How to Find Out if Your Data is Being Sold to a Third Party

Written by

There is a lot of talk around data privacy and the shadowy world of data brokers – companies that specialize in collecting and selling or sharing personal information. These companies are not the only ones that deal in personal data, though: at the very least there are also those that get your information and sell it to them.

This kind of wheeling and dealing in personal information most often happens behind the scenes, so how can you tell if your data is being sold to a third party? There are two main approaches you can take, checking which third parties already have your personal data and learning which second parties are selling your data to those third parties.

Check in With Those Who Deal in Personal Information

Data brokers, like the name suggests, are the intermediaries through whose hands most large-scale data transactions pass. It’s the best point in the data-distribution chain to get a feel for which of your personal information is being sold online.

There are hundreds of data brokers known to operate in the US alone. They’re often connected through confusing networks of ownership and commonly maintain records on hundreds of millions of people and have access to billions of individual records.

To check if your data is in circulation among these companies, start by searching for your full name on any popular search engine. This will bring up people search sites, data brokers that specialize in collecting and cataloging your contact and other sensitive information, property records, licensing information, even your financial and criminal records.

Many data brokers don’t have their records indexed with search engines and/or don’t have publicly viewable or searchable records. Luckily, state laws like the California Consumer Privacy Act (CCPA) and Colorado Privacy Act (CPA) force data brokers to honor residents’ requests to opt-out of the sale of their data. In California, data brokers also have to reveal what information they have and delete it on request.

California residents can go to a data broker’s website, click on the “do not sell my info” link, and request to see what data it has on them, opt out, or request the deletion of their data. Residents of other states, including those with no data privacy protection laws, can still submit opt-out requests.

With so many data brokers out there and so many of them operating under the surface, simply finding the ones that deal in your data is a challenge. Following each of their opt-out procedures one by one can quickly become a full-time job. An automated personal information removal service like Incogni can do all this and more on your behalf.

Keep Tabs on the Companies that Collect Your Data

Data brokers must get your data from somewhere before they can put it up for sale. They get most of it from public sources, like government records. There’s nothing (or at least precious little) you can do about that, but there are other sources that are under your control.

Chances are, almost everything you do online leaves trails of data behind you. Cleaning up your digital footprint need not mean going completely off-grid, but you will likely need to change many of your browsing and shopping habits if you want to limit how much of your data you put out there.

What About Data Breaches?

There’s another way in which your data ends up getting bought and sold online. Data breaches and hacks can leave your personal information up for grabs on dark-web hacker forums. Hackers, unlike data brokers, don’t even have to pretend to adhere to data privacy protection laws.

The dark web isn’t something that’s easily accessed, let alone searched, so the approaches you took to track down data brokers on the clear web won’t work here. Luckily, there’s a safe and easily accessible website that can help you shine a light into some of the darkest corners of the web.

Troy Hunt’s Have I Been Pwned (HIBP) website allows you to check which of your online accounts have been involved in data breaches. Simply type in your email address or phone number and click “pwned?”. You’ll see which of the companies that have your data have been breached and what information has been leaked.

Change any passwords that have been breached. Use a different, strong password for each of your online accounts and enable two-factor authentication (2FA). This will help prevent a breach of one account giving hackers access to your other accounts. Bitwarden is a free and open source password manager that makes doing this easy, while the Aegis authenticator app allows you to receive 2FA codes without providing a phone number.

Brought to you by

What’s hot on Infosecurity Magazine?