Establishing Digital Trust: Don't Sacrifice Security for Convenience
Georgia Secretary of State Brian Kemp recently announced that his office learned on November 13, 2015 that, due to a clerical error, all of the state's registered voters' personal information was included on CDs sent to 12 groups in mid-October, including state political parties and members of the media.
The information potentially exposed includes names, addresses, birthdates, Social Security numbers (if provided), driver's license numbers (if provided), voter registration numbers, phone numbers (if provided), gender (if provided), race (if provided), and voter precinct information.
The following 12 groups received the discs, the Atlanta Journal-Constitution reports: the Georgia Democratic Party, the Georgia Republican Party, the Georgia Libertarian Party, the Independence Party of Georgia, the Southern Party of Georgia, the Atlanta Journal-Constitution, the Macon Telegraph, the Savannah Morning News, Georgia GunOwner Magazine, Georgia Pundit, News Publishing Co., and RedState.
As of November 19, 2015, the Secretary of State's office confirmed that all 12 discs had been accounted for -- nine had been retrieved, and the other three were confirmed to have been disposed of by the recipients.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"The discs were mailed to the recipients on October 13, 2015, but other than the IT employee responsible for the error, the office was not aware the discs contained sensitive personal information until Friday, November 13, 2015," the Secretary of State's office said.
"I take full responsibility for this mistake and have taken immediate action to resolve it," Kemp said in a statement. "The employee at fault has been fired, and I have put in place additional safeguards effective immediately to ensure this situation does not happen again."
"Moving forward, the secure site for voter data downloads will be locked to prevent changes by any employee other than the Chief Information Officer acting at my direction," Kemp added. "Further, a three-part check will be required before a disc containing the statewide voter file can be released to the public."
In response, two Georgia residents have filed a class action lawsuit claiming that 6,184,281 registered voters' personal information was included on the discs, and demanding that Kemp's office proactively notify all voters of the incident and make credit monitoring services available to those who want them.