, and online activity data, then sell or license it to marketers, advertising platforms, and analytics companies. You almost never interact with them directly. Their data is what powers targeted ads, audience segments, and most “lookalike” advertising you see online.
Examples: Acxiom (now LiveRamp), Experian Marketing Services, Epsilon, Oracle Data Cloud (BlueKai), TransUnion Marketing Solutions.
People-search sites
The visible ones. These are the broker sites that show up in Google when someone searches your name. They publish profiles containing your address, phone, age, family members, and other public-record data, often with previews that are free and full reports that are paid. This is the category most opt-out guides focus on because it is the most visible privacy threat to individuals.
Examples: Spokeo, Whitepages, BeenVerified, MyLife, Radaris, TruePeopleSearch, Intelius, and dozens more.
Risk, fraud, and identity verification brokers
The hardest to opt out of. These companies sell investigative data to banks, insurers, law enforcement, landlords, and employers running background checks. The data is often deeper and more sensitive than what people-search sites publish, but the products are not consumer-facing. Federal law (FCRA) puts some guardrails on the consumer reporting side, but the “marketing” or “fraud prevention” side often falls outside that.
Examples: LexisNexis Risk Solutions, Thomson Reuters CLEAR, Equifax Workforce Solutions, IDI / Cogency Global, TLOxp / RELX.
When privacy people say “I want to opt out of data brokers,” they almost always mean Type 2. Type 1 has the most data but is the least visible. Type 3 is the most consequential when something goes wrong (denied insurance, denied loan, missed background-check item) but the hardest to access and correct.
What information data brokers actually have
The depth varies by broker, but a typical adult profile across the three types includes:
Identifiers
- Full legal name and aliases
- Date of birth, age
- Social Security Number (Type 3)
- Driver’s license number (Type 3)
- Current and historical addresses
- Phone numbers, mobile and landline
- Email addresses, including aliases
Relationships and household
- Family members and relatives
- Known associates and roommates
- Marriage and divorce records
- Household composition
- Estimated household income
Financial and behavioral
- Property ownership and value
- Purchase history (categories, brands)
- Estimated net worth and credit tier
- Charity giving history
- Subscription patterns
Public records and digital
- Court filings, civil and criminal
- Voter registration
- Professional licenses
- Business affiliations
- Social media profiles (linked)
- Web activity (via tracking pixels)
Type 1 brokers often have the most detailed behavioral data because they sit inside the advertising ecosystem. Type 2 brokers have the most public-record data because their entire business model is republishing it. Type 3 has the most sensitive data because their buyers (banks, government, insurers) need to verify identity for legal compliance.
Where they get your data
Four main sources, in roughly descending order of volume:
- Public records. County, state, and federal records: property deeds, court filings, voter registration, marriage and divorce records, business filings, professional licenses. All legally public. Brokers compile, index, and republish them at scale.
- Online tracking and web activity. Cookies, tracking pixels, mobile SDKs, browser fingerprinting, and data shared by apps you use. This is how marketing brokers know what you browse, buy, and search for.
- Commercial data partnerships. Loyalty programs, warranty registrations, magazine subscriptions, charity donations, online purchases. Many companies sell or license the customer data they collect to brokers under the terms buried in their privacy policy.
- Other data brokers. The industry trades constantly. A broker buying a competitor’s data set and merging it with their own is routine. This is why opting out of one broker rarely affects what others have on you.
Who buys your data and what they do with it
Understanding who buys broker data is the most useful framing for whether you should care. The buyers fall into roughly six categories:
1. Marketers and advertisers
By volume, the biggest buyers. They use broker data to target ads, build “lookalike” audiences, suppress audiences they have already converted, and personalize email and direct mail campaigns. Mostly annoying rather than harmful, but accounts for the bulk of the industry’s revenue.
2. Employers running background checks
Most legitimate pre-employment background checks pull from FCRA-compliant providers (HireRight, Sterling, Checkr), not consumer people-search sites. However, hiring managers do informally Google candidates, and what they find on broker sites can influence the call. Our cyber background check guide covers this distinction in detail.
3. Insurance companies and lenders
Use Type 3 brokers heavily for underwriting, fraud detection, and identity verification. A bad broker profile (even an outdated address, a misattributed criminal record, or a phantom relative) can affect rates or eligibility. Hard to detect because consumers rarely see what insurers see.
4. Government agencies and law enforcement
Federal, state, and local agencies are large buyers of Type 3 broker data, partly because subscribing to a broker bypasses some of the procedural friction that direct database queries would require. ICE, the IRS, the FBI, and many local police departments have known broker contracts.
5. Anyone with a credit card
Most Type 2 people-search sites sell reports to the general public for $20 to $50. The buyer can be anyone: a curious neighbor, a hostile ex, a stalker, a doxxer, a scammer running a phishing operation, a journalist, or a relative tracking someone down. There is no vetting.
6. Scammers and bad actors
Phishing operations, romance scammers, fake-IRS callers, and identity thieves use broker data to make their pitches more convincing. Knowing your full name, address, last four of your phone, and a relative’s name lets a scammer impersonate someone with legitimate access to your information.
The real harm from broker data
Not every consequence is dramatic. Most people who opt out of data brokers will never be doxxed or have their identity stolen. The case for opt-out is more about reducing the surface area where things can go wrong:
- Identity theft and fraud: Broker data gives criminals the building blocks for account takeovers, fake credit applications, and tax fraud.
- Stalking and harassment: A vindictive ex, an obsessive coworker, or an internet harasser can find your home address in 30 seconds for $25.
- Doxxing: Public disclosure of your home address, family, and workplace, usually in retaliation for online activity. Often weaponizes broker data.
- Spam, robocalls, junk mail: The everyday consequence. Most spam call lists and direct mail lists are stitched together from broker feeds.
- Insurance and credit decisions: Inaccurate broker data feeding into Type 3 systems can affect underwriting decisions in ways you never see.
- Employment effects: Old or incorrect criminal records and mugshots showing up in broker profiles can affect informal hiring decisions. See our guides on removing mugshots from Google and how long expungement takes.
- Reputation damage: Old news articles, court records, and embarrassing search results that broker indexing amplifies into Google. Our guide to removing negative news and our comprehensive reputation repair guide cover this lane.
The legal landscape (and why opt-out is not a federal right)
There is no comprehensive federal data privacy law in the US. What protections exist come from a patchwork of state laws and narrowly scoped federal statutes:
Federal
The Fair Credit Reporting Act (FCRA) regulates the use of personal data for credit, employment, and insurance decisions. It does not cover the broader broker industry. The Driver’s Privacy Protection Act (DPPA) restricts disclosure of DMV records. The Gramm-Leach-Bliley Act covers financial institution data sharing. None of these grants a general consumer right to opt out of data brokers.
State (the patchwork)
California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Tennessee, Iowa, Indiana, Delaware, and a growing list of other states have passed consumer privacy laws granting some combination of access, deletion, and opt-out rights. The strongest is the California Consumer Privacy Act (CCPA), expanded by the California Privacy Rights Act (CPRA).
The California Delete Act (SB 362)
Signed in October 2023, the Delete Act creates a one-stop deletion mechanism through the California Privacy Protection Agency (CPPA). The mechanism is rolling out through 2026 and will, in principle, let California residents make a single request that all registered data brokers must honor. This is the most ambitious piece of privacy legislation in US history. Whether it works as intended will depend on enforcement.
Public broker registries
Vermont (since 2018) and California (since 2020) require companies that meet the legal definition of “data broker” to register annually with the state. These registries are public:
- California Data Broker Registry (Attorney General’s office)
- Vermont Data Broker Registry (Secretary of State)
If you want to see which companies are legally on the hook in those states, the registries are the source.
Can you opt out of data brokers? Yes, but it is not as simple as it sounds.
You can opt out of most major data brokers, and you should. The catch is that there is no central opt-out, the process is different at every company, and brokers re-list your data periodically as fresh public records flow in.
What “opt-out” actually means varies:
- Suppression: Your record stays in the database but is hidden from public-facing search results. Most people-search opt-outs work this way.
- Deletion: Your record is actually removed from the broker’s systems. Rare for people-search sites, more common for marketing brokers post-CCPA.
- Marketing opt-out only: The broker stops using your data for marketing but keeps it for “permitted” purposes like fraud prevention or identity verification. Common with Type 1 and Type 3 brokers.
For practical advice on the broader strategy, see our guides on 8 steps to erase your digital footprint, whether you can fully delete yourself from the internet, and how to remove your information from the internet.
Reality check: Even a thorough manual opt-out across 100+ brokers will not stay clean. Brokers re-list data as new public records appear (property purchases, voter registration updates, court filings, address changes). Without continuous monitoring, expect to see your data drift back to roughly its original visibility within 6 to 12 months.
The major data brokers, organized by category
This is the working list. Each name links to a step-by-step opt-out guide where we have one published.
Most visible people-search sites
The ones that show up first in Google for name searches. Start here if you are doing a privacy audit.
Mid-tier people-search sites
Still highly visible. Often share databases with the major sites and need separate opt-outs.
Specialized and phone-focused brokers
Smaller sites, often focused on phone numbers or specific demographics. Many still rank for long-tail searches.
Marketing and risk data brokers (Type 1 and Type 3)
Less visible to consumers but more consequential. These feed the broader data ecosystem.
More Type 1 and Type 3 broker opt-out guides coming as we expand coverage. The Acxiom and LexisNexis guides are starting points for the marketing and risk verticals respectively.
What to actually do next
If you are reading this, you probably want a practical next step rather than another summary.
Option A: DIY
Pick 5 to 10 of the highest-visibility brokers (the first category above) and work through their opt-out processes one at a time. Plan for 10 to 20 minutes per site. Set a calendar reminder every 3 months to re-check, because brokers re-list. Our guide on removing your phone number from all websites is a useful starting point for the phone-specific angle, and the 8-step digital footprint guide covers the broader sequence.
Option B: Use a service
A managed service handles the opt-out process across 200+ sites and re-runs the cycle continuously when brokers re-list. The cost is typically $100 to $400 per year. Our guide on choosing a personal-information removal service walks through what to look for.
Option C: Combination
Run a free privacy scan to see where you actually appear. Use the scan to prioritize. For the top 10 brokers, do them yourself if you have the time. For the long tail of 100+ sites, use a service. This is how most privacy-conscious individuals end up handling it.
Frequently asked questions
What is a data broker in simple terms?
A data broker is a company that collects, packages, and sells information about people, usually without those people’s direct knowledge. The data comes from public records, online activity, purchase history, and other commercial sources. Buyers include marketers, employers, insurers, government agencies, and the general public.
Are data brokers legal?
Yes. Compiling and selling publicly available information is legal in the United States. There is no federal law that prohibits the data broker business model. State laws like California’s CCPA and the California Delete Act create consumer rights to access, delete, or opt out of certain data uses, but they do not outlaw the industry.
How do data brokers get my information?
Four main sources: public records (court filings, property deeds, voter registration, marriage records), online tracking (cookies, pixels, mobile SDKs), commercial data partnerships (loyalty programs, online purchases, subscriptions), and other data brokers buying and trading databases among themselves.
What is the difference between a data broker and a people-search site?
A people-search site is a type of data broker. People-search sites (Spokeo, BeenVerified, Whitepages, etc.) are consumer-facing, publish profiles in Google-indexable form, and primarily sell to individuals. Other types of data brokers, like Acxiom (marketing) and LexisNexis (risk), sell to businesses and government rather than to individuals and do not publish profiles publicly.
Can I sue a data broker for having my information?
Generally no, because their business model is legal. There are narrow exceptions: violations of the Fair Credit Reporting Act if a broker provides data for credit, employment, or insurance decisions without complying with the FCRA. California residents can pursue limited claims under the CCPA. Beyond those, lawsuits are rare and difficult.
How long does it take to opt out of all the major data brokers?
Manually, expect 25 to 40 hours of focused work to cover the 50 to 100 most relevant brokers. Each opt-out takes 10 to 20 minutes. Brokers re-list within months, so maintenance is ongoing, roughly equivalent to a part-time hobby. Managed services automate the cycle.
Does opting out of one data broker affect the others?
No. Each broker maintains its own database, and opt-outs do not transfer between companies. Even sister sites operated by the same parent company often require separate opt-outs. For example, opting out of BeenVerified does not automatically remove you from PeopleLooker, NeighborWho, or NumberGuru, which are all owned by the same parent company.
What is the California Delete Act and when does it take effect?
The California Delete Act (SB 362), signed in October 2023, creates a one-stop deletion mechanism that lets California residents make a single request to delete their data from all registered data brokers. The mechanism is being implemented by the California Privacy Protection Agency through 2026. Once operational, it will be the most powerful broker opt-out tool ever created in the US, though its effectiveness will depend on enforcement.
Is using a data broker removal service worth the cost?
For most people who value their time, yes. Manual opt-out across 100+ sites takes 25 to 40 hours of work plus ongoing maintenance for re-listings. A service typically costs $100 to $400 per year. The economic question is whether your time is worth more than $5 to $15 per hour. The privacy question is whether continuous coverage matters to you. Our guide on picking a service covers the comparison.
If I have nothing to hide, why should I care about data brokers?
The “nothing to hide” framing misses what broker data actually enables. It is not about hiding anything. It is about reducing the surface area for identity theft, stalking, harassment, scams, and decisions made about you (by insurers, lenders, employers) based on data you cannot see or correct. Most people who care about data brokers are not hiding anything. They just do not want their home address sold to anyone with a credit card.
See exactly which brokers have your data
The free privacy scan checks 200+ data broker sites and shows you exactly which ones have a record on you. Takes about two minutes. No credit card.
Run Your Free Privacy Scan
We remove your personal information from 200+ broker sites, take back the first page of Google, and alert you the moment your data appears on the dark web.