So, this is probably naive of me, but so far I haven’t really been able to find the answer on the web.
Recently I subscribed to a personal info removal company called Incogni, only to find out that they sent a staggering 123 removal requests on my behalf. I never imagined there were that many companies in that business. So far in 20 days, 70 requests have been fulfilled, but 53 are still pending.
Which made me wonder… given my personal data seems to be sold, re-sold and re-re-sold without my express consent, or ability to opt out… if I knew I’ve informed my legit service providers, plus those I have legit obligations to (employer, state, etc.)… how easy would it be to obfuscate it on a regular basis, by simply providing a new, creative address, to entities I don’t get mail communication, or deliveries, from?
So, has anyone tried to trace the map by which a new address, cell phone number, etc. makes its way through the 123 or so data brokers? What are the ‘input nodes’ to that graph?
I used to work for a data broker. The main problem here is that profiles are created and compiled from public data. There aren’t any P.I.s at work here… Just massive amounts of data dumps that anyone could access. If you include PII data like socials, then there are limitations on who can view it… But not really that hard to circumvent. A human could not possibly compile profiles from terrabytes of public data, but our programmers could… And this is the real problem. much of this data was public before current computer logic existed and no one foresaw the huge privacy implications.
For my company, only requests that come from persons living in California were honored…and only the person could request removal, not a 3rd party on behalf of the person. Sux.
And FYI, any searches for certain people would be reported to the authorities… Like if you searched Donald Trump with SSN Inclusion, we had to report it to secret service.
100% agree when you say “there aren’t any PIs at work here”, since we’re talking about data aggregation from multiple sources. My thought is: given data aggregation of PII is largely legal, then equally, publishing of creative PII is also legal.
So, regularly feeding creative PII for obfuscation, for protection from unknown 3rd-parties, requires knowing the sources communicating your data. At least, the main sources.