The Shifting Legal and Social Landscape for People-Search Data Brokers

What’s happening

People-search data brokers like PeopleConnect, Spokeo, and TruthFinder collect and publish personal information: names, addresses, phone numbers, family ties, property records, and more on searchable public websites. They profit by selling this data or charging fees for its removal. For years, they have claimed immunity by citing that their data comes from "public" sources such as government filings and voter rolls.

Why it matters

This practice has built a multi-million dollar industry, exploiting legal loopholes in federal and state privacy laws. Laws like the Fair Credit Reporting Act (FCRA) and the Gramm-Leach-Bliley Act (GLBA) didn’t apply to brokers not offering consumer reports or financial services. The California Consumer Privacy Act (CCPA) initially exempted data that was publicly available.

But public opinion and legal frameworks are evolving.

How it affects the reader

Tragic incidents have revealed the real-world consequences. In 2020, a man used a people-search site to locate and attack federal judge Esther Salas, killing her son. In 2024, Minnesota police arrested Vance Boelter for plotting assassinations using addresses obtained from these sites.

These are not isolated threats. People-search brokers enable doxing, stalking, and extortion. Public servants, survivors of abuse, and ordinary citizens face serious risks.

What can be done

California has passed the Delete Act, the most aggressive privacy law yet. It mandates that all registered data brokers must delete a consumer’s personal information upon request and introduces a centralized deletion platform. Importantly, it redefines what counts as "public" data:

• If a broker combines public data with inferences or profiling, it becomes regulated personal information.

• Aggregated profiles and behavioral predictions must be deletable.

• Data brokers must comply with transparency rules and audits.

Background Alert: A Precedent-Setting Case

The case of Background Alert, Inc. illustrates enforcement. The company was fined and shut down for three years for non-compliance, setting a precedent that public data used to build consumer profiles is not exempt.

Where mePrism helps

mePrism Privacy is a registered privacy agent under the CCPA and Delete Act. It empowers consumers to:

• Submit verified opt-out and deletion requests

• Monitor compliance with data broker obligations

• Remove profiles, inferences, and images, not just raw public data

mePrism automates the removal process and partners with hundreds of data brokers. It also works with lawmakers and regulators to close loopholes and ensure privacy agents have legal authority.

Privacy is more than compliance. It is a right.

Looking Ahead

• The CPPA will launch a one-click deletion tool for Californians by 2026

• More states are drafting similar legislation

• Enforcement actions and lawsuits against non-compliant brokers will rise

• The FTC may increase oversight of deceptive and unsafe data practices

Data brokers must change. The status quo is ending.

Final Thoughts

People-search data brokers are losing their shield of "public records." New laws like California’s Delete Act recognize that inferences and profiles are personal information. With enforcement ramping up and public demand for privacy surging, the industry faces an existential shift.

mePrism is at the forefront, providing the tools and legal backing to help consumers reclaim control.

Your personal data should not be for sale. And now, you have a way to take it back.

Explore more from Our Team

Browse more posts written by our team to help you stay in control.