The 6 Types of Data Brokers
5 min read
March 2026
The phrase "data broker" gets thrown around as if it describes a single kind of company. It does not. The industry spans at least six distinct categories, each collecting different data, selling to different buyers, and operating under different legal constraints. Understanding which type holds your information is the first step toward getting it removed.
Below is a practical taxonomy. For each category we cover what they collect, who pays for it, and whether you can opt out.
1. People-Search / Identity Brokers
Overview
People-search sites aggregate public records, social media profiles, and commercial databases into individual dossiers that anyone can look up by name. They are the most visible category of data broker and the most directly harmful to personal privacy.
Major playersSpokeo, Whitepages, BeenVerified
Data heldFull names, addresses, phone numbers, email addresses, relatives, criminal records, property records, estimated income
BuyersGeneral public, skip tracers, private investigators, background check services
Opt-outAvailable on most sites. Each broker has its own process, typically requiring name and email verification. Must be repeated every 6-12 months as profiles regenerate.
People-search brokers are the primary target for individual privacy protection. A single scan can reveal your data on 30 or more of these sites simultaneously.
2. Marketing & Advertising Data Brokers
Overview
Marketing data brokers build detailed consumer profiles by merging purchase history, browsing behavior, demographic information, and loyalty program data. They package this into audience segments that advertisers buy to target campaigns. You rarely interact with these companies directly, which makes them harder to confront.
Major playersAcxiom (Liveramp), Oracle Data Cloud, Epsilon
Data heldPurchase behavior, household income estimates, political affiliation, lifestyle interests, browsing history, app usage
BuyersAdvertisers, political campaigns, retail chains, financial services marketers
Opt-outLimited. Acxiom offers an opt-out portal (aboutthedata.com). Oracle shut down its ad division in 2024. Most others make the process deliberately obscure or require mailed requests.
3. Financial / Risk Data Brokers
Overview
Financial data brokers collect and analyze consumer risk profiles for institutional buyers. Unlike people-search sites, some of these companies operate under the Fair Credit Reporting Act (FCRA), which gives consumers the right to dispute inaccuracies but does not allow full deletion. They influence whether you get approved for a mortgage, how much you pay for insurance, and whether a landlord accepts your rental application.
Major playersLexisNexis Risk Solutions, Verisk Analytics, CoreLogic
Data heldCredit-adjacent data, insurance claims history, property ownership, court records, identity verification scores, driving records
BuyersInsurance companies, mortgage lenders, landlords, employers (with consent), government agencies
Opt-outPartial. FCRA-regulated reports allow disputes and corrections. LexisNexis offers a consumer disclosure report. Full data deletion is generally not available since these companies have legal bases for processing.
Wondering how exposed you are? Delist.ai scans 1,000+ data broker sites and shows exactly where your personal information appears.
Check your exposure free →
4. Health Data Brokers
Overview
Health data brokers trade in medical and wellness information that falls outside the traditional protections of HIPAA. Because HIPAA only covers "covered entities" like hospitals and insurers, a wide gray zone exists where prescription data, fitness app metrics, and de-identified patient records are bought and sold freely. The data may be technically anonymized, but re-identification is often trivial.
Major playersIQVIA (formerly IMS Health), Optum (UnitedHealth subsidiary)
Data heldPrescription histories, diagnosis codes, lab results (de-identified), health app data, insurance claims summaries, fertility and mental health app data
BuyersPharmaceutical companies, health insurers, medical researchers, advertising platforms targeting health conditions
Opt-outExtremely limited. IQVIA offers an opt-out for prescription data tracking. Most health data brokers do not provide consumer-facing removal tools. State laws like the Washington My Health My Data Act (2024) are beginning to create new rights.
Health data is uniquely sensitive because it cannot be changed. You can get a new phone number or move to a new address, but you cannot undo a medical diagnosis. Once health data is sold, the damage is essentially permanent.
5. Location Data Brokers
Overview
Location data brokers collect GPS coordinates and movement patterns from mobile apps through embedded SDKs. When you grant a weather app or game access to your location, that data often flows to a broker who sells it. The result is a detailed map of where you go, when, and how often — your workplace, your doctor, your place of worship, the homes you visit.
Major playersSafeGraph, Foursquare Places (Factual), Placer.ai
Data heldGPS coordinates, location visit history, dwell time, foot traffic patterns, home and work locations inferred from movement
BuyersHedge funds, real estate developers, retail chains, government agencies (including law enforcement and intelligence), political campaigns
Opt-outAlmost nonexistent. Revoking location permissions in individual apps reduces future collection. There is no centralized way to request deletion of historical location data already sold to third parties.
6. Recruitment / HR Data Brokers
Overview
Recruitment data brokers scrape LinkedIn profiles, corporate websites, conference attendee lists, and SEC filings to build professional dossiers. They sell direct-dial phone numbers and personal email addresses to salespeople and recruiters. If you have ever received a cold email at an address you only gave to one employer, a recruitment data broker is likely the source.
Major playersZoomInfo, Clearbit (now Breeze by HubSpot), RocketReach
Data heldWork email addresses, direct-dial phone numbers, job titles, employment history, company revenue estimates, org charts, social media profiles
BuyersSales teams, recruiters, marketing automation platforms, venture capital firms
Opt-outEmail-based opt-out available on most platforms. ZoomInfo has a removal form. RocketReach and Clearbit honor email requests. Removal takes effect within days but re-listing is common if your data appears in new public sources.
Why This Taxonomy Matters
Different types of data brokers require different removal strategies. You cannot send a CCPA deletion request to a people-search site and expect the same result as filing an FCRA dispute with LexisNexis. The legal frameworks, opt-out mechanisms, and re-listing timelines vary dramatically across categories.
For most individuals, people-search brokers (category 1) represent the most immediate and actionable threat. They expose your home address, phone number, and family connections to anyone with a search engine. They also have the most established opt-out processes, which means removal is possible — it just takes time and persistence.
Marketing, health, and location brokers (categories 2, 4, and 5) are harder to address because they operate further from public view and offer fewer consumer controls. Legislative pressure — particularly state privacy laws like the CCPA, the Colorado Privacy Act, and the Texas Data Privacy and Security Act — is slowly forcing transparency, but enforcement remains inconsistent.
The practical takeaway: start with what you can control. Remove yourself from people-search sites first, then work outward. For a step-by-step guide, see How to Remove Yourself from Data Brokers.
Frequently Asked Questions
How many data brokers exist?
Estimates range from 4,000 to over 6,000 companies in the United States alone. Vermont's data broker registry, the only mandatory state registry, lists around 600 companies, but registration is limited to brokers that sell data about consumers they have no direct relationship with. The true number is higher because many companies broker data as a secondary business without identifying as data brokers.
Are data brokers legal?
Yes, in most jurisdictions. Data brokers primarily collect information from public records, commercial transactions, and data-sharing agreements that consumers agreed to (often unknowingly) through terms of service. The CCPA, GDPR, and various state laws regulate how data must be disclosed and give consumers opt-out rights, but they do not ban the practice of data brokerage itself.
Which type of data broker is most dangerous?
It depends on your threat model. For everyday privacy, people-search brokers are the most dangerous because they make your personal information freely searchable. For financial harm, risk data brokers can silently affect your insurance rates and credit access. For physical safety, location data brokers pose the greatest risk because they can reveal your real-time movements and routine patterns.
Can I opt out of all data brokers at once?
No. There is no universal opt-out registry. Each broker has its own removal process, and many categories (health, location) offer no consumer-facing opt-out at all. Privacy protection services like Delist.ai automate the opt-out process across dozens of people-search brokers, which is the most effective approach for the highest-impact category.
Do data brokers sell my Social Security number?
Legitimate data brokers generally do not sell full Social Security numbers to the public. However, financial and risk data brokers like LexisNexis use SSN-derived identifiers internally for identity verification. People-search sites sometimes display partial SSNs (last four digits) sourced from public records. Full SSNs are more commonly traded on dark web marketplaces after data breaches, which is a separate problem from commercial data brokerage.
Find Out Which Brokers Have Your Data
Delist.ai scans 1,000+ people-search brokers in minutes. See exactly where your personal information is exposed.
Scan Now — Free