How to Opt Out of Data Brokers in Massachusetts

Massachusetts is home to nearly seven million residents whose personal information is actively collected, packaged, and sold by hundreds of data brokers. For years, the state relied on a patchwork of regulations to protect consumer data. That changed in 2025 when the Massachusetts Senate unanimously passed the Massachusetts Data Privacy Act (S.2608), a sweeping law that gives residents powerful new tools to control their personal information. Here is what Massachusetts residents need to know to opt out of data brokers and reclaim their privacy.

Massachusetts Privacy Laws: What Protects You

Massachusetts has historically been ahead of many states when it comes to data security, even before comprehensive privacy legislation arrived. Understanding the legal framework helps you know exactly what rights you can exercise.

201 CMR 17.00: Data Security Standards

Since 2010, Massachusetts has enforced 201 CMR 17.00, one of the earliest and most detailed state data security regulations in the country. This regulation requires any person or business that owns or licenses personal information of Massachusetts residents to develop, implement, and maintain a comprehensive written information security program. Key requirements include:

• Secure user authentication protocols including passwords, biometrics, or tokens
• Encryption for personal information transmitted across public networks and stored on mobile devices
• Firewall protection and up-to-date security software including malware protection
• Secure access control measures restricting who can view personal data
• Regular monitoring of security programs for effectiveness

While 201 CMR 17.00 is a strong data security law, it focuses on how companies protect data rather than giving consumers the right to delete it. That is where the new Massachusetts Data Privacy Act comes in.

The Massachusetts Data Privacy Act (S.2608)

In September 2025, the Massachusetts Senate passed the Massachusetts Data Privacy Act on a bipartisan vote of 40-0. This landmark legislation fundamentally changes the privacy landscape for Bay State residents by establishing comprehensive consumer data rights for the first time.

The law applies to all businesses that collect or process the personal data of 25,000 or more Massachusetts consumers or derive valuable consideration from the sale of personal data. Core consumer rights under the MDPA include:

• Right to know: You can find out what personal information a company holds about you
• Right to correct: You can demand that inaccurate data be fixed
• Right to delete: You can request deletion of your personal information
• Right to opt out: You can opt out of having your data sold to third parties or used for targeted advertising
• Right to data portability: You can obtain a copy of your data in a usable format

Sensitive Data Protections

The MDPA goes further than many state privacy laws by banning the sale of sensitive data entirely. This prohibition applies to all entities, including businesses and nonprofits, and covers categories such as health data, biometric information, precise geolocation, and data revealing racial or ethnic origin, religious beliefs, or sexual orientation.

Enforcement

The Massachusetts Attorney General has broad regulatory authority to enforce the MDPA. Notably, the law also establishes a private right of action, meaning individual consumers can pursue legal claims against companies that violate their data privacy rights. A violation of the law with respect to a consumer's personal data constitutes a legally recognized injury to that consumer.

Major Data Brokers Targeting Massachusetts Residents

Dozens of data brokers actively collect and sell personal information about people living in Massachusetts. Here are the most common ones and their opt-out processes:

People-Search Sites

• Spokeo: Visit spokeo.com/optout, search for your listing by name, and submit a removal request with your email address. Removal typically takes 24 to 48 hours.
• BeenVerified: Go to beenverified.com/f/optout/search, locate your listing, and submit the opt-out form. You will need to verify via email. Processing takes up to 24 hours.
• Whitepages: Visit whitepages.com/suppression-requests, find your record, and follow the removal steps. Verification is done via phone call.
• Radaris: Navigate to radaris.com/control/privacy, create an account, and submit removal requests for each listing.
• TruePeopleSearch: Visit truepeoplesearch.com/removal, find your listing, and submit the removal form. No account required.
• FastPeopleSearch: Go to fastpeoplesearch.com/removal, locate your record, verify by email, and wait for confirmation.
• Intelius: Visit intelius.com/opt-out, search for your record, and submit the opt-out form with email verification.

Data Aggregators and Marketing Brokers

• Acxiom: Submit an opt-out request at isapps.acxiom.com/optout
• LexisNexis: File a consumer disclosure request at consumer.risk.lexisnexis.com
• Epsilon: Email optout@epsilon.com with your full name and mailing address
• Oracle Data Cloud: Visit oracle.com/privacy and follow the opt-out process for marketing data
• Equifax, Experian, TransUnion: While regulated under the FCRA, you can freeze your credit reports and opt out of prescreened offers at optoutprescreen.com

Step-by-Step Manual Opt-Out Process

If you want to handle data broker removals yourself, follow this structured approach:

1. Search for yourself online: Google your full name in quotes along with your city (e.g., "Jane Smith" Boston MA). Note every data broker site that appears in the results.
2. Create a dedicated opt-out email: Set up a separate email address used only for opt-out requests. This prevents your primary email from being harvested by the same sites you are trying to leave.
3. Visit each broker's opt-out page: Follow the specific process for each site. Some require email verification, others need phone verification, and a few still require requests by mail. Keep a spreadsheet to track every submission.
4. Verify removals: Check back in one to two weeks to confirm your listings were actually removed. Some brokers process requests faster than others.
5. Set up recurring checks: Add a calendar reminder every 60 to 90 days to repeat the process. Your data will reappear because brokers continuously refresh their databases.

Expect the first pass to take 10 to 15 hours if you are covering the major brokers. With over 100 known data brokers operating in the United States, this is a significant ongoing time commitment.

Federal Laws That Also Apply

In addition to state protections, Massachusetts residents benefit from several federal privacy laws:

• Fair Credit Reporting Act (FCRA): Gives you the right to dispute inaccurate information with credit reporting agencies and limits how consumer reports can be used
• Gramm-Leach-Bliley Act: Requires financial institutions to explain their data-sharing practices and offer opt-outs
• HIPAA: Protects the privacy of your medical records held by healthcare providers and insurers
• COPPA: Protects the data of children under 13

These federal laws are narrow in scope but provide useful protections for specific types of data.

The Automated Alternative

Manual opt-outs work, but they require hours of effort and must be repeated regularly. For Massachusetts residents who want lasting protection without the ongoing time investment, automated data removal services offer a practical solution.

PrivacyOn submits opt-out requests across over 100 data broker and people-search sites on your behalf, then continuously monitors those sites for your information. When your data reappears, and it will, a new removal request goes out automatically. This is especially valuable right now: while the MDPA's one-stop deletion portal is scheduled to launch by January 2027, Massachusetts residents have no centralized state-run tool today. PrivacyOn fills that gap immediately.

Plans start at $8.33/month and include continuous scanning, automated removals, and progress reports showing which brokers have been addressed.

Looking Ahead

Massachusetts is entering a new era of privacy protection. With the MDPA's data broker registry, one-stop deletion mechanism, and private right of action, Bay State residents will soon have some of the strongest data privacy rights in the country. Until the law's data broker provisions take full effect in 2027, proactive steps, whether manual opt-outs or an automated removal service like PrivacyOn, are the best way to keep your personal information out of the hands of data brokers.