Skip to Content

Cybersecurity Knowledge Base

CyberPedia


Your essential guide to cybersecurity threats, attacks, and defenses. Understand the risks. Protect your business.

Data Brokers

Overview

Data brokers are companies that collect, aggregate, and sell or share information about individuals or organizations, usually without having a direct relationship with the people whose data they trade. In plain terms: a data broker is like a wholesaler of personal and behavioral data, packaging information for marketers, advertisers, insurers, and other buyers.

What Data Brokers Do

Data brokers typically:

  • Gather data from many sources

    • Public records (property records, court filings), commercial sources (loyalty programs, e‑commerce, data sharing deals), and online tracking (web cookies, mobile apps, ad networks).

  • Aggregate and enrich profiles

    • Combine data points into detailed profiles on individuals or households, including demographics, interests, inferred behaviors, and sometimes sensitive attributes.

  • Segment and sell data products

    • Offer lists or audiences (for example, “new homeowners in X area,” “high-income tech enthusiasts,” “people likely interested in health products”) to customers for targeting, analytics, or risk scoring.

Types of Data Collected

Common categories include:

  • Demographic and contact information

    • Name, address, age range, gender, household composition, contact details.

  • Behavioral and interest data

    • Purchase history, web browsing patterns, app usage, ad interactions, loyalty card usage.

  • Location and device data

    • Inferred home/work locations, frequent visits (stores, venues), device identifiers, and sometimes coarse or fine-grained geolocation.

  • Financial and risk-related indicators

    • Modeled income brackets, credit-related segments (not necessarily full credit reports), propensity to buy certain products or services.

In some jurisdictions, handling of especially sensitive categories (health status, political views, precise location) is restricted or regulated, but practices vary widely.

How Organizations Use Data Brokers

Businesses and other entities may use brokered data to:

  • Target and personalize marketing

    • Build lookalike audiences, direct mail lists, and tailored ad campaigns.

  • Enhance customer analytics

    • Enrich CRM records with additional attributes or segments to improve segmentation, churn prediction, or cross-sell models.

  • Perform risk and eligibility assessments

    • Support fraud detection, identity verification, or risk scoring in finance, insurance, and related fields.

  • Conduct research and planning

    • Use aggregated or anonymized data for market research, site selection, and product strategy.

Risks and Privacy Concerns

Data broker activity raises significant concerns:

  • Lack of transparency and control

    • Individuals often do not know which firms hold their data, what is stored, or how it is used or shared.

  • Security and breach risk

    • Large aggregated datasets are attractive targets; compromise can expose highly detailed profiles.

  • Misuse and discrimination

    • Data can be used in ways that contribute to unfair treatment (for example, differential pricing, targeting vulnerable groups, or de facto discrimination).

  • Data quality issues

    • Inaccurate or outdated data can lead to wrong inferences and harmful decisions, with limited recourse for affected individuals.

Managing Data Broker Risk (for Organizations)

From a security and governance standpoint, organizations should:

  • Inventory and govern external data sources

    • Track which data brokers and datasets are in use, what data elements are ingested, and for what purposes.

  • Review contracts and compliance obligations

    • Ensure usage aligns with privacy laws, industry regulations, and internal policies, including restrictions on sensitive attributes.

  • Limit and protect imported data

    • Apply data minimization, access controls, retention limits, and proper encryption for brokered datasets.

  • Assess ethical and reputational impact

    • Evaluate whether certain uses of brokered data could be perceived as invasive or unfair, and adjust practices accordingly.

Managing Data Broker Risk (for Individuals)

Where possible (depending on jurisdiction), individuals can:

  • Exercise opt-out and access rights

    • Use available mechanisms to request copies of data, corrections, or removal from certain lists.

  • Limit data exhaust

    • Reduce unnecessary sharing via loyalty programs, public social media, and permissive app permissions.

  • Use privacy tools and settings

    • Adjust browser, device, and ad settings to limit tracking and cross-site profiling, recognizing this cannot fully eliminate broker collection.