You hold a security clearance. Your home address, phone number, family names, financial history, and daily patterns sit on data broker sites for anyone to buy. That is not a privacy inconvenience. It is a targeting package.
Clearance investigations measure how susceptible you are to coercion and foreign intelligence recruitment. A broker profile filled with your household details, commute route, and net worth answers that question for the adversary before the investigation even starts.
What Investigators Actually See
The SF-86 asks what you disclose. Investigators check what the public internet discloses about you without your help. Data brokers sell addresses, phone numbers, relatives, income estimates, property records, vehicle registrations, and social media profiles. All of it costs a few dollars per search. Foreign intelligence services pay the same price you do.
A foreign officer who knows your home address, your spouse, your kids' schools, and your commute has the raw material for a targeting operation. That is not a hypothetical. Counterintelligence teams deal with it daily.
Virginia Law
The Virginia Consumer Data Protection Act (VCDPA) took effect January 1, 2023, amended in 2025. It grants deletion rights, opt-out rights for data sales and profiling, and the ability to opt out of Clearview AI facial recognition. Virginia is one of six states with that last provision. Use it.
The NoVA Problem
Northern Virginia has one of the highest concentrations of clearance holders in the country. Foreign intelligence services know exactly where to look.
Fairfax, Arlington, Alexandria, Loudoun. The Pentagon, CIA, NSA, NGA, DIA, ODNI, and dozens of defense contractors sit within commuting distance. Foreign services treat this area as target-rich. More personal data available means more opportunities for social engineering, recruitment approaches, and intelligence collection.
This extends to your household. A spouse or child listed on a broker site builds a profile of your routines and pressure points whether you opted in or not.
What to Do
Audit broker exposure. Search yourself on Spokeo, BeenVerified, WhitePages, Radaris, TruePeopleSearch, FastPeopleSearch. Expect to find addresses, phone numbers, and family names.
Submit deletion requests. Cite the VCDPA by name. It gives your request legal teeth.
Run a facial recognition audit. Check PimEyes, FaceCheck.ID, Google Lens, Yandex, TinEye. Virginia residents can opt out of Clearview AI. Your face indexed in a commercial database is an OPSEC gap.
Check vehicle exposure. Plate reader networks cover Northern Virginia and Hampton Roads. Use DeFlock.me to map readers near you. Opt out of plate lookup sites.
Lock social media. Private everything. Kill location data, face tagging, employer info, linked accounts.
Extend to family. Your spouse and adult children run the same process. Their data targets you.
Monitor continuously. Brokers re-acquire data from public records and commercial feeds. A one-time cleanup degrades within months.
The OPSEC Failure Most People Ignore
You know not to discuss classified material in public. You screen foreign contacts. Good. Now apply that same discipline to your digital footprint. Your home address on WhitePages is an OPSEC failure. Your commute inferred from plate reader data is an OPSEC failure. Your face in a searchable commercial database is an OPSEC failure.
The difference: digital vulnerabilities can be removed systematically. Broker data, facial recognition indexes, social media exposure, vehicle tracking. All addressable. The question is not whether it matters. For clearance holders, the question is whether you can justify leaving it exposed.
— J. Daniel, Dark Scrub