You can’t fully scrub yourself from the internet. A little bit of you will always linger, whether it’s in data-broker databases, on old social media you forgot about or in the back of someone else’s vacation photos on Flickr.
That’s no reason to give up! You can absolutely take steps to protect your privacy by cleaning up things like your Google results. For the best results you’ll need time, money, patience, and to live in a country or state with strong privacy laws.
This week’s Ask Help Desk question is all about the data brokers: “How do I get my information deleted from data aggregators?” asks Jennifer Swindell, from Sagle, Idaho. But first, we’re going to take a step back and start with something a little more public.
Checklist: What to do if you’re being harassed online
Google is what most people think of when they worry about their data online. The search engine is the largest index of websites, but it’s often just the messenger. Know that anything you manage to remove from a search result will likely still live on the site hosting it unless you also get them to take it down. You’ll want to ask those sites to remove it as well.
First, Google yourself. Keep a list of where your information is popping up and specifically look for anything personal, like your address or phone number, any kind of identification details (driver’s license number) or other information you find inappropriate. Combine your name with your address or phone number in the search field.
Google recently added a form where you can request it take down certain results or information, including explicit photos if they are fake, posted without your consent, or just randomly showing up for your name and don’t depict you. There’s an option to take down information that could be used for doxing you, such as ID numbers, financial information, medical records, your physical address and other contact information.
Opt out, opt out some more
Now that the cosmetic requests are done, its time for data brokers. There are hundreds of data brokers in the United States, and you can find lists at organizations like Privacy Rights Clearinghouse. To start, let’s practice on big names such as Acxiom, CoreLogic, Epsilon Data Management, Equifax, and Experian. You can opt out of letting these sites share your data, and in some cases you can request that they delete it. Naturally, each site has different hoops you have to jump through, such as sending an email, filling out a form, mailing or faxing a letter, or confirming your identity.
As with Google results, removing your information from data brokers doesn’t mean it isn’t still out there, and asking them not to share it doesn’t mean other sites aren’t already in possession of it. They got it from myriad sources, including apps you’ve willingly installed on your phone, your browser or websites you’ve visited, your shopping history and public records. The information can be used to target ads or bubble up in public facing people-search sites.
Limit what you put online
The best move is to limit what information about you exists online to begin with. Use our Privacy Reset Guide to turn on strong privacy settings for the main apps or devices you use regularly, including your smartphone, banking and social media sites. If you post to social media, be careful about what kind of information you share and make sure your settings are set to private if possible.
Privacy Reset: A guide to the important settings you should change now
Use a privacy-focused browser and search engine, and look for a global privacy control option or a setting to prevent cross-site tracking. Avoid signing up for anything that could result in your personal information being shared anew like surveys. Delete any applications you don’t use (or trust) from your computer, smartphone and tablet.
In 2020, the California Consumer Privacy Act (CCPA) went into effect, giving residents of the state more options for protecting and deleting their data. As part of the law, companies are required to delete your personal data upon request, though you’ll have to confirm your identity. Some companies have gone ahead and made this option available to people living anywhere in the United States, while others only do it for residents of California. (You can also request a copy of your data, or that a company not sell your personal information, with this law.)
To get you started on your first CCPA requests, Help Desk’s Tatum Hunter has created a guide.
How to ask a company to delete your personal data
Use a third-party service
If you didn’t know it before starting this article, you now know how much work it takes to truly stay on top of deleting your personal information. There are paid services that can do much of the removal for you, and are a good option if you’re worried about your personal safety (even they admit some data is out of their control).
DeleteMe starts at $69 a year and offers to regularly scan data brokers and websites for your personal data and requests that it be removed. OneRep is a similar tool that starts at $8.33 a month. If you’re worried about identity theft, you can sign up for Norton’s LifeLock. The app Jumbo attempts to maximize your privacy settings across apps, and has free and paid versions. AccountKiller is a tool for deleting your old online accounts.
There are also some centralized opt-out sites you can visit, like the FTC’s Do Not Call Registry and OptOutPrescreen.com.
Doug MacMillan contributed to this report.