If you want to keep a secret, don’t put any trace of it online. That’s something ex-CIA director David Petraeus just learned the hard way. But our lives are increasingly digital, and the government recognizes it.

In July, Congress asked nine data brokerage firms – including credit reporting agencies – what consumer information they collect, how they do it, and whether they sell it to third parties. On Nov. 8, it released those companies’ responses.

You can read the lengthy original letters and the responses here, but investigative journalism site ProPublica sums things up nicely in their article Yes, Companies Are Harvesting – and Selling – Your Facebook Profile:

Data companies of course, do not stop with the information on Twitter, Facebook, and LinkedIn. Intelius, which offers everything from a reverse phone number look up to an employee screening service, said it also collects information from Blogspot, WordPress, MySpace, and YouTube.

This information includes individual email addresses and screen names, web site addresses, interests, and professional history, Intelius said. It offers a “Social Network Search” on its website that allows you to enter someone’s name and see a record of social media URLs for that person.

And that’s just the start. Companies like Acxiom collect likes, shares, and recommendations to build out a profile of consumers on behalf of their clients – something they say benefits consumers. (In return for our data, they say, we get cheap or free access to services like Facebook and more relevant advertising.) In its response to Congress, Acxiom [PDF] said its clients in 2009 included the following…

47 Fortune 100 clients

8 of the top 10 credit card issuers

4 of the top 5 retail banks

7 of the top 10 telecom/media companies

5 of the top 10 retailers

7 of the top 10 automotive manufacturers

3 of the top 10 brokerage firms

6 of the top 10 technology companies

3 of the top 5 pharmaceutical manufacturers

4 of the top 10 life/health insurance providers

7 of the top 10 property and casualty insurers

7 of the top 10 lodging companies

3 of the top 5 domestic airlines

6 of the top 10 U.S. hotels

4 of the top 5 gaming companies

5 of the 13 largest U.S. federal government agencies

Both major national political parties

Just how much are we worth to these companies? And is there anything we can do about how they get and use our info?

Fixing your privacy settings

The answer to both questions might come from a relatively new tool (released last month) called Privacyfix. It’s a browser plug-in for Firefox and Chrome that analyzes your privacy settings across data-rich social networking sites like Google and Facebook, and any other websites you’ve visited.

When you first install it, you’ll be greeted with a page that tells you what percentage of sites you’ve visited Facebook tracks (for me, 86 percent) and an estimate of how much you’re worth to Facebook per year (just $3.32 here – sorry, Zuckerberg).

Along the right side, you’ll see a number of settings you can “fix,” and each will be explained as you move your cursor over it. These include excluding your Facebook profile from search engine results, blocking your friends from inadvertently sharing your personal information, making your postings private (visible only to friends) by default, and so on. Clicking on any of these will take you step-by-step through the process, explaining why you would want to change the setting and what the potential downside is. You don’t have to “fix” anything you don’t want to, and you can always undo the changes.

When you’re ready to go to the next section, you’ll see a blue “next” button below the right-side column of Facebook issues you can fix. Or, in a bar along the top, you can skip to whatever section you want.

You’ll go through similar Google settings next. (Google tracks data on 37 percent of websites I visit and makes around $1,174 per year from ads at my activity level.) Then, you’ll move on to a list of other websites you’ve visited, categorized by icon into “Websites sharing data” and “Websites with other issues.”

The fix button here lets you automatically generate an email letter requesting the removal of your personal information on every site you specify. Meanwhile, moving your cursor over any icon shows you the particular problems with that site – for instance, whether it shares information with third parties, whether it notifies you about it, and whether it is known to honor deletion requests.

Just because a website’s icon is on the list doesn’t mean it’s bad: Many of mine say “personal data is not generally shared” and “deletion requests are honored” with green checkmarks, and usually the only red caution mark is next to “no assurance of notice if data is requested.” But if that data is not shared, I’m not too concerned about hypothetical notices.

Next you’ll go to a page on cookies, tiny files stored on your computer that can keep you logged into sites, save your preferences, store passwords, or do what Privacyfix is worried about: track you. The tool can help you delete these cookies in a snap.

Story continues