What Are Data Brokers And How Can You Keep Your Information Safe?

Stephanie Faris
Dolores Bernal
December 1, 2023
closed red wooden door

Credit: Mediocre Studio

Years ago, I entered a contest to win an amazing vacation.

Only after I’d dropped my entry into the fishbowl did I stop to think about what I’d just done.

Sure enough, within days, my phone was ringing with a pitch from a pushy salesperson. I hadn’t won the vacation, but I could still go on that trip for the low, low price of…

You get the drill.

This was before social media took over our lives – and before we willingly handed over all our information, including photos of our meals, kids, and new cars.

Nothing is free, though…not even social media. When we share all this information, we’re handing over something more valuable than money:

Our data.

What Are Data Brokers?

Your Personally identifiable information (PII) is valuable.

But first, it’s important to explain what PII includes:

The term “personally identifiable information” refers to details that can be used to identify and track you. Those details include your:

  • Name
  • Address
  • Phone number
  • Email address
  • Social Security number
  • Driver’s license number
  • Insurance account numbers
  • Financial account numbers

In other words, if something can be used to steal your identity, it’s part of PII.

All that data brings big bucks to data brokers. Legitimate data brokers specialize in gathering information and reselling it.

I say “legitimate” because there are some scammy data brokers that don’t go through the right channels to get the data they resell. They grab the information where they can and sell it for the highest price they can get.

If you reach into your mailbox every day and pull out a stack of junk mail, you can thank data brokers for that.

If you open your email every day to an inbox full of spam, guess who you can thank for that? Yep, data brokers.

But not all data brokerage is bad. Thanks to a data broker, you might be added to a mailing list for a product or service you actually want. It can have good outcomes.

That doesn’t mean you want your information spread far and wide, though. Thankfully, there are some things you can do about it.

First, though, it’s important to understand how they get your information in the first place.

How Data Brokers Get Your Information

person in blue shirt writing on white paper

Credit: UX Indonesia

Identity theft is a crime, but data brokers don’t have to break the law to get information. Much of it is publicly available, and the rest can be legally purchased. Here are some of the top ways data brokers get your information.

1. Public Records

Did you know that some of the most important information about you is freely available to the public?


Some of this government-provided data can be accessed easily online. Other information comes at a price.

Although local laws can vary, here’s some of the information legally available to data brokers:

  • Court records (including divorce and bankruptcy filings)
  • Motor vehicle records
  • Census data
  • Birth and death certificates
  • Marriage licenses
  • Voter registration information
  • Property records

2. Retailers

I spend a little too much on Bath & Body Works.

In fact, I shifted to buying online rather than in-store because having to give my email address at checkout every single time became grueling.

Something about it just annoys me, even though I always give them the address where I send all my junk emails.

Bath & Body Works sells that information. It’s in their Online Privacy Policy. You can opt-out, and I always do when asked, but I can’t guarantee that none of my information makes its way to other retailers.

What do Bath & Body Works hand off to other retailers? According to that privacy policy, they may sell or share your “name, postal address, and summary purchase information” with other marketers or merchants.

I’m picking on Bath & Body Works as an example, but this is all fairly standard. If you head to the privacy policy for any merchant, you’ll likely find similar wording. And how often do you go to the trouble of opting out of your information being shared?

For me, not often enough

3. Credit Card Providers and Banks

blue and white visa card on silver laptop computer

Credit: CardMapr.nl

Our purchase histories say a lot about us.

You could probably take a look at my recent Amazon orders and conclude I wear a lot of casual clothes.

My credit card statement is even more revealing.

At a glance, someone could tell where I get groceries, where I’ve traveled, and what I do for fun. 

Why would anyone care about that? 

Past and present purchases serve as great indicators of what we’ll buy tomorrow. Retailers want a crack at our future spending money, and that information can help them market to us.

4. Your Social Media Posts

We’ve all probably heard by now that social media sites are “free” because they can monetize the information they gather on us.

But before we blame Mark Zuckerberg and Elon Musk, let’s take a step back and look at how we contribute to all this.

Look at your last social media post. What did you share?

I don’t post often anymore, but the last post was a tag from a friend during dinner at a nice restaurant. The post was public. Let’s take a look at what data brokers could gather from that:

  • My name and location
  • My spouse’s name and location
  • My friends’ names and location
  • Where we dine

Okay, so for all of us, our “location” was temporary. They don’t even live in the area. I don’t even have my town listed in my profile anymore, though, so that post located me in the nearest big city to my house.

Data brokers don’t just look at what we post, though. They also can judge us by what we like and the other posts we comment on. They might even be able to see the groups we’re in and the people we follow.

Do I think data brokers are hanging out on Facebook all day, browsing social media posts for information? No, but technology is moving at the speed of light, and some technologies can scrape, curate information, and combine it with other available data.

5. Mobile Apps

I can’t tell you how many apps are on my phone. I don’t even use them all on a regular basis.

Another thing I can’t tell you? What do the privacy policies of each of those apps say?

That privacy policy you pretend you read when you download an app has some key information in it. Primarily, it lets you know if the app reserves the right to sell information on you unless you opt-out.

Did you opt-out? I don’t think I did on any of the apps on my phone.

Each mobile device has a number known as an ad identifier. This identifier is available to third-party partners inside each app, and those partners can learn approved pieces of information about you.

The problem is, you aren’t the one who approves this.

An app could tell a third-party partner your location, purchase activity, name, or email address, depending on how the app has things set up.

Simply using the app could be feeding your information to data brokers, who then sell the data to a wider group of merchants.

6. Polls, Surveys, and Contest Entries

There are so many ways to have fun online.

You can participate in polls and surveys, for one. Your voice does make a difference.

But are you sure you know where those answers are going? Will the information you provide be sold to data brokers?

You may be feeding your information into their databases like coins into a slot machine.

Then there are contest entries.

Remember my contest story? That was one of those fishbowls at the mall. But there are plenty of contests online. 

There are contests where you provide your name, address, and other contact information.

Then there are contests where you add some personal details about yourself. Details like the age of members of your household, the average income of each of those household members, and your spending habits.

There are also the many fun polls and surveys you enter that gather data about you.

Do you know where the information is going? Have you read the privacy policy of each of those surveys?

Keep in mind that the information can’t only be used to market to you. It could also be used for identity theft and financial fraud if, say, you end up interacting with a scammer instead of a legitimate app.

✎ Related: Census Survey Scams to Watch Out For ➔

7. Browser Cookies

Think of browser cookies like Santa.

The owner of those cookies knows when you’re sleeping and when you’re awake.

Yes, browser cookies are nothing like the cookies you leave out for Santa on Christmas Eve. These cookies are little trackers that watch where you go online.

If you looked at a cute pair of shoes but didn’t buy it, a cookie might’ve been planted on your device. Later, you’ll see ads for those shoes on other sites. This is known as retargeting or remarketing. It’s a sound strategy.

Where this gets tricky is when the information is sold to other merchants. Not only did that cookie track you, but the information was gathered and fed to other sources.

Spooky, huh?

Yes, data brokers can get cookies onto your device, provided you visit the right website. But it’s more likely they’ll purchase the information from a site that’s already tracked you. Either way, your information is ripe for the picking.

8. Loyalty Cards

Loyalty programs are an interesting innovation.

Not only do we give businesses the right to track us, but we’re incentivized to do most of our shopping with them.

In exchange for our “loyalty,” we get points toward free stuff. Or, we get discounts. Whatever the case, companies have a good reason to do this.

They can track and monitor what you spend.

Remember what I said above? Past behaviors predict future behaviors. The information helps with product decisions and such. 

But check those privacy policies. It’s possible some of that information is being handed over to data brokers and other merchants. And that can lead to spam, junk mail, and even telemarketing calls.

If you’re inundated with marketing messaging all day and night, take a look at the loyalty cards in your wallet. Then review the privacy policies of each of them and see if you can opt-out.

woman holding magnetic card

Credit: Blake Wisz

How to Keep Your Data Safe

Spam fatigue is real. If your inbox (or physical mailbox) is stuffed with junk, it might be time to stop the flow of information. 

It can also help ensure your data stays safe from identity thieves.

Here are some things you can do to keep your information out of the hands of data brokers. 

1. Protect Your Information

First, it’s important to know that no regulations exist in the U.S. to limit data brokers.

And technology has only made it easier for them to aggregate information.

The best thing you can do to keep your information away from data brokers is to limit what you share. That means keeping signups to a minimum.

That loyalty program provides some pretty tempting perks, but is it worth the junk mail and telemarketing calls?

That contest is promising a fully paid weekend on an island. What are the chances you’ll win, though? Is it worth feeding the data brokers exactly the information they need?

It feels great to share every detail of your day with your friends on social media, but what if that data is scraped? Are you sure you really need to check in and share photos from vacation?

The less you put out there, the less likely your information will be grabbed and sold. But we all are going to do some of those things, no matter the risks. For that, it’s important to opt out when the opportunity is offered. 

2. Read Privacy Policies

We’ve all scrolled through ridiculously lengthy privacy policies. We’ve also checked “Agree” without reading every word of one.

The next time you see one, read it. At the very least, press Control or Command (depends if you’re on PC or Mac) + F and search for two words: “opt-out.”

Follow the instructions to opt out of your information being shared. There’s no guarantee this will protect every interaction you have with that company or website, but it will help.

What about all those sites that have already been sharing your information?

For that, you can take a more universal approach.

Here are some resources that can get you off existing data broker lists:

  • DMAChoice promises to reduce your direct mail into four categories: credit offers, catalogs, magazine offers, and other mail offers. The service charges a one-time fee of $4 for 10 years of protection.
  • OptOutPrescreen.com is an official Consumer Credit Reporting Industry website, designed to let you reduce those prescreened credit card and insurance offers. You can choose to opt-out permanently or for five years.
  • The Federal Trade Commission’s National Do Not Call Registry lets you sign up to be on a list of phone numbers telemarketers can’t call. Of course, telemarketers don’t always follow the rules of the list. Some states have their own Do Not Call and Do Not Knock lists. Registration for these lists expires, so you’ll need to note the date so you don’t forget to renew.

In addition to these, some paid services will work to keep your information off lists. They can be pricey, though, so it might not be worth it.

3. Disable Cookies

Whether they’re chocolate chip or computer-based, cookies aren’t a given.

The computer-based cookies can be disabled with just a few clicks. Then you won’t have to worry about sites tracking your activity.

How you disable them depends on the browser, though.

For Google Chrome:

  • On the top right, click the three vertical dots
  • Choose Settings
  • Click on Settings in the top-left corner
  • Choose Privacy and Security
  • Choose Site Settings
  • Scroll down and select Cookies and Site data
  • You can choose to allow all cookies, block cookies while in incognito mode, or block all cookies

The problem with blocking all cookies is that you’ll lose some of the inconveniences, like being automatically logged in. Your sites also won’t remember items you’ve added to your shopping cart. So weigh this against your need for privacy.

4. Consider Identity Theft Protection

If you’re concerned about your information compromising your security, there’s another option.

Identity theft protection can help you keep an eye on things. Services like Aura, LifeLock, and IdentityForce will alert you when potential fraud is detected. They’ll also cover some of the costs if you ever do find yourself a victim of identity theft.

Services like Aura can automatically unsubscribe you from many data broker websites and companies. 


Spam and junk mail can be frustrating, but there are ways around it.

If you can reduce the data that ends up in the hands of data brokers, you may be able to eliminate some of the marketing coming your way.

But there will always be publicly available information that data brokers can access. For that, you may simply want to add yourself to Do Not Call registries.

The most important thing is that you keep your information from falling into the wrong hands. For that, it’s important to keep information like your Social Security number and credit card data away from prying eyes.

For more information on removing your personal information from the hands of data brokers, you can visit, https://privacyrights.org/data-brokers