Cybersecurity: Time to strengthen the data broker ecosystem?

Computer systems are vulnerable to cyberattack. Image (C) Tim Sandle

In recent weeks thousands of lawsuits have been filed against multiple data brokers for violating the so-termed ‘Daniel’s Law’. This is a 2021 New Jersey law banning both public and private entities from publishing personal information of public servants.

The fine for violating this law is $1,000 per violation – and it’s estimated that this class action lawsuit has more than $20 million at stake. 

These are not many small companies violating this law; however, some bigger firms have fallen foul of the requirements. Recently, The Lifetime Value Co. (majority owned by Morgan Stanley) was served, and other defendants include 6Sensensights, Giant Partners, DM Group, InsideRe, MyLife.com, Enformion, Social Catfish, and Attom Data Solution.

Such lawsuits carry considerable impact and indicate continuing concerns relating to the issue of data misuse.

To gain an insight, Digital Journal heard from Max Anderson, chief revenue officer at 360 Privacy.

According to Anderson  such legislation is important since it indicates how the “data broker ecosystem is thriving and is putting privacy and cybersecurity concerns at the forefront.” 

Anderson begins with a warning: “Hackers, activist groups, and cyber criminals will exploit any opportunity to gain access to personal information; people search sites and data brokers are no exception.”

Specifically with data brokers, Anderson finds: “They can use the personal information available on these sites to carry out various types of attacks, such as phishing, social engineering, stalking, and identity theft.”

Anderson looks next at the specific case: “In the New Jersey law enforcement case against data brokers, it is clear that data brokers failed to comply with laws created specifically to protect public servants. This case highlights the level of personal information that is available on every American citizen, regardless of professional occupation.”

In terms of the impact on law enforcement, Anderson unearths: “The amount of information available on police officers was not greater or less than any other US citizen, but their work, often on sensitive cases, puts them at a greater risk of being targeted.”

In terms of the underlying reasons, Anderson’s analysis runs: “Without using a personal data deletion service, it is impossible for the average citizen to remove their PII from the data broker ecosystem. Data brokers have intentionally made it burdensome to “opt out” and hope that people will give up and stop trying. Data equals dollars, and brokers want to keep as much personal information on their sites as possible. The lawsuit against many high-profile data brokers has the potential to cause significant market fluctuations since data has become big business over the past few years.”

There are things that people can undertake to lower their digital footprint. Here Anderson advises: “Do not provide personal information, whenever possible, when signing up for online subscriptions, customer loyalty cards, or “frequent shopper” accounts. If it is free or the company offers you a discount, that means they are likely selling your data and “you” are the product.”

He adds: “Be mindful of what information you share on social media. A photo taken in front of your house can easily be used to find your address with online mapping services. Use privacy-focused tools and services to help protect personal information and reduce exposure to data brokers. There are companies that provide data broker deletion services, but do your due diligence – some of these companies operate overseas and ask you provide sensitive items, like copies of your passport or your SSN, when that is not actually needed.”

As final advice, Anderson proposes: “Use a VPN when doing anything online, especially checking emails, accessing bank account, paying bills, and downloading content.”