Skip to content
Use promo code: wHvawiVe
at checkout for 20% Off 🕵️ Happy Data Privacy Week 2025 from Optery! 🔒

Privacy Protectors Spotlight: Jeff Jockisch

Feature image

In the eighth installment of our Privacy Protectors Spotlight series, we are excited to feature data privacy expert Jeff Jockisch!

Jeff Jockisch is a highly regarded data privacy researcher specializing in the data broker ecosystem and commercial surveillance. His expertise spans data science, governance, and operational design, with a strong foundation in building knowledge graphs, managing big data, creating taxonomies, and ensuring data quality.

Jeff is currently a leading data privacy researcher and Managing Partner at ObscureIQ, where he spearheads efforts in privacy research, data broker analysis, and product innovation. His work empowers individuals to reclaim control over their personal information and equips organizations to mitigate threat risks by identifying employees whose digital footprints make them vulnerable to social engineering attacks. ObscureIQ specializes in advanced digital risk reduction, offering tailored solutions for high-profile individuals, high-risk individuals, and organizations requiring extensive digital privacy protection. 

Previously, Jeff led PrivacyPlan, a platform that began as an intrusion detection technology provider and over time evolved into a resource for data privacy consulting and privacy datasets. PrivacyPlan remains a valuable hub of information for those looking to enhance their privacy and security practices.

PrivacyPlan Image

As the privacy community continues to grow, driven by advocates who are raising awareness, simplifying complex privacy issues, and providing actionable guidance to help individuals protect their data, Jeff Jockisch stands out as an indispensable figure. He combines his expertise in data analysis with a passion for privacy rights, uncovering patterns and trends to advance the conversation on privacy. His insights are widely recognized, and his voice is a frequent presence on leading privacy podcasts, where he shares strategies and perspectives that empower individuals and organizations alike.

Jeff also co-hosts Your Bytes, Your Rights, an interdisciplinary audio event that brings together experts to explore issues surrounding data ownership, digital rights, and privacy.

Your Bytes, Your Rights

Journey Into Privacy

Before dedicating his career to privacy, Jeff earned his CIPP/US certification and studied Organizational Behavior at Cornell University. He spent over 20 years in the tech startup world, working on knowledge graphs, data science, and backend development for search engines. This work exposed him to how personal data is collected, organized, and monetized. 

A pivotal moment occurred when he read an article by journalist Kashmir Hill in 2012, which detailed invasive practices by data brokers, such as selling sensitive information like lists of car accident victims and personal health details. This realization ignited his passion for addressing the harmful impacts of data surveillance and protecting digital privacy.

Jeff’s Privacy Datasets

Rather than following a conventional path into privacy compliance, Jeff pursued the intersection of data privacy and data science. A unique aspect of his work involves creating and analyzing extensive datasets focused on privacy to understand and address privacy issues. Among his datasets, Jeff has built the largest known database of data brokers, cataloging over 8,500 organizations that collect and process consumer data. This comprehensive resource, known as the Codex, provides critical insight into the pervasive and often opaque practices of the data broker industry.

The Codex

Jeff’s has also built a database of over 125 privacy-focused podcasts. Recognizing the challenge of finding relevant privacy content, he developed this resource to make it easier for professionals and enthusiasts to engage with the latest discussions and insights in the field. Last year Jeff partnered with Opsware.co to hold the first annual People’s Choice Privacy Podcast Awards, highlighting leading voices in the space. 

In his role as a data privacy researcher, Jeff combines curiosity and technical expertise to address overlooked areas in the privacy landscape. For example, he has conducted detailed analyses of U.S. state data breach notification laws, creating datasets to evaluate their effectiveness. His research has resulted in studies like “State Breach Statute Scoring,” “Breach Trigger Analysis,” and “State Data Breach Law PII Analysis,” which explore the variations and gaps in state-level regulations. 

State Breach Statute Scoring evaluates U.S. breach notification statutes based on four key metrics: notification requirements, personal data coverage, harm triggers, and fines and enforcement. It offers a comparative view of state laws, highlighting which states provide stronger protections for their residents.

Breach Trigger Analysis is a detailed examination of the components that trigger breach notifications, focusing on what Jeff terms the Data Trigger, Harm Trigger, and Significant Risk Trigger. This analysis delves into the thresholds and conditions outlined in each law.

State Data Breach Law PII Analysis takes a closer look at how state laws address personally identifiable information (PII) in breach notifications. It explores which data elements trigger notification, the combinations of data covered, and whether exceptions exist for publicly available data.

Other datasets Jeff has compiled include Privacy-Enhancing Tech Companies, Biometric Identifiers, and a Privacy Library. These datasets have been a passion of Jeff’s and are of immense value to the privacy community at large.

“I’m a person that thinks in datasets. When I study something, anything, I think about how to structure the data about it. When I started studying for my CIPP/US certification, I created databases of privacy terms, privacy books, privacy laws, privacy court cases, luminaries in the field, privacy non-profits, data brokers, privacy-enhancing tech companies, privacy podcasts I was listening to… the list goes on. 

I realized that I liked creating these privacy-focused datasets, that they had value to other professionals in the field.” — Privacy in Action: Jeff Jockisch, Data Privacy Researcher – Startpage.com Blog

Jeff Jockisch on Data Brokers

Jeff’s extensive research and technical expertise has shed light on the opaque world of data brokers, consumer data exploitation, and the security challenges posed by commercial surveillance. Below are some of Jeff’s insights into the challenges of tracking data brokers, the security risks of consumer data, and the proactive measures he advocates for safeguarding privacy.

Why It’s Hard to Track Data Brokers

Tracking organizations involved in collecting and selling consumer data is an immense challenge due to the lack of transparency and accountability, as Jeff Jockisch has highlighted. Only a small number of data brokers are registered, with laws in states like California and Vermont requiring some to disclose their activities. However, the legal definition of a “data broker” is narrow, excluding entities that have a direct relationship with consumers or fall under specific revenue thresholds. These loopholes allow many organizations to avoid the “data broker” label altogether, even if they engage in similar practices. Jeff thus refers to the broader group of companies collecting personal data as “commercial surveillance” and includes any organization collecting consumer data in his extensive Codex database, regardless of their legal classification.

“It’s really hard to get a handle on these organizations because literally nobody’s tracking them. California and Vermont were the first states that started asking these organizations to register, but there are only, I don’t know, 600, 700, maybe 800 organizations that are registered as data brokers at this point.”

“Part of that is because the legal definition of data brokers is relatively narrow. You have to be a third-party data broker. If you have a direct relationship with the consumer, then you’re not a data broker. You have to have a certain amount of your revenue and you have to do certain other things. There are little loopholes that these organizations can hop through to not be labeled a data broker.”

“If you collect consumer information, I put you into my database, whether you’re legally a data broker or not.” — Erasing Your Digital Footprint with Jeff Jockisch – Easy Prey Podcast

What Data Brokers Collect

When it comes to the info that data brokers gather on us, Jeff notes that “it can really be anything.” This includes personal information from voter records, Department of Motor Vehicles records, court filings, real estate transactions, and credit card activity. They also acquire data from healthcare transactions, online behavior, and cell phone location data. As Jeff says, “virtually anything that you do that’s digital dust, they’ll hoover up and vacuum up. If they’re not getting it directly, they’ll buy it from somebody who does.”

Location data, in particular, can reveal detailed patterns of life, allowing data brokers to infer personal habits and behaviors—though these inferences are not always accurate and can lead to false narratives about individuals.

“All these different places that you go give you, first of all, a pattern of life that you could build a story about somebody, but then each location that you hit—this is all telling me about you. All those data pieces I can put together tell me what kind of person you are in ways that the other data points by themselves might not. I can develop an interesting story about you that might be true or might be completely false.”

“The data points can be interpreted in multiple different ways.” — Erasing Your Digital Footprint with Jeff Jockisch – Easy Prey Podcast

The Insecurity of Consumer Data

One of Jeff’s key concerns is how poorly companies secure the massive amounts of data they collect. Data breaches have become an almost daily occurrence, exposing sensitive information to bad actors. Jeff explains that even companies making genuine efforts to protect data often fall short due to the inherent difficulty of securing databases. Encryption at the field level, for instance, is a best practice but rarely implemented. Worse still, many third-party data brokers prioritize monetization over security, treating consumer data as a commodity without considering the risks to individuals.

Even companies with better security practices share data with third-party vendors, creating a domino effect. Data is passed down through multiple layers of suppliers and processors, increasing the likelihood that a weak link will result in a breach. As Jeff notes, a single data-sharing arrangement can ripple downstream to hundreds of organizations, exponentially raising the risk of data exposure.

“You give the data to AT&T and they give it to these 10 other people downstream, and they give it to five other people each downstream. Pretty soon, 500 organizations have your data, and one of them is going to get breached.” — Erasing Your Digital Footprint with Jeff Jockisch – Easy Prey Podcast

How Malicious Actors Exploit Data Broker Profiles

The consumer profiles created by data brokers are also being aggregated by malicious actors who use them for criminal purposes. As Jeff explains, cybercriminals are building detailed profiles by combining data from multiple breaches, which they then leverage for synthetic identities, account takeovers, and financial fraud. These profiles are also used in extortion schemes, where criminals use personal data to intimidate individuals into paying them. The better the profile, the more convincing these scams become, as criminals can include specific details like family names and addresses to create a sense of urgency and fear.

“Our data’s all ending up on the dark web. It’s becoming easier and easier for criminals to monetize that.”

“If you think about it, what are our data brokers really doing? They’re building consumer profiles on us. The bad guys are doing the same thing. They’re not just taking a couple of pieces of data about us and saying, “OK, what can I do with that?” They’re actually aggregating multiple different data breaches together and building larger and larger consumer profiles.

Once they’ve got a large consumer profile, what can they do with that? Well, they can start doing synthetic identities. Or pretending to be us and going out getting loans, or buying property, or trying to take over our bank accounts.” — Erasing Your Digital Footprint with Jeff Jockisch – Easy Prey Podcast

Steps to Protect Your Data

Jeff emphasizes that tackling the pervasive issue of data collection requires a two-pronged approach. First, individuals need to delete their digital footprint wherever possible. Second, people must change their behaviors to stop leaking data. This means uninstalling apps that track users, avoiding certain types of software, and gaining a better understanding of how data collection works. Jeff highlights that much of the ad tech industry is designed to collect data by default, making it critical for individuals to take proactive steps to protect their privacy.

Below we highlight some of these proactive steps from Jeff’s articles on Tactical Privacy Wire and his Seven Steps to Reduce Your Digital Dust by 90% – ObscureIQ.

1. Protect Your Digital Identity with Smart Account Choices

  • Compartmentalize Online Activities: Avoid using your real name for online profiles wherever possible. Create unique usernames and emails for different accounts to prevent data trackers from linking your online activities.
  • Recommended Tools:
    • Email Aliases: Use SimpleLogin for basic compartmentalization.
    • Secure Email Providers: Use ProtonMail or Tutanota for encrypted email accounts.
  • Why It Matters: Reusing the same name or email across multiple platforms enables data brokers to build detailed profiles of your online behavior. By compartmentalizing, you can significantly limit their ability to track and monetize your activities.

2. Freeze Your Credit to Prevent Identity Fraud

  • Take Action: Visit FrozenPII.com for easy, step-by-step instructions on freezing your credit.
  • Why It Matters: Freezing your credit prevents criminals from opening accounts in your name, even if your personal data is exposed. Unlike credit monitoring or identity theft insurance, which notify you after the fact, freezing your credit offers proactive protection.

3. Shield Financial Information

  • Use a dedicated device for accessing financial accounts. A low-cost laptop, Chromebook, or iPad, combined with a VPN and anti-malware tools, minimizes exposure to malicious attacks.
  • Opt for disposable or virtual credit cards, such as Privacy.com or Capital One Eno, when shopping online to protect your primary card details.
  • Why It Matters: These practices add layers of security, ensuring that even if a website is breached, your financial information remains protected.

4. Use Privacy-First Browsers and Ad Blockers

  • Switch Browsers: Replace Chrome with privacy-focused alternatives like Brave, Firefox, or DuckDuckGo.
  • Install Ad Blockers: Tools like uBlock Origin, Privacy Badger, and Ghostery block invasive tracking.
  • Why It Matters: These tools prevent ad tech companies from collecting and sharing your browsing habits, reducing the chances of data brokers building detailed profiles of your online behavior.

5. Ghost the Grid with Location Privacy Tactics

  • Avoid Tracking: Use offline mapping tools like Organic Maps, OsmAnd, or Magic Earth to navigate without leaving a digital trail.
  • Disable Location Services: Turn off GPS, Bluetooth, and Wi-Fi unless necessary, especially near sensitive locations.
  • Why It Matters: Jeff explains that location data can expose intimate details about your life, from your daily routines to sensitive visits, making you vulnerable to exploitation or surveillance. Learn more in his article here: Ghosting the Grid

6. Protect Against Ping SMS Spam

  • Avoid Engagement: Ping SMS spam is a tactic where spammers send vague or deceptive text messages to verify if a phone number is active, often leading to increased spam, scams, or data exploitation. Do not respond to suspicious SMS messages, even with “STOP,” as it confirms your number’s validity to spammers.
  • Use Trusted Filters: Stick to apps like Apple’s iMessage or Google Messages for built-in spam filtering. Avoid third-party apps that harvest your personal data.
  • Why It Matters: Ping SMS spammers fuel data exploitation by selling active phone numbers to marketers, scammers, and data brokers. Awareness and filtering are your best defenses. Learn more in Jeff’s article here: Ping SMS Spam. Secret Weapon of Phishers and Brokers.

7. Strengthen Passwords and Use Two-Factor Authentication (2FA)

  • Adopt Passphrases: Replace complex, hard-to-remember passwords with long passphrases that are both secure and easier to recall. 

“Everyone should be using long PassPhrases instead of short passwords. Longer is more important than adding a bunch of entropy with weird characters and numbers. Most people (and the majority of sites) don’t get that. If you do it right, passphrases are harder to crack by a longshot and easier to remember.” –Privacy in Action: Jeff Jockisch, Data Privacy Researcher – Startpage.com Blog

  • Enable 2FA: Use tools like Google Authenticator or YubiKey to add an extra layer of security to your accounts.
  • Recommended Tools: BitWarden and 1Password simplify managing strong, unique passwords for every account.
  • Why It Matters: Weak passwords are a common entry point for hackers. Jeff emphasizes that adding 2FA ensures even a compromised password won’t give attackers full access to your accounts.

8. Manage Permissions

  • Regularly review and update your device and app permissions.
  • Steps to Take:
    • Turn off unnecessary location services and personalized ads.
    • Audit mobile app permissions to limit access to sensitive data.
    • Use apps like Block Party for managing social media privacy.
  • Why It Matters: Many apps collect far more data than they need. Limiting permissions drastically reduces the amount of personal information shared about you.

9. Create Sock Puppet Accounts

  • Jeff provides a detailed guide on creating and maintaining secure sock puppet accounts, which are online identities separate from your real one. These can be crucial for protecting yourself from online harassment, doxxing, or unwanted attention. He advises using tools like burner phones, anonymous email addresses, VPNs, and privacy-focused browsers to maintain the anonymity of these accounts.
  • Why It Matters: Sock puppet accounts enable you to engage online without exposing your personal identity, especially in situations where privacy is paramount. 

By deleting your digital footprint wherever possible and adopting the tips above, you can significantly enhance your privacy and reduce your vulnerability to commercial surveillance, hackers, and stalkers. 

The Future of Privacy and the Fight Against Commercial Surveillance

When it comes to the escalating risks and challenges associated with the commercial surveillance industry and the increasing exploitation of personal data, Jeff sees things getting worse. 

“It’s going to get really bad. I think it’s going to get really, really bad.” — Erasing Your Digital Footprint with Jeff Jockisch – Easy Prey Podcast

He warns of the growing threat posed by artificial intelligence, which enables bad actors to scale their operations and exploit data more effectively. 

“Personal data of individuals is the information phishing attacks use, especially spear-phishing attacks, to power those kinds of attacks to break into businesses. When you think about the ability for large language models and generative AI to be able to take that data and generate really convincing ploys at scale, if we could delete a lot of their personal information so that these AI models can’t then come in and try to phish or compromise those employees to get at my corporate assets, that would be a big win.” — AI-powered phishing attacks and the Delete Act with Jeff Jockisch – Masters of Privacy (EN) – 10/23

Despite the challenges, Jeff believes that privacy advocates can make a difference by pushing for stronger laws, developing privacy-enhancing technologies, and educating consumers on how to protect themselves.

Jeff highlights the California Delete Act as a significant win for privacy. Once implemented, it will allow residents to delete their data from hundreds of data brokers with a single action. However, he stresses the need for similar initiatives nationwide and for laws to expand beyond the limited scope of currently registered data brokers. With the commercial surveillance industry estimated to be worth over $400 billion, Jeff emphasizes that it will take collective effort from lawmakers, consumers, and advocates to shift the balance of power.

“There are things that are happening. There are more privacy laws that are getting passed, but we could certainly use everyone’s help in getting better laws passed. There are lots of people that are saying, “Hey, we have no data privacy. It’s not even worth fighting anymore.” That’s not true at all. We’re actually making significant progress now.”

“The problem is that the data brokers are massively powerful. So we need to fight that, and it’s a lot of money against us. They don’t want to give this up.”

“But 80% of consumers are on the side of this issue. They don’t want this going on. It’s an issue that both sides—whatever political spectrum you’re on—does not want this. You’ve got a lot of politicians that want to help. They’re trying to fight back. We’re trying to get some good policy passed and we’re making progress.”

There are things like the California Delete Act that are going to help consumers delete their information. Californians will be able to, with one stroke, delete their information from 500 or 600 or 700 data brokers, and that’s going to be a massive win.”

“But we need to do that nationwide and for more people. Frankly, we need to widen the scope of that. It should be more than just those data brokers that register and are within that limited scope.” — Erasing Your Digital Footprint with Jeff Jockisch – Easy Prey Podcast

Jeff anticipates that privacy will continue to grow as a profession and evolve alongside emerging technologies like AI. He has previously worked with organizations like the Data Collaboration Alliance and ForHumanity to address the ethical and security challenges associated with these advancements. 

Whether through his data-driven analyses, community-building initiatives, or expertise in protecting personal data, Jeff continues to be an indispensable figure in the fight for privacy. His work educates and inspires others to take actionable steps to safeguard personal data and address the growing challenges posed by surveillance and data exploitation.

At Optery, we are greatly inspired by Jeff’s work and dedication and are happy to spotlight him for his outstanding contributions to privacy protection.

Join us in recognizing Jeff Jockisch’s critical work. You can follow Jeff on Linkedin here, read and subscribe to Jeff’s articles here: Tactical Privacy Wire — ObscureIQ, and watch his interviews here: Jeff Jockisch Speaks – PrivacyPlan and here: Obscure Voices – ObscureIQ

Stay tuned for more features in our Privacy Protectors Spotlight series and follow Optery’s blog for further insights on safeguarding your personal information.

Ready to Remove Your Info from the Internet?

Free Tools + Paid Plans starting at $3.99/mo. 605 sites covered. 30-Day Money Back Guarantee!

Get Free Scan

Ready to safeguard your personal data?

Join the movement of people strengthening their privacy
Sign Up Free