We recently connected with Cloaked CEO Arjun Bhatnagar to get his take on personal data, data brokers and the steps individuals can take to protect their privacy.

NCA: What is considered personal information and why is it important to protect it? 

Arjun: Personal information is really any piece of data that can help identify who you are, your preferences, your actions, your location and more. Today, these data points are aggregated and used by big tech, marketers, governments and other entities to track, target and influence us. Oftentimes, these entities hold up a distorted mirror that impacts how we perceive ourselves and the actions that we take, while putting our safety and security at risk.  

A phone number is a perfect example of why it is so important to protect our personal data and start to rethink what and how we share personal information. Most people don’t realize that their phone number can be used to unlock access to so much more personal information, including one’s social security number, address, email, family member names and other details. 

Our phone numbers often don’t change for years at a time and we use them with everyone from Domino’s Pizza to the IRS. They provide a simple link to the rest of our lives that is a significant contributor to spam and scams. 

We set up a hotline – 855.75.CLOAK – last year to help people better understand what information can be found publicly with just one piece of data – their phone number. It’s shocking to many when they hear their address or last four digits of their social security number read back to them.  

NCA: What are data brokers, and why are they significant? 

Arjun: Data brokers are companies that aggregate, buy and sell data. They work without transparency or consent, making personal data more vulnerable to identity theft, fraud and large-scale breaches. And they are growing at an alarming rate.  

Data brokers gather data from both online and offline sources, often without direct interaction with the individuals whose data they are collecting. They collect a wide range of personal details, including PII/SPI (name, phone number, SSN, details about family and associates etc), demographics (age, gender), financial status (income, credit score), health records, interests, movement behavior, purchasing habits, and even deeply personal information such as religion or smoking habits.  

Their ability to track online activities across platforms and devices to map out detailed digital identities – and sell, resell and sell your data again – makes them extremely profitable. It also makes them invaluable to organizations seeking your personal details for marketing purposes or bad actors for malicious activities. 

Between the rise in major data breaches (more than 1 billion sensitive data points were leaked in 2024 alone!) and a lack of regulations, we’re reminded daily of how critical it is to take steps to protect data from these and other aggregators. This means we need to start shifting from passive sharing to the intentional guarding of our personal information. We need to build new habits and start using tools that help to anonymize and poison our data.

NCA: What is data poisoning? 

Arjun: Data aggregators like data brokers are able to understand who we are and what we do because they pull data points from multiple sources. These sources need to be constantly updated with new information that links back to what they already know about us.

But, when you start to use information that doesn’t connect to what they currently have on you, it starts to break up those patterns and links. The new, indecipherable information poisons the existing data pool – breaking connections to you and your online identity. This starts to immediately improve your privacy.

Steps you can take to start poisoning your data include using tools like password managers, VPNs and virtual identities to mask personal information. You can also say no to cookies and employ data removal services. Data removal services, in particular, make it easy to clean up your past sharing by automatically removing data from online spaces.

NCA: How can consumers tell if a company takes their privacy seriously? 

Arjun: Companies continue to be hungry for our data. They want more to target you better and hopefully convert sales, engagement and other results that positively impact their bottom line. However, the more data they have on you, the more at risk they put your privacy. I encourage you to take a close look at your favorite companies’ privacy policies and security measures to get a sense of how serious they take your data.  

Consider whether the privacy policy is easy to find and easy to understand – does it seem like they want you to know what they do with your data? Look for details about whether they share or sell information to third-party buyers (like data brokers) which will weaken your privacy and create additional risk.  

Dig a little deeper to understand what security protocols your favorite sites have. Do they make a point to talk about how they protect your data? Is your data end-to-end encrypted or are there other terms in place to keep your data safe.  

And if you don’t have the time to do these things or perhaps you can’t find them, simply consider the type of information they are asking you to provide. Does it seem appropriate or is it unnecessary based on the service being provided? Are you being retargeted by the brand even though you didn’t share any information with it? These are all signs that your favorite sites may not be respecting your privacy or putting your safety first.  

NCA: What steps can consumers take to protect against emerging technology like AI and biometrics? 

Arjun: It’s important to start understanding that keeping our data secure is critical to our safety. And that keeping it safe requires permanently shifting how we interact in the world, what we choose to share and with whom we choose to share our information.  

New technologies like AI and biometrics mean that the data we share can now be scraped and organized faster, while the most personal of details – our fingerprints, the contours of our face and eyes – are in the digital hands of others. Oftentimes, in the hands of people and organizations that are using our data for personal gain – financially, politically, socially and otherwise – to influence the actions we take.   Until regulations are in place or privacy becomes a central tenet of new technologies entering the market, we can create new habits to help stay in control of our data:

• Get comfortable with saying no. Just because someone asks for personal information, doesn’t mean we have to share it. If you’re shopping at your favorite, new store or arriving for a dinner reservation at a new hot spot and they ask for your phone number, say no. While you’re at it, if you just had a baby or you’re now proud grandparents, resist the urge to share the birth announcement online. And most definitely make sure to select “reject all” when those cookie preferences pop up while navigating the internet.

• Discover easy-to-use privacy tools – and start using them. There are a range of tools, apps and web extensions that can help to give you peace of mind. First, ensure security settings are turned on at all times on all of your devices. Then look for services that can help you mask your real contact details like phone numbers and emails. Utilize data removal services and password managers. Consider signing up for identity theft insurance that can give you peace of mind should your data be a part of a breach or get into the wrong person’s hands.

• Educate yourself and share your wisdom. Knowing what breaches are occurring, what new tools are hitting the market and what your digital footprint looks like online are all great ways to start empowering yourself to take control of your data. By sharing with friends and family what you know, they too can get smart about ways to maximize their privacy and minimize their risk.

• Expect more. Now is the time to ask companies you support, services you use and sites you visit what their stance is on privacy and protecting your data. If you don’t see a privacy policy, ask them about it. If you want to know what security protocols they have in place, reach out to customer service. Demanding organizations protect your personal information is one major step to the change we need to see.