In an era where information is readily available at our fingertips, the rise of people search sites has sparked both curiosity and concern. They offer comprehensive personal information, ranging from address, contact details, to social media profiles and criminal records. However, with growing privacy concerns, many people wonder are these people search sites legit?

Short answer: Yes. They’re completely legit. By delving deep into the relevant legal frameworks that underpin people search services, we aim to have a clear understanding of whether they’re legit and how the established regulations may impact their operation and future development.

The emergence and legitimacy of people search sites

People search sites are online services that provide users with a variety of personal information about individuals. They allow easy access to detailed public information and compile it into a report. The information they’re dealing with naturally arouses our concern about their legitimacy. In fact, controversy has surrounded the people search industry since its inception.

Learn more: Sources of Data: Where do people search sites get their data

The birth of people search sites

To understand the people search industry, we delved into its history. Our research revealed that the inception of people search is inextricably linked to data brokers, an often-overlooked yet crucial entity.

Data brokers are companies that collect, analyze, and sell personal information. According to the Federal Trade Commission (FTC), people search is one of the products offered by the data broker industry.^[1] Some data brokers operate their own people search products, while others sell information to people search companies.

Data brokers emerged in the early 1950s. Their rapid growth is closely tied to the expansion of the internet and technology, as well as the emerging value of personal information in the digital age. Government digitization of public records, the explosion of online activity, and the rise of social media platforms all contributed to a surge in easily accessible, collectible, and analyzable personal data. Meanwhile, businesses and individuals had a growing need for personal information. All of these factors drove personal information to become a big business and data brokers became key players in the “Big Data” economy. 

This flourishing data broker landscape fueled the growth of the people search industry. In the early 1990s, people search websites offered basic search functionalities for people to seek old friends and relatives. As technology advanced and the Internet became more common, people search services digitized the entire search and transaction process. Users can now search online and get reports directly, resulting in the people search sites you see today.

Legitimacy of people search sites

Having established the crucial role data brokers play in the people search industry, and their broader impact on privacy, we now turn our attention to the question of whether there are laws in place to limit data brokers. However, we encounter a surprising reality: the United States lacks a comprehensive federal law governing data brokers and consumer privacy. As a result, states and industries establishing their own rules to protect consumer privacy. Additionally, individuals have different rights and obligations, and the understanding and regulation of personal information collection, usage, and disclosure vary by state. 

Fortunately, more and more people, including governors and experts, are realizing the importance of data privacy. On June 3, 2022, the United States Senate and House of Representatives released the draft of the American Data Privacy and Protection Act (ADPPA). This bill represents the first comprehensive federal privacy protection proposal to gain bipartisan support in both chambers of Congress. The ADPPA aims to establish a robust national framework for safeguarding personal data.

However, the ADPPA draft faces controversy, and its approval remains uncertain. Currently, the backbone of US consumer privacy protection is a patchwork of industry-specific regulations and state laws. After reviewing relevant regulations and personally using people search products, we identified most relevant bills directly impacting people search sites, which can help determine whether a people search site is legit. 

• Drivers Privacy Protection Act (DPPA)
• Fair Credit Reporting Act (FCRA)
• California Consumer Privacy Act (CCPA)

Drivers Privacy Protection Act (DPPA)

The Driver’s Privacy Protection Act (DPPA) is a United States federal law enacted in 1994 to safeguard the personal information of licensed drivers in Departments of Motor Vehicles (DMV) records.

The DPPA was a reaction to the leak of drivers’ personal information held by the government after a series of vicious incidents. In those days, individuals could track someone with license plate numbers to receive the name and accurate address. People were stalked, harassed, hurt, and even killed by someone who obtained their personal information through DMV.

The DPPA ultimately passed in 1994. In 1999, the “Shelby Amendment” required the state DMV must obtain the driver’s consent before releasing any personal information. No matter whether the information is requested for individual or bulk marketing purposes. 

The DPPA restricts the disclosure of personal details including:

The DPPA only allows authorized organizations with permitted uses to obtain driver’s information. This act protects the personal information of licensed drivers from improper use or disclosure. 

There is some information, however, that can be released even without the driver’s consent. This information is part of public records:

• Driver’s traffic violations
• License status
• Accidents

Impact on people search services

Before DPPA was passed, people search services and licensed investigators often relied on DMV data to find individuals. Since DPPA restricted access to this data, people search companies couldn’t get personal information from the DMV, and they had to use other public records and data sources as alternative methods. They faced more challenges in collecting data and compiling information on individuals, in fact, the accuracy of their information also declined simultaneously. 

Legitimate people search sites now avoid advertising that they can find car owners using license plate numbers or VIN numbers, as this would violate the DPPA. Only illegal sites or scam pages make such claims. But you may find individual traffic records in a legitimate people search report.

Fair Credit Reporting Act (FCRA)

In our research, we found the Fair Credit Reporting Act (FCRA) to be the most important law for determining the legitimacy of a people search site. It is a federal law in the United States that protects your personal information, especially your credit history. Credit Reporting Agencies (CRAs) like Equifax, Experian, and TransUnion collect and maintain information about your creditworthiness. The FCRA ensures the accuracy, fairness, and privacy of this data.

Here’s what FCRA does for CRAs:

• Standardizes practices: FCRA sets rules for how CRAs collect, analyze, and report your credit information.
• Protects your privacy: FCRA limits who can access your credit report and prevents unauthorized parties from posing as CRAs.
• Empowers you to control your information: FCRA allows you to dispute errors in your credit report and ensures corrections are made.

The FCRA also indirectly influences the people search industry due to the complex relationship between CRAs and data brokers. Some agencies serve as both CRAs and data brokers, but not all data brokers are CRAs. The distinction between data brokers and CRAs can be blurred.^[2] As a result, people search companies might fall under FCRA regulations depending on the type of information they handle and how they sell it.

According to the FCRA, the people search industry operates separately from the business scope of CRAs. People search services cannot include FCRA-protected data in their reports, and the FCRA ensures that unauthorized parties cannot advertise or provide services as CRAs.

In fact, there are key differences between people search companies and Consumer Reporting Agencies (CRAs): 

Why data accuracy differs between CRAs and People search sites

CRAs collect data directly from creditors, lenders, and public records sources related to your credit history. They typically don’t include social media information or personal details outside of creditworthiness. This controlled environment allows them to verify information and maintain a high level of accuracy.

In contrast, people search companies primarily rely on publicly available information from various sources. This includes government records, social media profiles (if publicly viewable), and public directories. Because these sources aren’t always vetted or updated regularly, the accuracy of the data people search companies compile can be less reliable.

Learn more: Sources of Data: Where do people search sites get their data

Furthermore, FCRA empowers you to challenge any errors in your credit report. You can dispute inaccuracies with the reporting agencies (Equifax, Experian, TransUnion) and have them investigated and corrected if needed. This ensures your credit score reflects a true picture of your financial health.

People search companies, however, are not legally obligated to ensure data accuracy. While some sites allow you to provide feedback about the correctness of the information, many don’t. However, you do have the right to opt out of having your information listed on people search sites.

Impact on people search services

The Federal Trade Commission (FTC) is one of the primary enforcement agencies of the FCRA. The FTC oversees whether CRAs and related companies comply with FCRA regulations, ensuring proper collection, processing, storage, and distribution of information. The FTC has the authority to file lawsuits, impose fines, and enforce remedial measures for violations.

While the FCRA doesn’t directly govern the people search industry, people search companies need to consider FCRA regulations when gathering and displaying personal information online. This is because the FTC may classify some data brokers as CRAs if they meet specific criteria, such as:

• Gathering and analyzing consumer information relevant to credit, employment, tenant, or insurance purposes.
• Selling information that could impact a consumer’s eligibility for credit, insurance, employment, or tenancy.

FTC penalty cases

Case 1: In 2012, the FTC fined Spokeo $800,000 for violating the FCRA by selling personal information to employers for screening job applicants. This case marked the first time the FTC addressed the sale of Internet and social media data for employee screening.^[3]

Case 2: In 2014, the FTC fined Instant Checkmate and Info Track for violating the FCRA by providing consumer reports to potential employers and landlords without taking reasonable steps to ensure the accuracy of the reports.^[4]

Case 3: In 2023, FTC fined TruthFinder and Instant Checkmate $5.8 million for deceptive conduct and violations of the FCRA. The companies promoted the accuracy of their reports in online ads and other promotional materials, but TruthFinder and Instant Checkmate took no steps to verify the accuracy of the information.^[5]

The above cases show the FTC’s criteria for determining whether a data broker is a CRA is based on the use, publicity, and sales of the information. If a people search company uses information in a way that only a CRA is permitted to, the FTC may consider the company to be acting as a CRA, thereby requiring compliance with FCRA regulations. Non-compliance is illegal and subject to penalties.

While the FCRA addresses key transparency issues, data brokers for marketing and people search purposes largely operate in the dark. Fortunately, some states have attempted to address these issues, with California having some of the strictest laws.

California Consumer Privacy Act (CCPA)

As of 2024, 15 states in the United States have enacted comprehensive data privacy laws, with California standing out due to its strict and comprehensive legislation. The California Consumer Privacy Act (CCPA), passed in June 2018, was a direct response to the Facebook-Cambridge Analytica data scandal exposed in March 2018. The CCPA, which took effect in 2020, was the first comprehensive consumer privacy law in the United States. It grants California residents broad rights over their personal information, including the rights to access, delete, and opt out.

In 2020, the California Privacy Rights Act (CPRA) was approved, expanding upon the CCPA. The CPRA allows consumers to prevent businesses from sharing their personal data, correct inaccurate personal data, and limit businesses’ usage of “sensitive personal information.” It also introduced new requirements for data brokers.

The CPRA established the California Privacy Protection Agency (CPPA), a dedicated agency responsible for implementing and enforcing state privacy laws. In 2023, the CPPA approved the California Delete Act (SB 362)^[6], which further strengthened privacy protections, particularly regarding data brokers.

Key provisions of the California Delete Act:

1. By January 1, 2026, the CPPA will establish a free, simple method for consumers to delete their personal information with a single request.
2. Data brokers must register with the CPPA and provide relevant information.
3. Data brokers are prohibited from selling or sharing the information of a consumer who has previously requested deletion, unless the consumer requests otherwise.

California resident’s rights under CCPA and CPRA: 

1. Right to know: Residents have the right to know who is collecting their and their children’s information.
2. Right to control: Residents can control the use of their personal information.
3. Right to delete: Residents can delete their information from data brokers with a single, simple request.
4. Right to correct: Residents can correct inaccurate personal information that a business has about them.
5. Right to opt-out: Residents can stop data brokers from sharing or selling their information.

By providing residents with practical tools to manage their data and enhance privacy, these laws solidify California’s leadership in technology policy and consumer protection, making privacy protection no longer an empty promise. 

The CCPA and CPRA require people search sites to be transparent about the data they collect. Fortunately, many established companies like Intelius and BeenVerified already comply by showing the source of information in their reports. Additionally, ethical people search sites offer consumers options to opt-out or manage their data. As consumers, knowing our rights empowers us to identify non-compliant sites. This knowledge helps us avoid potentially dangerous websites and protects our privacy.

Why public records are open in the US

Public records are an important source of people search services. To unravel the legitimacy of these services, we seek to understand why a treasure trove of public records is legally open and easily accessible in the US. Our explorations began with the federal Freedom of Information Act to its state-level variations. Aiming to increase government transparency, these public records laws provide a high degree of accessibility to public records to any interested individuals or organizations, making it possible for information brokers like people search engines to mine public records and compile profiles on individuals.

This section will focus on the legal foundation that permits people search sites to aggregate vast amounts of public records. We’ll take a look at relevant federal and state public records laws, discussing what they are and how they evolved.

Freedom of Information Act (FOIA) 

– Federal law that grants public access to government records

The Freedom of Information Act (FOIA) is the most well-known public record law that guided access to U.S. national public records. It was initially part of the Administrative Procedure Act (APA) of 1946 and determined a broad discretion on the publication of governmental records at the very beginning. Thanks to the effort of U.S. House Representative John E. Moss, who spent 12 years advocating for its passage through Congress, FOIA was expanded and finally signed into a standalone act in 1966.

Designed to ensure public access to government records and promote transparency, FOIA allows individuals, including the media and organizations, to request information and documents from federal agencies, except where protected by exemptions. 

During its implementation, FOIA has been amended several times to improve access and address emerging challenges. For example, the Privacy Act of 1974 was introduced to safeguard individuals’ privacy following the Watergate scandal when public trust declined and concerns about privacy infringement by federal agencies grew.

It regulates the collection, maintenance, use, and dissemination of information about individuals maintained by federal agencies and allows people to access their own records and request amendments if they’re inaccurate, incomplete, or outdated. 

FOIA in the digital area (E-FOIA)

With the rise of digital technologies, FOIA has adapted to increase transparency and accountability. The Electronic FOIA (E-FOIA) Amendments of 1996 mandated that all agencies make documents available in electronic formats and distribute them digitally. 

Presidents like Barack Obama had also been committed to building a more open and transparent government, launching a series of initiatives to make government information more accessible to the public and empower consumers to make informed decisions by gaining control of their personal data. In 2016, Obama signed the FOIA Improvement Act, which required federal agencies to create online portals that allow anyone to make FOIA requests online.

Public records laws in different states

– Specific statutes governing the availability of local records

In addition to the FOIA, which only applies to federal agencies, many jurisdictions have introduced Freedom of Information legislation since the 1960s, often known as Open Records Act, Public Information Act, or Sunshine Laws.^[7] You can check for public records statutes in all US states. 

These state laws guarantee public access to local government records such as vital records, property records, court documents, and business filings, but they vary significantly in scope, exemptions, and procedures for accessing them. Some states provide broader access to government documents and meetings and make it easy to request and receive documents. Florida Sunshine Law is one of the most open public records laws in the country, allowing any records made or received by any public agency in the course of official business for inspection unless specifically exempted.

In contrast, some states may impose more restrictions, limiting access to specific records. Tennessee is relatively restrictive in public records access, with 48 categories of records like investigative records exempted.^[8] Here’s a detailed comparison of the exemptions in each state’s public records law. During our research, we also found some states reveal less data than others, and some (e.g. California) may charge fees to view certain types of records in full. Taking a closer look at each state’s legislations enabled us to better understand those differences.

The First Amendment and Common Law

– Robust foundation for public access to court records

The disclosure of court records is considered a fundamental aspect of the legal system, rooted in the First Amendment and Common Law, which emphasize transparency and accountability in the juridical system and allow public access to civil court records.

The First Amendment guarantees the freedom of speech and the press. Although it does not explicitly state public access to court records, the Supreme Court has interpreted it to include a qualified right of access to court proceedings and records.

The Common Law uploads a general presumption that court records should be open to the public, based on the idea that courts operate in the public interest and that transparency in judicial proceedings is essential for maintaining public confidence in the justice system. In the Nixon v Warner Communications, Inc. case in 1978, the Court acknowledged a general common law right of the public to inspect and copy court records.

Court records, including case files, judgments, and proceedings are generally public. However, some records like juvenile records, adoption proceedings, mental health commitment proceedings, etc, are usually kept confidential to protect the privacy and well-being of the individuals involved^[9]. The availability of court records will also be governed by statute or court regulations.

What information is considered public?

According to FOIA, public records are documents or pieces of information created or obtained by government agencies. They may encompass:

Government records

– Administrative records: organizational charts, official policies, manuals, and guidelines

– Financial records: budgets, audited financial statements, expenditure reports, contracts, grants, procurement records (bidding processes and awarded contracts)

– Personnel records: names, salaries, job titles, and employment history of public employees, employee benefits and pensions

– Correspondence: letters, emails, and other forms of communication between government officials and other entities

Legal records: court records, including dockets, filings, opinions, and judgments, arrest records, warrants, inmate records, mugshots, traffic citation

Property Records: real estate transactions, ownership deeds, land surveys and maps, building permits, lien records, property tax records

Business Records: business entity fillings, registered agency information, business name registration, changes in business names, ownership, or management

Public safety records: police reports, crime statistics, emergency response records, and inspection records

Environmental Records: environmental impact assessments, pollution control and monitoring reports

Vital Records: birth and death records, marriage records, divorce decrees
Vital records are not as freely accessible as other types of public records due to privacy concerns, and their availability varies by state. For example, for the majority of jurisdictions, only the person named in the record or their immediate family members can request birth records, and these records are usually made public after a certain amount of years (e.g. 75 or 100 years after birth).^[10]

Typically, all records held by the government should be public records, but the nine categories of information below are not subject to disclosure. Note that each state may have its own exemptions different from the federal versions.

In conclusion, public records are accessible to anyone, though their availability may vary by state. People search sites are able to collect them just like any citizen by searching the federal, state, or county databases that hold the records. You can acquire public records on your own if you’d like to devote some time and effort.

Beyond records maintained by the government, the information you publish online, knowingly or unknowingly, is usually public, for example, photos you publish on your open social media account or the contact information you share on your business profile. It’s not illegal for individuals or organizations to scrape this information, provided they use legitimate techniques and for legitimate purposes.

Conclusion

While people search sites might evoke privacy concerns, they operate within a robust legal framework that legitimizes their existence. They crawl legally accessible public records, adhering to the principles of open access to public records as stated in FOIA. As part of the data broker industry, they are also governed by regulations such as FCRA and various state or industry consumer privacy acts. These regulations aim to protect individuals’ privacy and prevent misuse of personal data, even as vast amounts of information are aggregated and available online. 

In the information-driven society, people search services can play a significant role in various legitimate purposes, from finding lost connections to verifying online identities. By knowing relevant laws and regulations, we, as consumers, may better understand how these services work and appreciate the balance between transparency and privacy.

References

1. Federal Trade Commission. (2014, May). Data Brokers: A Call for Transparency and Accountability(p.23). https://www.ftc.gov/system/files/documents/reports/data-brokers-call-transparency-accountability-report-federal-trade-commission-may-2014/140527databrokerreport.pdf↩
2. Federal Trade Commission. (2014, May). Data Brokers: A Call for Transparency and Accountability. FTC. https://www.ftc.gov/system/files/documents/reports/data-brokers-call-transparency-accountability-report-federal-trade-commission-may-2014/140527databrokerreport.pdf↩
3. Federal Trade Commission. (2012, June 12). Spokeo to Pay $800,000 to Settle FTC Charges Company Allegedly Marketed Information to Employers and Recruiters in Violation of FCRA. FTC. https://www.ftc.gov/news-events/news/press-releases/2012/06/spokeo-pay-800000-settle-ftc-charges-company-allegedly-marketed-information-employers-recruiters↩
4. Federal Trade Commission. (2014, April 9). Two Data Brokers Settle FTC Charges That They Sold Consumer Data Without Complying With Protections Required Under the Fair Credit Reporting Act. FTC. https://www.ftc.gov/news-events/news/press-releases/2014/04/two-data-brokers-settle-ftc-charges-they-sold-consumer-data-without-complying-protections-required↩
5. Federal Trade Commission. (2023, September 11). FTC Says TruthFinder, Instant Checkmate Deceived Users About Background Report Accuracy, Violated FCRA While Marketing Reports for Employee and Tenant Screening. FTC. https://www.ftc.gov/news-events/news/press-releases/2023/09/ftc-says-truthfinder-instant-checkmate-deceived-users-about-background-report-accuracy-violated-fcra↩
6. California Privacy Protection Agency. (2023, October 11). CPPA Applauds Governor Newsom for Approving the California Delete Act. California State Portal. https://cppa.ca.gov/announcements/2023/20231011.html↩
7. Jasutis, Jennifer. (2022, September 29). FOIA 101: Demystifying Public Records Laws in Each State. Granicus. https://granicus.com/blog/foia-101-public-record-laws-in-each-state/↩
8. Pierce, R. Douglas. (2018, December 21). Tennessee Open Government Guide, Reporters Committee for Freedom of the Press
   https://www.rcfp.org/open-government-guide/tennessee↩
9. Court Records and Proceedings: What is Public and Why? (2017, April 18). Connor Reporting. Retrieved November 13, 2019, from https://connorreporting.com/court-records-proceedings-public/↩
10. US Birth Certificates Team. (2023, July 19). Are Birth Certificates Public Records? State-by-State Rules. US Birth Certificates https://www.usbirthcertificates.com/articles/are-birth-certificates-public↩