Glossary
Plain-English definitions for the privacy and data broker terms you'll see across this site and in the broader policy and tech press. If a term you need isn't here, write us.
- Data broker
- A website or company that collects personal information from public records and commercial data feeds, then sells access to it. The biggest categories are people-search sites (Spokeo, Whitepages, TruePeopleSearch), background-check sites (Intelius, BeenVerified, TruthFinder), and reverse-lookup sites (USPhoneBook, ThatsThem). About 200 broker sites matter for first responders.
- PII (Personally Identifiable Information)
- Any data that can identify a specific person — name, address, phone, email, date of birth, SSN. Different laws define it differently; the practical version is "the stuff you wouldn't want a stranger to have."
- OSINT
- Open-source intelligence. The discipline of stitching together publicly available information — social media posts, public records, broker pages — to identify a person, their home, their schedule, and their family. Most of the work is pattern matching, not hacking.
- Doxxing
- Publishing someone's personal information — usually home address, family details, workplace — to a public audience with the goal of encouraging harassment. The data almost always comes from a broker page. See /doxxing.
- Swatting
- Calling in a fake high-priority emergency (armed hostage situation, bomb threat) to a target's home address, hoping to send an armed police response to a location where no actual threat exists. People have died in swatting incidents. See /swatting.
- Address Confidentiality Program (ACP)
- State programs that provide a substitute mailing address for eligible participants — typically survivors of domestic violence, sexual assault, stalking, or human trafficking. State and local agencies use the substitute address in place of the participant's actual home address. CA Safe at Home, TX ACP, NJ ACP are examples.
- Daniel's Law
- New Jersey statute (NJSA §47:1B-1 et seq.) that lets covered persons — sworn officers, judges, prosecutors, corrections officers, and their families — demand removal of home address and unpublished phone from data brokers. $1,000 per violation in statutory damages. About 14 states now have Daniel's-Law-style analogs; most cover only judges. See /laws/daniels-law.
- Lieu Act
- Federal Daniel Anderl Judicial Security and Privacy Act, signed in December 2022. Gives federal judges (and their immediate families) a mechanism to demand removal of personal information from data brokers and government records. Named for House sponsor Ted Lieu. See /laws/lieu-act.
- DPPA
- Driver's Privacy Protection Act, federal law (18 USC §§2721-2725) passed in 1994. Restricts what state DMVs can disclose about drivers — name, address, photo, SSN — and creates a federal cause of action against anyone who pulls a DMV record without a permitted purpose. $2,500 per violation in statutory damages. See /laws/dppa.
- CCPA / CPRA
- California Consumer Privacy Act and the California Privacy Rights Act amendments. Gives California residents the right to demand deletion of their data from companies that hold it, including data brokers. Many brokers process CCPA delete requests for non-California residents too because it's easier than enforcing the state check.
- Re-listing
- When a broker re-publishes your information after you've opted out. Most brokers re-list inside 3-6 months as their data feeds re-sync from public records and commercial sources. A one-time opt-out is a delay, not a fix.