Thanks to the new Oliver Stone movie now in theaters, Edward Snowden has been back in the news lately. Disillusioned and alarmed by the virtual mountain of data that was being assembled by the federal government to track all forms of digital communication, Snowden became a hero to some, and traitor to others, after he leaked information about the government’s secret tracking systems to the press.

The government, of course, is not the only player in the data-tracking game. Private industry thrives off of knowing as much as it can about the buying public. And the richest data mines exist online. It may not seem as sinister as when the government tracks someone’s every move, but a wide range of private companies profit by gathering as much information - DMV records, addresses, court judgments - as possible about individuals, and then selling that information to other businesses.

As reported in a recent Bloomberg Businessweek article, for the first time a company has built a profile on every American adult. IDI is a one year-old company in the data-fusion business which, according to Bloomberg, “is the first to centralize and weaponize” all available information about people for its customers. IDI’s customers, in turn, use the data to study their own customers’ behaviors or to dig up other information about individuals.

The information provided by IDI’s database service is extensive. According to CEO Derek Dubner, personal profiles include:

all known addresses, phone numbers, and e-mail addresses; every piece of property ever bought or sold, plus related mortgages; past and present vehicles owned; criminal citations, from speeding tickets on up; voter registration; hunting permits; names and phone numbers of neighbors; and photos of cars taken by private companies using automated license plate readers.

Not surprisingly, IDI’s data is used by private investigators, law firms, debt collectors and government agencies. And the company is making a big push into consumer marketing as well.

Unlike the federal government, the Fourth Amendment to the U.S. Constitution doesn’t restrain private companies from snooping, but there are U.S. privacy laws in place intended to prevent abuses. For example, private investigators must identify a permissible use before accessing information from IDI or similar database services. A number of states have also passed laws in recent years to prevent, for example, employers from snooping on employees’ social media accounts.

As more Americans spend more time online, and share personal information about themselves while doing so, more companies will exploit that information for commercial use. The federal government and state governments continue to pass legislation intended to curb abuses, but as is often the case, slow moving legislatures tend to fight “yesterday’s wars” and only act when a high profile incident occurs. In the meantime, nimble tech companies adapt and find new ways to work within the system.