Does registration mean the data is lawful for our use case?

No. Registration is one disclosure requirement among many. Your permitted use still depends on contract terms, notice, consent posture for the underlying sources, and applicable sector rules.

Where does GSDSI publish registration numbers?

On /trust/data-broker-registrations when confirmed by compliance. The privacy policy links to the same index.

How often should buyers re-check registrations?

At initial vendor onboarding and annually during vendor re-attestation, or when a vendor announces a corporate transaction or new data category.

Data Broker Registration Diligence 2026

State data-broker laws added a public accountability layer on top of contract privacy terms. Enterprise buyers should not treat a registration number as a substitute for a DPA, but they should confirm the vendor maintains current filings and publishes the disclosures your legal team expects. GSDSI publishes a live index at /trust/data-broker-registrations and summarizes the posture in the privacy policy. This article is a diligence workflow, not legal advice.

Key Takeaways

Confirm which states apply to your activation geography and vendor nexus.
Request the public registration reference and match it to the vendor's published index.
Keep DSR pathways (TrustSuperset portal + policy links) in the same review packet.
Pair broker diligence with sourcing methodology and subprocessors review.

What to Request in Diligence

State registration status table (CA, VT, TX, OR where applicable).
Link to the vendor's public broker index page.
Description of how deletion/opt-out signals propagate to licensed feeds.
Subprocessor list and breach-notification SLA cross-reference.

Common Gaps That Slow Procurement

Teams sometimes conflate broker registration with HIPAA compliance or FCRA status. GSDSI is not a consumer reporting agency; healthcare and financial use cases still require your counsel to map permitted use. Another gap is reviewing registration without reviewing sensitive-location exclusions for mobility programs. Use the privacy compliance hub and sensitive location checklist in the same review cycle.

Tie Broker Review to Vendor Comparison

When comparing data vendors, add a governance row: published broker disclosures, DSR handling, and evidence of deletion propagation. The vendor comparisons pages list pilot and governance questions by category. Cross-check mobility and identity programs against global mobility data and core email file specs so registration review matches the feeds you license. Federal buyers should use the separate federal procurement checklist when CAI and defense delivery rules apply.

Questions on registrations or diligence materials: contact or privacy@gsdsi.com.

Frequently Asked Questions

Does registration mean the data is lawful for our use case?: No. Registration is one disclosure requirement among many. Your permitted use still depends on contract terms, notice, consent posture for the underlying sources, and applicable sector rules.
Where does GSDSI publish registration numbers?: On /trust/data-broker-registrations when confirmed by compliance. The privacy policy links to the same index.
How often should buyers re-check registrations?: At initial vendor onboarding and annually during vendor re-attestation, or when a vendor announces a corporate transaction or new data category.