Definition

data broker (information broker)

Robert Sheldon

By

Robert Sheldon

What is a data broker (information broker)?

A data broker, also called an information broker or information reseller, is a business that collects large amounts of personal information about consumers. The broker also analyzes and aggregates the collected data, and then sells or licenses the information to third-party individuals or organizations. Those third parties use the purchased information for marketing, risk mitigation, fraud detection and other purposes.

Data brokers collect personal information from a wide range of public and nonpublic sources. They might collect data from courthouse records, voter registries, census data, property records, motor vehicle departments or vital records offices, including marriage licenses or birth certificates. They might also purchase data from commercial sources, such as retail or credit card companies.

In some cases, data brokers gather personal information through browser cookies, either purchasing the information from a web service or deploying the cookies themselves. Data brokers might also gather data from other sources, such as mobile apps, social media sites or loyalty card programs. Data is collected in so many ways and in so many places around the world that data brokers have an almost endless supply of personal information.

What information do data brokers collect?

Data brokers continuously update their data stores to ensure they have the most accurate and complete set of information available on each person. From this data, they can piece together detailed profiles that might include thousands of data points. The following are examples of the types of data that a broker might collect about an individual:

Full name.
Age and gender.
Race and ethnicity.
Sexual orientation.
Social Security number or other national ID.
Current and past addresses.
Email addresses and telephone numbers.
Marital status and family relationships.
Occupation and job history.
Income and financial history, including bankruptcies.
Legal issues and criminal records.
Education and military service.
Real estate assets and other investments.
Purchase histories and buying habits.
Medical and mental health histories.
Interests, hobbies and political views.
Social media profiles.
GPS location data.

Chart showing types of information data brokers gather. — Data brokers collect data and make it available to other parties or organizations for a cost.

Once they've collected all this information, data brokers run advanced analytics against the data to identify patterns and to group the profiles into categories that they can sell or license to other companies. For example, a data broker might offer data about pickleball enthusiasts. A retailer might purchase this data to help market a new line of pickleball supplies.

Some data brokers now also use artificial intelligence algorithms to infer additional details about each individual, resulting in profiles that include a greater number of details, some of which are now assumed. This could potentially expose even more personal information about an individual or lead to incorrect assessments that negatively affect that person.

What information do data brokers sell?

Data brokers sell a wide range of personal information to numerous organizations. There are no specific industry rules or standards that require data brokers to limit the types of information they gather or how they go about peddling it. Even so, the data they offer tends to fall into one of the following categories:

Marketing and advertising. Organizations acquire this type of data primarily to market their products and services. In this way, they can better target their advertisements, special offers and other marketing strategies. For example, consumers might see the result of this process in the targeted ads they receive not long after conducting an internet search on a related topic.
Risk mitigation. Financial institutions, insurance companies and other organizations use this data to assess the risks associated with a potential customer or transaction. The data might include credit scores, current debt levels, income information or other details that help the institution assess the level of risk. For example, a bank might use this information when determining whether to give a customer a car loan and what interest rate to charge.
Fraud detection. Banks and other financial institutions typically use this data to monitor their customers' accounts and identify potential fraud. For instance, a credit card company might use this type of information when monitoring account activities to better detect fraudulent behavior.
People search. Websites that sell information about specific individuals acquire this type of data to support their online services. For example, a property management company might use this service to do a background check on a potential tenant, or a business that's interviewing prospective employees might want to check for past criminal records.

These four categories aren't always interpreted in the same way, nor do they represent the only ways in which the data can be categorized. For example, some sources treat risk mitigation and fraud detection as one category, while other sources include a category for health data, which might be used by health insurance companies to set rates or pharmaceutical companies to market their products.

How are data brokers regulated?

Currently, there's no U.S. federal legislation that requires data brokers to share the information they have gathered about consumers or that prevents them from selling the information to legitimate businesses. However, some U.S. states are starting to take a much closer look at privacy protections. California has been at the forefront of this effort with its California Consumer Privacy Act, which gives consumers the right to know what data has been collected, as well as the right to have it deleted.

Countries outside the U.S. are also taking steps to protect private information. The most notable of these efforts is the European Union's General Data Protection Regulation (GDPR). Under the GDPR, consumers must give their unambiguous consent before an organization is allowed to process their personal data in any way. In addition, consumers can request that their personal data be deleted.

To provide greater transparency, data broker Acxiom created a web-based privacy center that offers U.S. and international consumers more control over their personal data. For example, U.S. consumers can see what information Acxiom has collected about them and request that it be deleted. Although some view the privacy center in a favorable light, critics maintain that the website is just another way for the company to gather more data.

To help consumers better understand their data privacy rights, the nonprofit organization Privacy Rights Clearinghouse addresses the issues surrounding access to information and provides resources, including reports, guides and law overviews.

Learn what security measures organizations are using to protect customer data from identity theft and other fraudulent activities.

This was last updated in February 2024

Continue Reading About data broker (information broker)

ESG data collection: Beginning steps and best practices

Ways to collect customer data that keep you compliant

Standardized data collection methods can help fight cybercrime

IoT data collection: When time is of the essence

MI5 unlawfully collected and held millions of people's data

Search Networking

What is shielded twisted pair (STP) and how does it work?
Shielded twisted pair (STP) is a kind of cable made up of smaller wires where each small pair of wires is twisted together and ...
What is ping and how does it work?
Ping (Packet Internet Groper) is a basic internet program that enables a user to test and verify if a particular destination ...
What is 1000BASE-T (Gigabit Ethernet)?
1000BASE-T is a Gigabit Ethernet standard that operates at a speed of 1 gigabit per second (Gbps) over copper wiring.

Search Security

What is a firewall and why do I need one?
A firewall is a network security device that prevents unauthorized access to a network by inspecting incoming and outgoing ...
What is risk appetite?
Risk appetite is the amount of risk an organization or investor is willing to take in pursuit of objectives it deems have value.
What is penetration testing?
A penetration test, also called a 'pen test,' is a simulated cyberattack on a computer system, network or application to identify...

Search CIO

What is compliance risk?
Compliance risk is an organization's potential exposure to legal penalties, financial forfeiture and material loss, resulting ...
What is quantum entanglement and how does it work?
Quantum entanglement is a foundational phenomenon in quantum mechanics where two or more particles become interconnected in such ...
What is systems thinking?
Systems thinking is a holistic approach to analysis that focuses on the way that a system's constituent parts interrelate and how...

Search HRSoftware

What is team collaboration?
Team collaboration is a communication and project management approach that emphasizes teamwork, innovative thinking and equal ...
What is talent management? Definition, basics and strategy
Talent management is a strategic approach organizations use to attract, develop, retain, and optimize employees.
What is employee experience?
Employee experience is a worker's perception of the organization they work for during their tenure.

Search Customer Experience

What are customer service and support?
Customer service is the support organizations offer to customers before, during and after purchasing a product or service.
What is quality of experience (QoE or QoX)?
Quality of experience (QoE or QoX) is a measure of the overall level of a customer's satisfaction and experience with a product ...
What is voice of the customer? A guide to VOC Strategy
Voice of the customer (VOC) is the component of customer experience (CX) that focuses on customer needs, wants, expectations and ...

Close