Advertisement

Your Personal Information Is All Over the Internet — and It's More Than Just a Financial Risk

Jennifer Billock
·9 min read
a hand touching phone screen with fingerprint icon
What You Need to Know About Data Collection SitesGetty Images

When I accepted this assignment about data collection sites and the privacy issues that they pose, I did a quick search of my own name. It was mostly out of due diligence, with a hint of curiosity — see, I thought I had scrubbed all of my personal information from the Internet after a lengthy period of stalking by an acquaintance, so I wasn't really expecting much to show up.

Imagine my shock when I saw all of my contact information — home address, emails, even my employment information — right there for anyone to find.

I’m not the only one that could be at risk of getting tracked down. A quick search on RocketReach — one of the buzzier data collecting sites out there right now — will yield information about virtually anyone you know. Go ahead, look up yourself or your best friend and see — results from other similar sites will also likely pop up, such as WhitePages.com and TruePeopleSearch.com. And unfortunately, it's a worrisome and tricky situation that's not as cut and dry as it seems.

“There is no law that prohibits companies from lawfully sharing data that you have given permission to do so,” said Gregory D. Moody, the director of the cybersecurity program at the University of Nevada, Las Vegas. So when you create an email address, that essentially gives the email provider "permission" to offer it up to data collection websites such as RocketReach.

And even if a site has a privacy policy, it’s not typically there to protect you, the consumer. “Privacy policies on many sites are not about keeping data private, unless stated as such. Many companies have a privacy policy, but it does not guarantee privacy, but rather simply has to state what the company does with the data, which may include selling your data. The U.S., federally, has no law that prohibits this kind of behavior,” Moody adds.

A bit of news earlier this year signaled what may soon be a widespread change at the state level when it comes to individuals' data and privacy. Five states — California, Colorado, Connecticut, Utah and Virginia — began to enforce statutes that put data privacy protection in the hands of the individual it belongs to, and the idea is that more states will follow suit.

These laws are modeled after Europe's General Data Protection Regulation (GDPR) approach, where "individuals effectively own their personal information and thus presumptively have the legal right to control it, and who can use it is a matter for them to decide," according to a report by Reuters.

What is RocketReach?

Given its nature, it's no surprise that Internet users are wondering whether or not RocketReach is a legitimate website. The simple answer is "yes:" RocketReach markets itself as a method for finding and making business connections. But it could also hand out your personal email and home address, which may be something you'd like to keep for just your friends and family.

RocketReach essentially gathers information from across the Internet or from a third party, according to its website. As such, it’s more focused on company details (you may see the full LinkedIn rundown on whomever you searched for) and business contact information. But anything you’ve ever shared online could be technically be mined by RocketReach — if you plugged in your address or personal email when creating an account on a social media site, for example. After all that data is gathered, the company compiles it and sells plans to people or companies who want to gain access to someone’s contact information.

“There is not much in terms of legal ramifications regarding privacy within the employment context, especially within the business prospecting market,” said Heather Federman, BigID’s Chief Privacy Officer.

internet security icons on blue and purple background
Getty Images

The privacy issue

If you searched and found your name and details online, you may have first asked yourself "why is my name on RocketReach?" But if there's a reason you don't want your personal information publicly and readily available for anyone to see (beyond the simple fact that it can feel very intrusive), that confusion may quickly turn to worry. And rightfully so.

Take my story, for example. More than a decade ago, a former acquaintance began harassing my friends, trying to convince them to talk to me on this person's behalf. When my friends refused, this person would spend hours circling my apartment building, pausing outside my unit to stare up at my window before driving away without making physical contact with me. A series of voicemails threatening to ruin my career finally prompted me to call the police, but they didn't think this person posed a "viable risk to my safety," so a restraining order was never issued.

In the wake of that response, I felt my only option was take matters into my own hands, so I attempted to disappear and make myself as invisible as I could; I blocked the acquaintance's number and email and had everyone I know do the same. I changed my email completely, signing up with a different service and creating a new username. I also moved — not just to another apartment, but to a whole new state.

All was well for a long while — about eight years, to be exact. Then, I got an email from a made-up address that I knew was from this person I had tried so hard to hide from. (It wasn’t hard to figure out who it was from; this person had just transposed a few letters in their name to use as the username.) The email contained my home address, and only my home address. Nothing else. I tried not to think about it too much — I knew it was a scare tactic — but I did wonder how they'd gotten ahold of both my new email (which I promptly blocked) and my new address.

A year or so after that, I moved again. And about halfway through my lease, I got another email. This one from another throw-away email address, with the same simple contents: my new home address. This time, I got nervous, so I searched my name online and was shocked at what I found. All of my contact info was plastered online for anyone to see, scattered across a series of websites such as WhitePages.com and one I hadn't heard of before at that point, RocketReach.co.

It felt like a major violation. Unwanted emails to your personal account aren't the only risk that websites like RocketReach pose. Some people, like me, have safety reasons for not wanting all of their personal and contact information out there.

“With the availability of information, risks will always abound,” Moody said, “particularly if you can link online info to offline info” by doxxing someone. Everything depends on how someone is using the site. It’s just a tool, Moody says, and can be used for good or bad purposes depending on the person doing the search.

a person holding a phone typing unsubscribe
Getty Images

How to remove your information from sites like RocketReach and WhitePages

All websites have a way for you to have your information deleted, and I went through that process for WhitePages.com and RocketReach.co. For WhitePages.com, it's a relatively simple five-step process that includes an automated phone call to ensure that it's "you." RocketReach, on the other hand, requires you to go through a process of "claiming" your profile (so removing your information isn't instantaneous) before you're able to go through another process of getting everything deleted.

But as I found (since my information resurfaced years later), it seems it's not a certainty that your info will go poof for good. As my situation shows, it's basically just a request. And not one they necessarily have to act on, due to the way privacy laws are written.

“Most of these sites have a good legal team, and they are well aware of each state and its relevant laws, when they apply,” Moody said. Also, “Most of the U.S. state privacy laws are ‘opt-out’ based, and this is a standard industry practice at this point,” Federman adds. “There would need to be some sort of real outcry from users, but I am not sure how many business folks would be that [mad] about this, other than getting annoyed they are receiving too many emails.” That is, of course, as long as the site is being used appropriately, as a business prospecting tool instead of a way to track down someone who doesn’t want to be found.

How to protect your information online

To be clear: It's very, very difficult to completely protect your personal information online. With social media, personal websites, networking sites like LinkedIn and even apps you download to your phone, it’s not that easy to be a ghost online. Plus, most of these sites have privacy policies that make data collection platforms completely legal.

“If you use something and it is free, like an app, then you are in fact the product,” Moody said. “That is why it is free. They offer it for free in trade for your data."

Still, the best thing you can do is try to be as careful as you can about what personal information you share online. Taking these smart privacy steps may help:

  • Make profiles private whenever possible.

  • Read the privacy policy for websites, email platforms and smartphone applications carefully if your safety is an issue (and consider not downloading that app or having a profile on that social site if the policy says your data is fair game).

  • Periodically search for yourself online and for each search result that turns up personal information, go through the process of removing those details. The process varies by website, but you can often find step-by-step instructions under the site's FAQ section, or right on the page that your data lives on.

  • Don't assume that requesting your personal information be removed will make it go "poof" forever. Even after you've successfully had your data deleted, continue to type your name into the search engine every so often to make sure it's still gone.

You Might Also Like