What are the institutional and regulatory implications of this document?

REGULATORY LANDSCAPE: This document engages multiple overlapping frameworks including CCPA and CPPA enforcement (California data broker registration is confirmed for D&B, Inc., Eyeota Pte. Ltd., and NetWise Data, LLC), GDPR and the EU-U.S. Data Privacy Framework (2023), the Swiss-U.S. Data Privacy Framework (2023), the UK extension to the EU-U.S. DPF (2023), APEC CBPR, and ISO 27701 PIMS certification. The FTC is the primary U.S. enforcement authority for data broker practices and cross-border …

How does Dun & Bradstreet's D&B Privacy Policy affect users?

Dun & Bradstreet, through its subsidiaries including Eyeota and NetWise Data, operates as a registered data broker aggregating professional and business data on hundreds of millions of people and organizations, often without direct consumer relationships. Individuals may find their name, job title, employer, and professional contact information held and licensed by D&B without having consented directly to that collection. You can submit a data subject rights request, including access and deleti…

How often is Dun & Bradstreet's D&B Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Dun & Bradstreet updates this document?

Yes. Watcher subscribers ($9.99/month) can add Dun & Bradstreet to their watchlist and receive same-day email alerts whenever this document or any other Dun & Bradstreet document changes.

CA-D-000722

D&B Privacy Policy

Dun & Bradstreet

Last change detected May 13, 2026 Privacy policy

SHA-256: a5ca50b1452d3719dfb… 2 versions captured 0 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Dun & Bradstreet ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

7 Total

0 High severity

5 Medium severity

2 Low severity

Summary

This is Dun & Bradstreet's public data transparency hub, explaining how one of the world's largest commercial data companies collects, processes, and shares information about businesses and the individuals who work at them. The most important thing to know is that D&B is registered as a data broker in California, Oregon, Vermont, and Texas, meaning your professional contact information, business role, and associated analytics may be held and sold without your direct knowledge. You can submit a data subject rights request directly through D&B's portal at the TrustArc link provided to ask what data they hold about you and request deletion or correction.

Technical / Legal Breakdown

This document is D&B's 'Privacy, Data and AI Transparency Statement' landing page, governing the company's data processing disclosures for Dun & Bradstreet entities operating in the U.S. and globally, grounded in its stated values of accountability, transparency, and responsible data stewardship. The statement asserts that D&B processes data on 600M+ organizations worldwide, aggregates and generates data including scores, ratings, and analytics, and commits to respecting individual data subject rights through a TrustArc-hosted rights request portal. Notably, the document discloses that D&B, Inc., Eyeota Pte. Ltd., and NetWise Data, LLC are each registered as data brokers in multiple U.S. states including California, Oregon, Vermont, and Texas, which is operationally distinct from standard enterprise software or SaaS privacy disclosures and places D&B squarely within data broker regulatory regimes. The document engages GDPR, CCPA and its CPPA enforcement regime, the EU-U.S. Data Privacy Framework, Swiss-U.S. Data Privacy Framework, UK extension thereof, APEC CBPR, ISO 27701 (PIMS), and ISO 27001 (ISMS), with certifications including TRUSTe Responsible AI (2024) and Global CBPR (2025); compliance obligations under these frameworks vary significantly by jurisdiction and entity. Material compliance considerations include the multi-entity data broker registration structure across subsidiaries, the scope of AI system use disclosed on linked sub-pages, and the adequacy of data subject rights mechanisms for individuals who may not know their data is held by D&B.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

Medium — 5 provisions

Multi-Entity Data Broker Registration

D&B, along with two of its subsidiaries, is officially registered as a data broker in multiple U.S. states, meaning these companies are legally recognized as businesses that collect and sell personal information about people, often without a direct relationship with those individuals.

Added May 10, 2026 Rare
Individual Data Subject Rights Portal

D&B provides a web-based portal where individuals can submit requests to access, correct, or delete their personal data held by D&B entities, covering both personal and professional data.

Added May 10, 2026 Rare
AI Systems Use and TRUSTe Responsible AI Certification Compare →

D&B uses AI systems to generate scores, ratings, and analytics about businesses and individuals, and has obtained a third-party certification (TRUSTe Responsible AI) attesting to responsible AI practices as of 2024.

Added May 10, 2026 Common Seen across 104 platforms
Cross-Border Data Transfer Framework Certifications Compare →

D&B has obtained certifications under multiple international data transfer frameworks, including the current EU-U.S. Data Privacy Framework, meaning personal data can flow from the EU, UK, and Switzerland to D&B's U.S. operations under these recognized legal mechanisms.

Added May 10, 2026 Standard Seen across 246 platforms
Data Processing Scope and D&B Data Cloud Compare →

D&B processes a wide range of data types including personal data about individuals in their professional capacity, covering businesses, economic activity, sustainability, and legal events, at a scale of over 600 million organizations globally.

Added May 10, 2026 Standard Seen across 189 platforms

Low — 2 provisions

ISO 27701 and ISO 27001 Certification Commitment

D&B has had its privacy and information security management systems independently audited against ISO 27701 and ISO 27001 standards in applicable markets, providing third-party assurance of its data governance controls.

Added May 10, 2026 Rare
Contact and Complaint Escalation Rights

Individuals can contact D&B's compliance team by email or via a helpline, and retain the right to escalate complaints directly to their local data protection authority if they are unsatisfied with D&B's response.

Added May 7, 2026 Rare