Do you wonder how advertisers target their ads so closely to your actual wants and desires? Data brokers are partially to blame or thank, depending on your perspective.
Also known as information brokers, data brokers collect personal information and sell or license it to third parties. This information can be gathered from public or private records.
Although some brokers may be individual actors, data brokerage is a mature industry mostly comprised of big players like Equifax, Lexis Nexis and Acxiom. As of 2019, the data brokerage industry in the United States was estimated to be worth around $200 billion.
Data brokerage is accelerating quickly, largely driven by the declining costs of data storage and the rise of big data.
How do data brokers gather information?
The information gathered by data brokers is surprisingly easy to come by and is sourced from a mix of public and non-public records, almost entirely online. Here are some examples of where brokers may source information about you:
- Voter registration lists
- Social networking sites
- Court reports
- Motor vehicle accident reports
- Census data
- Marriage, birth or death certificates
- Other information shared publicly online – such as blogs or Google reviews
- Credit card history
- Loyalty rewards memberships
- Internet browsing history
- Video gaming logs
How is the information used?
Data brokers aggregate your data to build it into a profile about you. These compiled profiles are then sold to companies that may use them to create buyer personas, fine-tune marketing plans or determine your consumer score.
It’s not only used for marketing, however. The original use case for data brokers was building credit scores and many similar applications of data brokerage reflect this history. A lender may purchase information on you from a broker to determine how likely you are to default so they can reflect that risk in the rate they offer you.
What oversight exists for consumers?
Although data brokerage might seem unethical, that doesn’t mean it’s illegal. There aren’t any federal laws against the practice in the United States. And there’s minimal regulation across individual states. As a result, individuals can face prohibitive challenges trying to get insights into how data brokers gather and use their information.
When it comes to hoping your information is being handled with security and privacy, individuals are mostly dependent on sector-specific data laws, such as HIPAA in the healthcare industry. In the US, the Fair Credit Reporting Act most closely relates to data brokering activities, but it’s limited to the scope of information brokers receive from your credit report. Notably, the state of California’s privacy laws include a data broker registry as well as a covenant for consumers to request that brokers erase their file and opt out of being sold to third parties.
Data brokers contend with greater regulation in Canada. The Personal Information Protections and Electronics Document Act (“PIPEDA”) oversees data broker compiling, using and selling personal information to third parties – as well as those third parties who purchase the data. However, there are still many limitations when it comes to Canadians’ protection against data brokering.
What are your rights relating to data brokers?
It’s disconcerting to know that your data is being sold on an open market and it can be particularly violating when you consider the sources of the information. How should consumers handle data brokers?
By enhancing your cybersecurity awareness in general, you can limit the information you’re offering to data brokers. Get started with the cybersecurity enhancement recommendations we shared during Cybersecurity Awareness Month. If you have some time to research, investigate what data brokers operate in your jurisdiction. You can reach out directly to ask them to delete your file - although beware that you may get the run-around.
Good cybersecurity posture can minimize your exposure to data brokering today. Contact us today to get a quote on how you can improve your preparedness.