Personal Data Removal Services Put to the Test: What DeleteMe Gets Right and Where It Falls Short

What Happened

A comprehensive evaluation of personal data removal services has highlighted both the capabilities and limitations of tools like DeleteMe, which promise to scrub users' personal information from data broker websites and people-search engines. The review, conducted after the tester fell victim to multiple data breaches, found that while these services deliver meaningful privacy improvements, they are not a complete solution to the personal data exposure problem.

DeleteMe and similar services work by systematically identifying where a user's personal information—name, address, phone number, email, age, relatives, and more—appears on data broker and people-search sites, then submitting removal requests on the user's behalf. The process is ongoing because data brokers frequently re-acquire information, meaning removal is a continuous effort rather than a one-time fix.

Office 2024 Pro Plus

Word, Excel, PowerPoint + more. 3 Devices.

$29

Buy Now →

Windows 11 Pro

Professional Edition. 3 Devices.

$29

Buy Now →

Office 365 Lifetime

5 Devices. Lifetime Account.

$29

Buy Now →

Visio 2024 Pro

Professional Diagramming. 3 Devices.

$29

Buy Now →

Project 2024 Pro

Project Management. 3 Devices.

$29

Buy Now →

Win 11 + Office Bundle

Win 11 Pro + Office + Visio + Project

$49.99

Buy Now →

The evaluation found that DeleteMe successfully removed personal information from the majority of targeted data broker sites within its coverage area, reducing the tester's digital exposure significantly. However, the service has notable gaps: it doesn't cover all data brokers, particularly international ones, and it cannot remove information from social media platforms, news articles, government databases, or the dark web where breached data is traded.

Background and Context

The personal data removal industry has grown rapidly as consumers have become more aware of—and alarmed by—the extent to which their personal information is available online. Data brokers operate a multi-billion dollar industry that collects, aggregates, and sells personal information from public records, commercial transactions, social media activity, and other sources. This information fuels targeted advertising, background checks, and unfortunately, also facilitates stalking, fraud, and identity theft.

The proliferation of data breaches has accelerated demand for removal services. Major breaches at companies like Equifax, T-Mobile, and Change Healthcare have exposed hundreds of millions of records, and each breach adds to the corpus of personal information circulating in both legitimate and criminal marketplaces. For individuals who have been affected by multiple breaches, the cumulative exposure can be staggering.

Regulatory efforts have provided some protection. The EU's GDPR gives individuals the right to request deletion of their personal data, and California's CCPA/CPRA provides similar rights in the US. However, exercising these rights individually across hundreds of data brokers is impractical for most people, creating the market opportunity that services like DeleteMe fill. Organisations concerned about employee data exposure should ensure their team's genuine Windows 11 key workstations are configured with privacy-protective settings as a baseline measure.

Why This Matters

Personal data exposure is not just a privacy concern—it's a security risk. Information available on data broker sites is routinely used to craft targeted phishing attacks, answer security questions for account takeover, and build profiles for social engineering. Every piece of personal information publicly available increases an individual's attack surface, and in an era of AI-powered attacks, the risk is accelerating.

The review's finding that removal services help but don't solve the problem is important because it sets realistic expectations. Consumers considering these services should understand that they are one layer in a multi-layered privacy strategy, not a complete solution. A data removal service combined with strong passwords, multi-factor authentication, email aliases, and cautious social media practices provides meaningfully better protection than any single measure alone.

For businesses, the personal data exposure of employees—particularly executives, IT administrators, and finance personnel—represents an organisational risk. Information from data brokers has been used in successful business email compromise (BEC) attacks, CEO fraud schemes, and targeted ransomware campaigns. Providing data removal services as an employee benefit can reduce organisational attack surface.

Industry Impact

The data removal services market is expected to grow substantially as privacy awareness increases and regulatory frameworks expand. Companies like DeleteMe, Optery, Privacy Duck, and Kanary are competing for market share, and the entry of larger players like Mozilla (through Mozilla Monitor) is bringing mainstream attention to the category.

Data brokers themselves are facing increasing regulatory and market pressure. Several US states have passed or are considering legislation that would restrict data broker activities, and the FTC has taken enforcement actions against companies that failed to honour removal requests. As the cost of compliance increases, some smaller data brokers may exit the market, potentially consolidating data into fewer, larger operators.

The cybersecurity industry is also taking note. Personal data exposure assessments are increasingly being incorporated into security audits and penetration testing exercises, with organisations recognising that employee data available on broker sites represents an exploitable vulnerability. For companies managing their security posture alongside enterprise productivity software deployments, data broker exposure should be part of the risk assessment.

Expert Perspective

Privacy researchers emphasise that data removal is an ongoing process, not a one-time action. Data brokers continuously re-acquire information from public records, commercial data sharing, and other sources, meaning that removed data can reappear within weeks or months. This makes subscription-based removal services more effective than one-time removal attempts, as they provide continuous monitoring and re-removal.

Cybersecurity professionals recommend that individuals prioritise which information to focus on removing. Home addresses, phone numbers, and family member information pose the greatest physical safety risk, while email addresses and employer information are most commonly exploited in phishing and social engineering attacks.

What This Means for Businesses

Businesses should consider offering data removal services as part of their employee benefits package, particularly for executives, IT staff, and anyone with access to sensitive systems or financial authority. The cost of a data removal subscription is minimal compared to the potential cost of a successful social engineering attack that leverages publicly available personal information.

IT departments should also educate employees about personal data hygiene—minimising the information shared on social media, using email aliases for non-essential services, and being cautious about what information is provided to online services. Combined with strong affordable Microsoft Office licence security settings and multi-factor authentication across all business accounts, these measures create a layered defence against social engineering.

Key Takeaways

• Data removal services like DeleteMe effectively reduce personal information exposure across major data broker sites
• These services have limitations—they don't cover all brokers, social media, news sites, or dark web data
• Data removal is an ongoing process since brokers continuously re-acquire personal information
• Personal data exposure is both a privacy concern and a security risk that enables targeted attacks
• Businesses should consider offering data removal services as an employee security benefit
• A multi-layered approach combining removal services with strong security practices provides the best protection

Looking Ahead

The data removal industry is expected to evolve with AI-powered discovery tools that can identify personal information across a broader range of sources, and regulatory developments that may give consumers stronger rights to demand deletion. The long-term trajectory points toward a world where personal data protection is treated as a fundamental security measure rather than an optional privacy luxury, with data removal services becoming as standard as antivirus software for both individuals and organisations.