Why Address Confidentiality Programs Are Broken and How We Can Fix Them

In the early 1990s, as part of a broader national effort to address risks associated with domestic violence, state address confidentiality programs (ACPs) were created. Their goal was to protect victims by limiting public disclosure of their current residences or other contact information.

At the time it was not easy to find someone who wasn’t listed in a phone book or to access public records on file with motor-vehicles departments, property records agencies, or other institutions, for example.

Since then, the world has changed dramatically. And ACPs, even as they have become more popular as a policy tool to offer protections to a wider range of at-risk individuals, have lost most of their practical benefits because government agencies no longer have any monopoly over access to public records. As they say, “the internet never forgets.”

Why ACPs Can’t Limit Access to Personal Information Anymore

The modern internet is a wild west of data collection and monetization. Individuals’ sensitive, personally identifiable information is being collected and aggregated whenever they interact with any piece of technology or online service to make online purchases, engage with social media activities or even just carry a phones throughout the day. An entire industry of middle-man data brokers exists to consolidate and trade in this information without any regulation or oversight.

As a result of these economic and technological changes, ACP participants, regardless of their official status in government records-protection programs, often face exactly the same degree of public exposure as anyone else.

If anyone thinks they can make a buck from collecting and selling information available online, they’re going to do it. And up until fairly recently, there has been nothing to stop them. Last year, the Federal Trade Commission sued a data broker for tracking millions of Americans’ geolocation data via their phones without their knowledge, including individuals who visited domestic violence shelters. According to the FTC, this kind of data harvesting exposed a largely unaware population to the “threats of stigma, stalking, discrimination, job loss, and even physical violence.”

Asking the largest, most-established data brokers like Acxiom and Experian to limit sharing of ACP participants’ personal details—which they have traditionally complied with—doesn’t solve the problem. The data brokerage industry is not just a handful of large-scale operators dealing with major corporations. It also includes hundreds of smaller companies that make their databases available to anyone with a credit card and routinely fail to even adhere to their own stated opt-out or data removal policies.  

Keeping track of all the players in this shadowy industry is difficult. Opting out of data collection or demanding permanent take-downs is even more challenging, as most rely on automated processes, which eventually cause the information to reappear for sale even after a prior removal.

How Governments Can Help Improve Privacy Protection for At-Risk People

In the 1990s, most of the people who worried about personal information exposure were victims of domestic violence and similar crimes. Today, thousands of Americans use data broker removal services to reduce growing risks like doxing and identity theft.

As more information aggregates online, the people who avail themselves of these services (or take extensive time to manually opt out with compliant data brokers themselves) have better privacy than some ACP participants who rely on legal protections.

That’s not to suggest that ACPs are unnecessary or obsolete. The fact that they hide participants' addresses from public records is important—public records are a core source of information for data brokers. But they are not the only source, and ACPs must evolve to recognize this fact.

In an age where our personal information is constantly being collected and sold without our knowledge, the government needs a wider range of tools to help protect at-risk citizens.

Improving the status quo requires better regulations limiting data collection, as well as stronger consumer rights for opt-out and deletion. And many states, like Montana and Washington, are taking steps in the right direction. However, it will take a considerable time for state-level legislation to turn into actionable laws that noticeably improve consumer privacy. Even in regions like the European Union, with well-established pro-privacy regulations, individuals can still struggle with making effective information erasure requests.

Part of the answer to these challenges lies in the private sector. Proven solutions for removing people’s personal information from the internet—efficiently and at scale—already exist, as evidenced by the many thousands of Americans who pay for data broker removal services to help safeguard their personal information. Combining this private-sector capability with evolving legislation might be one way that ACPs can keep pace with privacy challenges.