How to Opt Out of Data Brokers in Washington

Washington state does not yet have a comprehensive consumer data privacy law like California's CCPA, but that does not mean you are unprotected. Between the My Health My Data Act, the Washington Consumer Protection Act, pending legislation, and federal rights, Washington residents have real tools to fight back against data brokers. Here is a practical guide to removing your personal information from the data broker ecosystem in 2026.

Washington's Privacy Landscape in 2026

Washington has tried and failed to pass a comprehensive privacy law multiple times. The Washington Privacy Act died in committee in 2020 and 2021. The Foundational Data Privacy Act (HB 1850) was rejected in 2022. As of 2026, the People's Privacy Act (HB 1671), introduced in January 2025, is the most recent attempt at comprehensive data privacy legislation. It would give Washington residents the right to opt out of data sales, targeted advertising, and automated profiling, but it has not yet been signed into law.

Meanwhile, a separate bill, HB 2483, would create a statewide data broker registry through the Department of Licensing. If passed, data brokers operating in Washington would be required to register annually and disclose the types of data they collect, who they sell it to, and whether consumers can opt out. That registry is proposed to take effect in 2028.

Until comprehensive legislation passes, Washington residents must rely on a patchwork of existing laws and manual strategies to protect their data.

Laws That Protect Washington Residents Right Now

The My Health My Data Act (MHMDA)

Signed into law in April 2023 and fully effective since June 2024, the MHMDA is the strongest privacy law currently on the books in Washington. It is the first state law in the country to specifically protect consumer health data that falls outside HIPAA. Under this law:

• Businesses must obtain express opt-in consent before collecting or sharing any consumer health data
• A separate, signed authorization is required before any sale of health data
• Consumers have the right to access, delete, and withdraw consent for their health data
• Businesses must respond to consumer requests within 45 days
• Violations carry penalties of up to $7,500 per violation, enforced by the Attorney General
• Consumers have a private right of action and can sue directly for violations, with courts able to award treble damages up to $25,000

The MHMDA applies broadly. "Consumer health data" includes information about physical or mental health conditions, treatments, medications, reproductive health, biometric data, and even data that can be used to infer a health condition. If a data broker holds this type of information about you, you have strong legal grounds to demand its deletion.

The Washington Consumer Protection Act (CPA)

Washington's CPA (RCW 19.86) prohibits unfair or deceptive business practices. While not a privacy law per se, the Attorney General has used it to pursue companies that mishandle personal data or mislead consumers about their data practices. Any MHMDA violation is automatically a CPA violation, giving the AG's office broad enforcement authority over data misuse.

Step 1: Search for Your Information on Data Broker Sites

Start by identifying which data brokers have your personal information. Search for yourself on Google and on major people-search sites using your full name, city, phone number, and email address. Common data brokers that list Washington residents include:

• Spokeo
• Whitepages (headquartered in Seattle)
• BeenVerified
• Intelius (also based in the Seattle area)
• TruePeopleSearch
• PeopleFinders
• Radaris
• FastPeopleSearch
• Nuwber
• MyLife

Document every site where your information appears. You will need to submit a separate opt-out request to each one.

Step 2: Submit Individual Opt-Out Requests

Each data broker has its own removal process. The general steps are consistent across most sites:

1. Find the opt-out page. Look for links labeled "Do Not Sell My Personal Information," "Privacy," or "Opt Out" in the site footer.
2. Locate your profile. Search for your listing on the broker's site and copy the URL of your profile page.
3. Submit the removal request. Fill out the opt-out form with your name, profile URL, and any required identifying details.
4. Verify your identity. Most brokers require email or phone verification before processing the request.
5. Wait for processing. Removal timelines range from 24 hours (Whitepages, Spokeo) to 30 days or more for some brokers.
6. Confirm removal. Check back after the stated processing period to verify your listing is actually gone.

When submitting requests, reference any applicable law. For health-related data, cite the My Health My Data Act. For any data, you can reference the Washington Consumer Protection Act and your expectation that the company not engage in deceptive practices regarding your personal data. While there is no general right-to-delete law in Washington yet, many brokers honor removal requests from all states to maintain consistent practices nationwide.

Step 3: Leverage Federal Rights

In the absence of a comprehensive Washington privacy law, federal rights fill some gaps:

• Fair Credit Reporting Act (FCRA): If a data broker operates as a consumer reporting agency, you have the right to access your file, dispute inaccurate information, and request corrections. Brokers that provide background check data are generally covered by the FCRA.
• CAN-SPAM Act: You can opt out of marketing emails from data brokers, and they must honor your request within 10 business days.
• Telephone Consumer Protection Act (TCPA): Register your number on the National Do Not Call Registry to reduce telemarketing calls driven by data broker lists.

Step 4: File Complaints When Brokers Ignore You

If a data broker refuses to process your removal request or ignores you entirely, you have several options:

• Washington Attorney General: File a consumer complaint at atg.wa.gov. The AG's office investigates patterns of consumer harm and has enforcement authority under the CPA.
• Federal Trade Commission: Report the broker at reportfraud.ftc.gov. The FTC tracks complaints and uses them to build enforcement cases against data brokers.
• Private lawsuit (for health data): If the broker violated the MHMDA by collecting, sharing, or selling your health data without consent, you can sue directly. Courts can award actual damages, attorney fees, and treble damages up to $25,000 per violation.

The Scale of the Problem

There are more than 100 data broker sites that may hold your personal information, including your name, address, phone number, email, family members, employment history, and even estimated income. Submitting opt-out requests to each one individually can take 20 to 40 hours, and because brokers re-list your data regularly, the process must be repeated every few months. For most people, this level of effort is not realistic on an ongoing basis.

Let PrivacyOn Handle It for You

PrivacyOn automates this process across 100+ data brokers, including all the major sites that list Washington residents. We submit opt-out requests on your behalf, monitor for re-listings, and re-submit removal requests whenever your information reappears. Because Washington does not yet have a centralized deletion portal like California's DROP, an automated removal service is the most practical way for Washington residents to maintain control over their personal data.

PrivacyOn also includes dark web monitoring to alert you if your data surfaces in places that no opt-out request can reach, and family plans cover up to five people under one subscription. As Washington's privacy laws evolve and new protections take effect, PrivacyOn will adapt to ensure you are always covered.

What to Watch For

Washington's privacy landscape is changing. The People's Privacy Act (HB 1671) would give residents comprehensive opt-out rights for data sales and targeted advertising. The Data Broker Registry Act (HB 2483) would require brokers to register with the state and disclose their practices. If either bill passes, Washington residents will gain significantly stronger tools. Until then, a combination of manual opt-outs, MHMDA rights for health data, AG complaints, and an automated removal service like PrivacyOn is the most effective strategy for protecting your personal information.