The Data Broker You’ve Never Heard of That Knows More Than Google

LexisNexis Risk Solutions is not a household name. It is a data company with 10,000 data sources, records on 99% of US adults, and clients including law enforcement agencies, financial institutions, insurance companies, and landlords. It is also almost entirely invisible to the people whose data it holds.

This is by design. LexisNexis Risk Solutions does not have a consumer brand. It does not market to individuals. Its customers are institutions, and its product is information about people who have not consented to be profiled, have no right to correct inaccuracies, and in most US jurisdictions have no legal mechanism to request deletion.

The business is legal. Data brokers operate in a regulatory environment so permissive that the concept of consent is largely irrelevant to their operation. The Fair Credit Reporting Act imposes some requirements on credit-related data usage. CCPA gives California residents limited rights. Most other states have nothing.

The GDPR, by contrast, would make LexisNexis Risk Solutions’ core business model illegal in Europe as currently structured. It is not a coincidence that the US data broker industry has no significant European equivalent.

What this means practically: your financial history, your address history, your relatives, your litigation records, your professional licences, your estimated income, and dozens of other data points are available to any institution that pays for access, without your knowledge and without your consent. This is not a hypothetical. It is an industry with $250 billion in annual revenue.