Update 6/23: Intelius has responded to Leshner’s accusations, below.

The debate over what companies like Facebook and Google are doing with your personal data is in some respects a distraction from an even more dire threat to your privacy: Online data brokers.

The U.S. Federal Trade Commission has called for regulation of these companies, which sell large volumes of personal information to marketers or anyone with a credit card and $20 to spare. (In the latter capacity, they often bill themselves as “people search engines.”)

Data brokers are a problem, according to Robert Leshner, CEO of personal data protection startup SafeShepherd, because the data they gather and sell can be exploited by identity thieves and stalkers as well as marketers.

“I’ve seen police reports [on identity theft crimes] where thieves are using online data brokers’ databases as a screening layer,” says Leshner. “They’re finding people with a significant amount of information online, and from there they’re moving on to more powerful tools.”

Leshner has a vested interest in trumpeting the importance of online data hygiene, since the entire business of his startup SafeShepherd, launched last October, is helping people to delete the information held by data brokers. That said, running SafeShepherd has given him a broad view of the practices of the firms in the industry.

“The worst [data broker] is BeenVerified,” says Leshner. “We get more complaints about BeenVerified than any other data broker, by a factor of five.”

SafeShepherd has approximately 19,000 users, which translates to “multiple complaints a day” about BeenVerified, says Leshner. “It’s things like, ‘They didn’t honor an opt out request they told me they’d be honoring; the information is back on their site after it was previously removed,’ or ‘They asked me to pay money to remove records even though that’s not in their privacy policy.’”

Intelius, another data broker, also has ” a host” of issues, says Leshner.

Update 6/23: Intelius has responded to Leshner’s accusations by noting that all of the practices he claims they engage in (below) would be in violation of their privacy policy, and they categorically deny that they make it difficult for users to opt out of their service. Intelius also points to their TrueRep offering as an example of a more fine-grained option for managing how users’ data is managed, but more on that in a subsequent post.

“They try to make it impossible for people to remove information [from their database]. They have one of the most elaborate processes for removing it. You have to send photo identification to confirm who you are, and they’ll stretch you out over weeks and months before actually removing your records. Their assumption is that they can have a customer service person give you the runaround and the average consumer will give up.”

Not every data broker acts in bad faith, says Leshner. “Spokeo, who had issues with FTC made it easy,” he notes. Currently, however, the data brokerage industry is lobbying for self-regulation.

 Follow @Mims or get in touch