The Comprehensive Privacy Guide project aims to empower individuals by providing a comprehensive guide to opt out of various data brokers and people search websites. These companies collect vast amounts of personal data and often sell or share it with third parties. This project was created to inform and assist people in managing their online privacy by providing step-by-step instructions for opting out from major data brokers.
- How to Use This Guide
- Data Broker Types
- Data Broker Opt-Out Guide
- Requesting Blur on Online Map Services
- Global Privacy Laws & Regulations
- Privacy Protection Resources
- For Developers
- How to Audit SDKs and APIs for Data Collection
- Using AI to Discover What Data Exists About You
- Contact Information
The Comprehensive Privacy Guide was established in January 2015 to provide an accessible resource for individuals to remove their personal data from data brokers, people search websites, and related entities. As privacy concerns continue to rise, this guide serves as a valuable tool for managing personal information and minimizing exposure to unnecessary data collection.
The guide was last updated on January 1, 2025, and includes additional websites such as Best History Websites that aggregate personal data. The most recent update in April 2025 removed BackgroundAlert following its closure after a settlement with the California Privacy Protection Agency (CPPA).
-
Prioritize Opting-Out
- Priority 1: Focus on the highest-impact brokers.
- Priority 2: Then address medium-priority brokers.
- Priority 3: Finally, opt out from lower-priority or niche sites.
-
Time Commitment
- Opt-out processes vary in complexity. Some require submitting IDs or repeating requests.
-
Tracking Your Progress
- Use a spreadsheet or tracker to monitor your opt-out status and follow-up dates.
-
Repeat Requests as Needed
- Some brokers refresh their data and may re-list your information over time.
- Spokeo – Opt-out
- Intelius – Opt-out
- Whitepages – Opt-out
- BeenVerified – Opt-out
- Radaris – Opt-out
- Lullar - Opt-out
- PeopleFinder – Opt-out
- FastPeopleSearch – Opt-out
- TruePeopleSearch – Opt-out
- Search People Free - Opt-out
- FamilyTreeNow – Opt-out
- Acxiom – Opt-out
- Epsilon – Privacy choices
- CoreLogic – Contact for data requests
- Experian – Credit Freeze
- Equifax – Credit Freeze
- TransUnion – Credit Freeze
- See "People Search Sites" for links.
- Healthgrades – Contact for edits/removal
- WebMD – Privacy & contact
- Facebook – Manage data & ad preferences
- Twitter/X – Personalization & data settings
- JustDeleteMe - Directory of account deletion links
- File an FTC Identity Theft Report
- Request expedited removal from data brokers if supported.
- Check your state’s Address Confidentiality Program (ACP) for protections.
- Still recommended to opt-out from all people search and data broker sites.
-
EasyOptOuts: A premium service designed to help users manage and expedite the opt-out process for various data brokers.
-
PaperKarma: A mobile app that helps you stop unwanted catalog mailings and direct marketing. Available on iOS and Android.
-
CatalogChoice: A free service to opt-out of unwanted catalogs and other mail solicitations by creating a free account and managing your mailing preferences.
-
Abine DeleteMe: A privacy service that removes your personal information from 30+ data brokers and continuously monitors for re-listings.
-
Your Digital Rights – Automate opt-out requests from data brokers.
-
Data Brokers Watch – A list of the top 10 data brokers with opt-out instructions.
If you've previously applied for a job at a major tech company and wish to delete your career account, here's how to do so for various companies:
Google retains your application data for various reasons, but you can request deletion:
- Email: hrdatarequest@google.com
- Include: Full name, email used in the application, and any relevant details.
- Optional (EEA/UK/Brazil): Contact data-protection-office@google.com
- Login: jobs.apple.com
- Edit/Delete Profile: From your dashboard, manage or delete personal data.
- Support: Email dpo@apple.com or call 1-800-275-2273.
- Visit: account.microsoft.com/closeaccount
- Login & Verify: Sign in with your Microsoft credentials.
- Follow Prompts: Choose a deletion reason and confirm.
- Email: hr-dsr-privacy@amazon.com
- Include: Full name, email address, and application-related details.
- Login to Facebook
- Go to: Settings & Privacy > Settings > Accounts Center
- Select: Account ownership and control > Deactivation or deletion > Delete account
- Always back up important information before deleting any account.
- Some data may be retained for legal compliance or internal purposes.
- If no deletion option is available, look for a Data Privacy or DPO contact.
Street-level imagery platforms such as Google Street View and Apple Look Around often display houses, vehicles, license plates, and even people. While these services typically auto-blur sensitive elements like faces and plates, you can also request manual blurring for added privacy. Below is a comprehensive guide to requesting blurring across major mapping platforms.
Supports manual blur requests for:
- Faces
- License plates
- Homes and buildings
- Vehicles
- Other personal property
- Go to Google Maps.
- Enter the address or search for the location.
- Drag the yellow Pegman (bottom-right corner) onto the map to activate Street View.
- Navigate to the image you want to blur.
- In the bottom-right corner of the image, click "Report a problem".
- Use the red box to center the object (e.g. house, license plate) you want blurred.
- Fill out the form, selecting:
- What to blur: face, house, license plate, or other.
- A short explanation (e.g. “My home, privacy concerns”).
- Complete the CAPTCHA and submit the form.
Note: Once approved, the blur is permanent and cannot be undone.
🔗 Google Street View Blur Request Form
Supports blur via issue reporting only. Apple automatically blurs faces and plates, but does not provide a dedicated blur request form.
- Open the Apple Maps app on iOS or macOS.
- Search for your address and enter Look Around view.
- Tap the info icon (i) or Report an Issue button.
- Select “Report Street Issue”, then provide:
- A detailed description of what should be blurred.
- Your contact email (optional, for follow-up).
You can also use the general contact form:
🔗 Apple Maps Privacy Contact
Supports blur requests via feedback form.
- Go to Bing Maps.
- Search for your address and enter Streetside view.
- Click the feedback/flag icon in the image corner.
- In the form:
- Describe what should be blurred.
- Provide the exact location and any details.
🔗 Microsoft Maps Report Concern
Mapillary applies automatic blurring to faces and license plates, but you can request manual review.
- Visit Mapillary and search your area.
- Find the photo in question.
- Click the image, then use the "Report image" button.
- Or use the contact form below to request additional blur.
Yandex Maps provides limited privacy controls. You may contact support to request removal or blurring.
- Visit Yandex Maps and locate the imagery.
- Use the feedback or “Report an error” button on the image.
- Or contact Yandex support directly: 🔗 Yandex Support
Baidu Maps has limited published information on privacy requests. You can still try reaching out:
- Navigate to Baidu Maps.
- Use the feedback form in the app or web interface.
- Submit concerns via general support: 🔗 Baidu Customer Service Portal
If you're using other platforms like:
- TomTom – No public street view imagery for individual properties.
- Here WeGo – No manual blur option; privacy requests must go through their contact form.
- OpenStreetCam (discontinued) – Now merged into Mapillary.
- 360Cities, MapQuest, DuckDuckGo Maps – These aggregate from partners (e.g. Google, Apple), so follow the primary source instructions.
- 📸 Take a screenshot before submitting the blur request in case you need to reference the original image.
- ⏱️ Processing time: It may take a few days to several weeks for changes to take effect.
- 🔁 Follow up: If your request isn’t acted on within a month, resubmit or escalate via email.
- 🧾 Provide clear context: For best results, include details like street address, object description, and image orientation.
By blurring your home, vehicle, or other identifying details, you reduce the likelihood of doxxing, targeted scams, or unwanted attention.
This section provides an overview of the most important global privacy laws and regulations that protect your personal data. Understanding these laws is essential to knowing your rights and how to take control of your data.
-
Federal Law No. 152-FZ on Personal Data
Also known as the Personal Data Law, this law governs the collection, storage, and processing of personal data within Russia. Adopted in 2006 and amended over time, it requires organizations to obtain explicit consent from individuals for processing their personal data and mandates that data be stored within Russia’s borders (data localization requirement). Non-compliance with the law can result in fines and sanctions.Key aspects of the law include:
- Data subjects’ right to access, correct, and delete their personal data.
- Organizations must register with the Russian data protection authority (Roskomnadzor) if they process personal data on a large scale.
- Provisions regarding cross-border data transfer and data localization within Russia.
- Companies must implement adequate security measures to protect personal data from unauthorized access, disclosure, or loss.
For more information, you can check out the official document.
-
Federal Law No. 149-FZ on Information, Information Technologies, and Information Protection
This law addresses the regulation of information technology and the protection of personal information, privacy of communications, and the processing of personal data in various contexts. -
The “Right to Be Forgotten”
Russia’s data protection law allows individuals to request the deletion of personal data in some cases, similar to the "right to be forgotten" law under the European Union’s GDPR. However, this right is more limited than the one granted by GDPR. -
Personal Data Localization Law
This regulation mandates that certain data must be stored and processed within Russian territory. It impacts foreign companies providing services in Russia and requires them to have servers within the country if they process data about Russian citizens. This law is part of Russia's broader attempt to ensure the sovereignty of its data.
- Roskomnadzor (Federal Service for Supervision of Communications, Information Technology, and Mass Media) is the Russian authority responsible for overseeing the implementation of the personal data law and other related regulations. It ensures compliance and enforces fines for violations of data protection rules.
-
Roskomnadzor (Federal Service for Supervision of Communications, Information Technology, and Mass Media)
The main governmental body responsible for regulating data privacy and enforcing compliance with data protection laws in Russia. Roskomnadzor oversees personal data processing activities and enforces the Federal Law on Personal Data (No. 152-FZ). They also monitor internet censorship and data localization requirements.
Website: https://rkn.gov.ru -
Russian Association of Electronic Communications (RAEC)
RAEC is a leading industry association that represents internet companies, telecommunications providers, and digital service companies. It aims to improve data protection practices, promote privacy protection, and shape Russia's regulatory framework on digital data and privacy.
Website: https://raec.ru -
Data Protection Association (DPA)
DPA is a Russian organization dedicated to raising awareness about personal data protection, supporting compliance with data privacy laws, and working on digital privacy advocacy. It also collaborates with governmental bodies to influence data protection legislation.
Website: https://www.dpa.org.ru -
Sberbank Privacy Center
Sberbank, Russia's largest financial institution, runs a privacy center that provides detailed guidance on how the bank processes user data and ensures compliance with Russia's data protection regulations. It offers a comprehensive privacy policy to safeguard consumer data.
Website: https://www.sberbank.ru -
Yandex Privacy Policy
Yandex, Russia's largest internet search engine and digital services provider, offers detailed information on their privacy practices, including how they handle user data, what personal data they collect, and how they comply with data protection laws in Russia.
Website: https://yandex.com/legal/privacy -
Russian Internet Development Foundation (RIDF)
RIDF is a nonprofit organization working to promote the development of the Russian internet space, including policies related to data privacy, internet governance, and digital rights. They focus on internet freedoms, privacy rights, and legislative reforms to enhance privacy protection in Russia.
Website: https://www.ridf.ru -
Internet Protection Society (IPS)
IPS is a non-governmental organization advocating for internet privacy in Russia. It focuses on protecting users' privacy online, fighting against surveillance, and ensuring that data is processed in an ethical and transparent manner. The IPS works to promote data protection laws and digital rights.
Website: https://www.internetprivacy.org -
Net Freedoms Project
The Net Freedoms Project advocates for digital rights, including internet privacy and access to information. It focuses on transparency in data processing practices and works towards protecting individual rights in the digital environment. The organization is actively involved in discussions about privacy policy reforms.
Website: https://netfreedoms.org -
Association of Privacy and Data Protection Professionals (APDP)
APDP is a professional organization for privacy and data protection specialists in Russia. It offers resources, training, and certifications related to privacy management, GDPR compliance, and Russian data protection laws.
Website: https://apdp.ru -
Russian Data Protection Network (RPDN)
RPDN is a non-governmental network that brings together professionals, academics, and experts in data protection law and privacy rights. It aims to improve the understanding of privacy issues and to foster better privacy practices among Russian organizations.
Website: https://www.rpdn.org -
Digital Rights Center (DRC)
DRC is an organization dedicated to protecting the digital rights of individuals in Russia. It works to address issues related to surveillance, censorship, and privacy violations, and it promotes advocacy for policy reform.
Website: https://drc.ru -
Public Monitoring Commission (PMC)
PMC is an independent public body focused on monitoring and reporting on the implementation of human rights, including digital rights and privacy protection, within Russia. It regularly monitors government actions on digital privacy and publishes reports on privacy violations.
Website: https://www.oprf.ru -
Center for Internet Security and Privacy (CISP)
The CISP is a research and policy center focused on the development of digital security practices, internet privacy, and the protection of user data. It conducts studies, publishes reports, and works on creating safe environments for digital communications.
Website: https://cisp.ru -
Cybersecurity and Data Protection Agency (CSDA)
This agency is dedicated to improving cybersecurity and data privacy in Russia. It works on enhancing the protection of personal data against breaches and cyber threats and provides guidelines for Russian businesses to comply with data protection regulations.
Website: https://csda.ru -
Digital Rights Foundation
This foundation promotes internet rights and freedom of expression, as well as the right to digital privacy. It engages in public awareness campaigns, advocates for stronger privacy protection laws, and supports individuals in exercising their digital rights.
Website: https://www.digitalrights.ru -
RuNet Foundation
The RuNet Foundation works to advance digital literacy and policy reform in Russia, particularly on topics like data protection, online privacy, and freedom of speech. It provides educational programs, policy analysis, and advocacy for stronger privacy protections.
Website: https://www.runet-foundation.org -
Russian Union of Industrialists and Entrepreneurs (RSPP)
The RSPP represents business interests in Russia and plays a key role in lobbying for better data protection policies. It works on advancing privacy standards and ensuring businesses comply with national data protection regulations.
Website: https://rspp.ru -
Russian Human Rights Commission
This government body addresses human rights violations, including those related to data privacy. It advocates for the protection of individuals' personal information and addresses concerns about surveillance and privacy breaches.
Website: https://www.ombudsmanrf.org
These organizations and initiatives work to shape and enforce Russia's data privacy and protection landscape. They play critical roles in advocating for user privacy rights, promoting responsible data practices, and providing resources to ensure compliance with Russian laws.
Overview: The GDPR, effective since 2018, is one of the most comprehensive and globally influential data privacy regulations. It applies to all EU member states and any organization processing personal data of EU residents, regardless of the organization’s location.
- Data Subject Rights: Right to access, rectification, erasure, data portability, and objection to processing.
- Consent: Consent must be freely given, specific, informed, and unambiguous.
- Data Protection Impact Assessments: Organizations must conduct DPIAs when processing is likely to result in high risks to the rights and freedoms of individuals.
- Data Breach Notification: Data controllers must notify the supervisory authority within 72 hours of a data breach.
- Each EU country has its own independent Data Protection Authority (DPA) that enforces GDPR. The European Data Protection Board (EDPB) ensures consistent application across the EU.
Website: European Data Protection Board
- ePrivacy Directive (Cookie Law): Regulates the use of cookies and similar technologies.
- Digital Services Act (DSA) and Digital Markets Act (DMA): Focus on ensuring safe digital spaces and fair digital market practices.
Overview: The CCPA, enacted in 2018, provides California residents with rights to control their personal data and imposes obligations on businesses to safeguard it.
- Consumer Rights: Right to know, delete, and opt-out of the sale of personal data.
- Business Obligations: Businesses must provide transparency in how they collect and use data and allow consumers to exercise their rights.
- California Attorney General’s Office enforces CCPA.
Website: California Consumer Privacy Act
Overview: The VCDPA provides Virginia residents with data protection rights and obligations for businesses similar to CCPA, but tailored for Virginia.
- Consumer Rights: Right to access, delete, and correct data, as well as opt-out of targeted advertising and the sale of personal data.
- Virginia Attorney General’s Office
Website: VCDPA Official Page
Overview: COPPA imposes restrictions on the collection of personal information from children under 13. It requires parental consent before data collection.
- Federal Trade Commission (FTC)
Website: COPPA Page
Overview: The PIPL, enacted in 2021, is China’s most comprehensive data protection law, regulating personal information processing and offering individuals control over their data.
- Consent: Personal data must be processed with explicit consent.
- Cross-border Data Transfer: Data controllers must conduct security assessments before transferring data out of China.
- Individual Rights: Includes rights to access, correction, deletion, and portability.
- Cyberspace Administration of China (CAC)
Website: Cyberspace Administration of China
Overview: Enacted in 2023, the DPDPA establishes rules around the collection, processing, and protection of digital personal data in India.
- Consent: Consent is required for data processing.
- Individual Rights: Individuals can request access, correction, and deletion of their data.
- Data Fiduciaries: Organizations processing personal data must register and follow obligations to safeguard data.
- Data Protection Authority of India (DPAI)
Website: Ministry of Electronics and Information Technology
Overview: Brazil’s LGPD, enacted in 2020, regulates the collection, use, and sharing of personal data, drawing significant parallels to the EU’s GDPR.
- Consent: Explicit consent is required for processing personal data.
- Data Subject Rights: Includes rights to access, correction, deletion, and data portability.
- Accountability: Data controllers must ensure data protection practices.
- National Data Protection Authority (ANPD)
Website: ANPD
Overview: PIPEDA applies to the private sector and governs the collection, use, and disclosure of personal information during commercial activities.
- Consent: Organizations must obtain consent before collecting personal data.
- Access and Correction: Individuals can request access to and correct their personal data.
- Office of the Privacy Commissioner of Canada
Website: Privacy Commissioner of Canada
Overview: Japan’s APPI regulates the handling of personal data and includes provisions on data transfers, consent, and individual rights.
- Consent: Explicit consent must be obtained for data processing.
- Cross-border Transfers: Specific regulations govern the transfer of personal data overseas.
- Individual Rights: Rights to access and correct personal data.
- Personal Information Protection Commission (PPC)
Website: PPC Japan
Overview: PIPA is South Korea’s primary data protection law and one of Asia’s most stringent, imposing obligations on data controllers and processors.
- Consent: Data subjects must provide informed consent.
- Data Transfer: Cross-border transfers of data are tightly regulated.
- Individual Rights: Right to access, correction, and erasure.
- Personal Information Protection Commission (PIPC)
Website: PIPC Korea
Overview: The Privacy Act 1988 governs the handling of personal information by Australian government agencies and private organizations.
- Australian Privacy Principles (APPs): Establishes the framework for handling personal data in Australia.
- Consumer Rights: Right to access and correct personal information.
- Cross-border Transfers: Regulations around transferring data outside of Australia.
- Office of the Australian Information Commissioner (OAIC)
Website: OAIC
Overview: POPIA governs the processing of personal information in South Africa and provides protections for individuals’ data.
- Data Subject Rights: Includes the right to access, correction, and deletion of personal data.
- Consent: Requires explicit consent for processing personal data.
- Information Regulator
Website: Information Regulator
Overview: Kenya’s Data Protection Act provides the legal framework for the processing of personal data and outlines the rights of individuals.
- Data Subject Rights: Right to access, correct, and delete personal data.
- Cross-border Transfers: Data transfers outside of Kenya require safeguards.
- Office of the Data Protection Commissioner
Website: ODPC Kenya
Overview: The PDPA regulates the processing of personal data in Malaysia, particularly in the context of commercial transactions.
- Consent: Consent must be obtained before processing personal data.
- Data Subject Rights: Right to access, correct, and withdraw consent for data processing.
- Personal Data Protection Department (PDPD)
Website: PDPD Malaysia
Overview
Argentina’s data protection law covers personal data processing and ensures the privacy of individuals' personal data. This law includes the concept of personal data protection and lays out clear guidelines for data processing and subject rights.
- Consent: Data subjects must provide explicit consent for data processing.
- Rights: Includes the rights to access, rectification, erasure, and portability of personal data.
- National Directorate for Personal Data Protection
Website: Argentina - DPDP
Overview
Mexico’s law regulates the handling of personal data by private entities and offers rights to individuals regarding their personal data, including the right to access, correction, cancellation, and opposition.
- Consent: Explicit consent is required for data processing.
- Rights: Individuals have the right to access, correct, delete, and oppose processing of their personal data.
- National Institute for Transparency, Access to Information and Personal Data Protection (INAI)
Website: INAI Mexico
Overview
The UK’s DPA 2018 is the implementation of GDPR for the UK after Brexit. It governs how personal data is processed and the rights of individuals to protect their privacy.
- Rights: Right to be informed, access, rectify, erase, and object to processing.
- Information Commissioner’s Office (ICO)
Website: ICO Official Website
Overview
Singapore’s PDPA regulates the collection, use, and disclosure of personal data. It governs how private sector organizations process personal data.
- Consent: Organizations must obtain consent before collecting personal data.
- Rights: Includes rights to access, correction, and withdrawal of consent.
- Personal Data Protection Commission (PDPC)
Website: PDPC Singapore
Overview
The UAE’s new data protection law came into effect in 2022, strengthening privacy protections in line with international standards like GDPR.
- Consent: Explicit consent is needed for data collection.
- Cross-border Transfers: Regulates how personal data is transferred across borders to ensure proper protection.
- UAE Data Protection Office
Website: UAE Government
This document serves as a reference to help understand the privacy laws in various countries. For more detailed information, please refer to the official links provided for each country’s respective authorities and regulations.
This section provides a comprehensive list of privacy protection resources, organizations, and tools that help individuals protect their personal data and exercise their privacy rights. These resources include nonprofit organizations, legal entities, opt-out tools, and more, focusing on data privacy, digital rights, and consumer protection.
-
Center for Digital Democracy (CDD)
A nonprofit organization that advocates for privacy rights and provides detailed reports and tools to help consumers understand and protect their digital privacy.
Official Website -
Privacy International
A global nonprofit that works to defend and promote the right to privacy. They provide extensive resources, research, and advocacy on data protection and privacy laws worldwide.
Official Website -
American Civil Liberties Union (ACLU)
A nonprofit that focuses on defending individual rights, including digital privacy rights. The ACLU provides educational resources, legal advocacy, and privacy protection tips.
Official Website -
The Privacy Rights Clearinghouse
A nonprofit that offers detailed information on a wide range of privacy issues, including opt-out guides, data broker opt-out lists, and how to exercise your rights under various privacy laws.
Official Website -
National Consumer Law Center (NCLC)
NCLC offers legal guidance and advocacy on consumer privacy rights, including helpful guides for understanding data privacy laws and how to protect yourself from data brokers.
Official Website -
Consumer Federation of America (CFA)
The CFA provides consumer advocacy on various issues, including data privacy, and offers resources on how to protect your personal information from data brokers and other entities.
Official Website -
Fight for the Future
A digital rights group that defends privacy, freedom of expression, and internet access. It provides resources to help individuals protect their personal information and online privacy.
Official Website -
Access Now
An international nonprofit that advocates for digital rights, including privacy rights, and works on global issues like data protection and surveillance. They offer useful guides on how to protect personal data.
Official Website -
Digital Rights Ireland (DRI)
A nonprofit organization focused on protecting privacy and data protection rights for individuals in Ireland, with resources on how to opt out of data broker databases.
Official Website -
The Future of Privacy Forum (FPF)
A think tank that provides research and resources on privacy and data protection laws. They focus on how privacy can be preserved in a modern digital landscape.
Official Website -
European Digital Rights (EDRi)
EDRi is a European nonprofit that advocates for digital rights, focusing on privacy, data protection, and surveillance issues. They offer reports, guides, and resources on digital privacy laws.
Official Website -
Open Rights Group (ORG)
A UK-based nonprofit that advocates for digital rights and privacy, ORG provides resources and campaigns aimed at protecting online privacy.
Official Website -
Data Protection Commission (DPC)
The Irish Data Protection Commission provides resources and official information on GDPR compliance and data privacy issues for individuals living in the EU or dealing with EU organizations.
Official Website
-
Opt-Out Pre-Screen
A service that allows individuals to opt-out of pre-approved credit offers and reduce the exposure of their data to third-party marketers.
Official Website -
DMAchoice
A service offered by the Data & Marketing Association, which lets consumers opt-out of receiving unsolicited mail and marketing offers from participating companies.
Official Website -
National Do Not Call Registry
Managed by the Federal Trade Commission (FTC), this registry allows consumers to opt-out of receiving unsolicited sales calls.
Official Website -
Your Choice Privacy
A service that helps consumers opt-out of data broker lists and provides tools for individuals to manage their privacy preferences.
Official Website
-
Consumer Reports – Privacy Protection
Offers tools and guides on how to protect yourself from data brokers and manage privacy settings across different platforms.
Official Website -
Electronic Frontier Foundation (EFF)
A nonprofit organization that works to protect digital privacy rights, providing a wealth of information on protecting personal data.
Official Website -
Privacy Shield Framework
Although specific to international data transfers between the European Union and the U.S., the Privacy Shield framework outlines important privacy principles for companies handling personal data and can help consumers understand cross-border data protection.
Official Website -
Digital Rights Watch
A non-profit organization that provides resources, legal guidance, and advocacy around data protection, freedom of expression, and surveillance.
Official Website
-
Digital Privacy Guide – ACLU
The ACLU provides digital privacy guides to help you safeguard your personal data from third-party tracking and data brokers.
Official Website -
MyData Global
A nonprofit network that promotes human-centric data management practices, offering tools and resources to help individuals manage their data privacy.
Official Website -
Stop Data Brokers – Privacy Rights Clearinghouse
A guide from the Privacy Rights Clearinghouse to help consumers stop data brokers from collecting and selling their personal data.
Official Website
These resources provide a broad spectrum of information, tools, and advocacy to help you protect your personal data and exercise your privacy rights effectively. Whether you're seeking to opt-out of marketing databases or better understand global data protection laws, these resources can be instrumental in your data protection journey.
Understanding the different categories of sensitive data is crucial for ensuring privacy and compliance with various regulations. Below is an overview of key data classifications, their definitions, examples, and associated regulations.
Definition:
Information that can be used to identify an individual, either on its own or when combined with other data.
Examples:
- Full name
- Social Security number (SSN)
- Email address
- Phone number
- Home address
- Date of birth
- Passport number
- Driver’s license number
Regulations:
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
- Federal Trade Commission (FTC) regulations
Definition:
A subset of PII that includes medical and health-related data created or collected by healthcare providers or health plans, protected under U.S. law.
Examples:
- Medical records
- Test results
- Health insurance information
- Billing information
- Diagnoses and treatment plans
- Prescriptions
Regulations:
- Health Insurance Portability and Accountability Act (HIPAA)
Definition:
Information related to payment card transactions and is governed by the Payment Card Industry Data Security Standard (PCI DSS).
Examples:
- Credit card numbers
- Cardholder name
- Expiration dates
- Card Verification Value (CVV)
- PINs and magnetic stripe data
Regulations:
- Payment Card Industry Data Security Standard (PCI DSS)
Definition:
A subset of PII that requires higher levels of protection due to its potential impact if disclosed.
Examples:
- Racial or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Sexual orientation
- Genetic and biometric data
Regulations:
- GDPR (Article 9 – special category data)
- CCPA (as "sensitive personal information")
Definition:
Information collected by financial institutions that is not publicly available.
Examples:
- Bank account numbers
- Transaction history
- Income and credit scores
Regulations:
- Gramm-Leach-Bliley Act (GLBA)
Definition:
Information the U.S. government creates or possesses that requires safeguarding or dissemination controls, but is not classified.
Examples:
- Export control data
- Law enforcement sensitive data
- Critical infrastructure information
Regulations:
- NIST SP 800-171
- CUI Federal Regulation (32 CFR Part 2002)
Definition:
Information provided by or generated for the U.S. government under a contract, not intended for public release.
Regulations:
- Federal Acquisition Regulation (FAR) 52.204-21
Definition:
PHI that is created, stored, transmitted, or received electronically.
Regulations:
- HIPAA Security Rule
Definition:
A core component of PCI DSS, it includes information such as the primary account number (PAN), cardholder name, and expiration date.
Part of:
PCI data set
Regulations:
- PCI DSS
Definition:
Technical data that falls under U.S. export control laws like ITAR (International Traffic in Arms Regulations) or EAR (Export Administration Regulations).
Examples:
- Defense-related technical specifications
- Dual-use technologies
Regulations:
- ITAR, EAR
Definition:
Includes classified and unclassified sensitive data relevant to national defense systems.
Regulations:
- Department of Defense standards
- NIST SP 800-53
Definition:
Similar to NPI, used mainly in financial sectors to describe personal financial records.
Regulations:
- GLBA
Definition:
Non-personal, proprietary business information that must be protected from unauthorized disclosure.
Examples:
- Trade secrets
- Supplier and pricing data
Regulations:
- Varies by jurisdiction and contract law
- Data Minimization – Only collect the data you need.
- Encryption – Use encryption for both data at rest and in transit.
- Access Control – Implement strict access rights and role-based permissions.
- Audit and Logging – Maintain detailed logs of access and changes to sensitive data.
- Regular Security Assessments – Conduct regular audits and vulnerability scans.
- Incident Response Plans – Be prepared with a clear plan in the event of a data breach.
- Training and Awareness – Educate staff on data privacy and security practices.
For more detailed information on each data classification and its associated regulations, please refer to the respective regulatory bodies and standards.
Developers play a vital role in protecting user privacy. Whether you're building apps, websites, or platforms, integrating privacy-focused tools and understanding the data flow is essential. Below you'll find SDKs, APIs, and privacy compliance tools, along with guidelines on how to assess their data collection practices.
As developers, it's crucial to integrate privacy features into your applications to ensure compliance with data protection regulations and to respect user privacy. Below are SDKs and APIs that can assist in implementing privacy features:
- Features:
- Send erasure requests (
gdprForgetMe) to comply with GDPR and similar regulations. - Manage third-party data sharing preferences.
- Provide consent data to platforms like Google for compliance with the Digital Markets Act.
- Implement privacy features in mobile applications.
Official Documentation
- Send erasure requests (
These tools are designed to help you comply with regulations like GDPR, CCPA, and others by offering privacy controls, consent management, and data erasure functionality.
- Use Cases: GDPR compliance, consent management, data portability.
- Key Features:
gdprForgetMe()method for deleting user data.- Ability to disable third-party sharing and tracking.
- Supports consent flow for Digital Markets Act (DMA) and GDPR.
- Docs: Adjust SDK Documentation
- Use Cases: Cookie compliance, global privacy management.
- Key Features:
- Manages consent across jurisdictions.
- SDKs for web, iOS, Android.
- Automates compliance reporting and audit trails.
- Docs: OneTrust Developer Portal
- Use Cases: Code-level data mapping, privacy impact analysis.
- Key Features:
- Scans repositories for personal data usage.
- Automatically detects third-party SDKs and APIs.
- Helps generate compliance reports.
- Docs: Privado Documentation
- Use Cases: Automated data subject request (DSR) handling.
- Key Features:
- API-driven consent and deletion flows.
- Integrates with databases and SaaS platforms.
- Supports CCPA, GDPR, and CPRA.
- Docs: Transcend API Docs
- Use Cases: Cookie consent, regulatory compliance.
- Key Features:
- Easy-to-implement banners.
- Supports over 40 privacy laws.
- Auto-blocks third-party cookies until consent is obtained.
- Docs: Osano Docs
Before integrating any SDK or API, it’s important to understand what user data it collects, processes, and shares. Here’s how to evaluate that:
- Look for "Privacy" or "Data Use" sections in SDK/API documentation.
- Check for references to:
- PII (Personally Identifiable Information)
- Device identifiers (e.g., IDFA, Android Advertising ID)
- Behavioral data (e.g., clicks, page views)
- Analyze data transmitted by SDKs using:
- Charles Proxy
- Wireshark
- mitmproxy
- Identify network requests made by the SDK or API to external servers.
- Use tools like:
- MobSF (Mobile Security Framework)
- Privado.ai
- Exodus Privacy (for Android APKs)
- Detect permissions requested and endpoints accessed by SDKs.
- Compare what the vendor claims in their privacy policy vs. what the SDK actually sends. Be cautious of discrepancies.
- Check GitHub or GitLab if the SDK/API is open source.
- Look for tracking code, analytics hooks, or third-party integrations.
- Search Reddit, Stack Overflow, or GitHub issues for:
- Privacy concerns
- Data leaks
- Compliance violations
- Contact the SDK/API provider for a Data Processing Agreement (DPA) or a list of subprocessors.
- Request a copy of their latest security or privacy audit.
Tip: Consider using a privacy impact assessment (PIA) template before introducing any third-party SDKs into production environments.
Artificial Intelligence (AI) can be a powerful ally in uncovering personal data that may be exposed online or stored by third parties. This section outlines how to use AI-powered tools and techniques to find, monitor, and manage your digital footprint effectively.
Google Dorking uses advanced search operators to locate exposed or indexed personal data. AI can enhance this process by generating highly targeted queries and analyzing search results.
"Your Name" site:linkedin.com"Your Email Address" filetype:pdf OR filetype:xls"Your Phone Number" site:peoplefinder.com
- Automate query generation based on your inputs.
- Analyze results to filter out irrelevant content.
- Prioritize links that are most likely to contain sensitive information.
These tools use AI to monitor and report on data exposure, breaches, and digital footprints:
- Have I Been Pwned – Checks if your email or phone number appears in known data breaches.
- Mine – Scans your inbox to detect companies holding your data and helps send deletion requests.
- Jumbo Privacy – Automates removal requests and adjusts privacy settings on your social media and other apps.
- Optery – Offers AI-powered automation for opting out of data broker sites and suppressing personal information.
This section provides a categorized list of OSINT (Open Source Intelligence) tools for various investigative, reconnaissance, and research purposes. These tools can aid in information gathering across multiple platforms including social media, domain info, IP data, geolocation, and more.
- Social-Searcher
- Twint
- Instagram-OSINT
- Facebook Graph Search (Legacy)
- LinkedIn Scraper
- TikTok OSINT Tool
- Sherlock
Before using these tools, consider the following best practices:
- Only investigate your own data. Never use these tools to monitor others without consent.
- Follow each platform’s terms of service and respect applicable privacy laws.
- Avoid doxing, surveillance, or unauthorized data gathering.
- Log and document your findings to ensure accountability and manage follow-ups such as opt-outs or data deletion requests.
- Use these tools ethically and within the legal boundaries of your jurisdiction. Always respect privacy and terms of service.
Leverage AI not only to discover exposed data but also to:
- Set up automated alerts for future breaches.
- Use AI-generated templates for GDPR, CCPA, or PIPL deletion requests.
- Organize a privacy dashboard to track what data is where and how it's being used.
For corrections, inquiries, or feedback, please reach out via LinkedIn. We also welcome contributions to improve the guide and encourage you to share your experiences in removing your information from data brokers.