While voter registration records (including voter names, birthdates, addresses, phone numbers and email addresses) are generally public under Florida law, “high-professionals” such as law enforcement officials, judges and high-level state officials are allowed to request an exemption from such disclosure.
In this case, 15 CDs containing high-risk professionals’ personal information were sent by mistake to people requesting voter registration records. All recipients of the CDs have been asked to disregard, destroy and/or return them, and all those potentially affected are being notified.
“While the incident is still being investigated, it has been determined that the release of the non-confidential information was due to a malfunction in the automated software used to process record extract requests and the department is taking action to prevent future occurrences,” the Florida Department of State said in a statement.
Malfunctions and human error continue to a significant factor in data breaches worldwide. Earlier in March, Texas A&M University announced that the Social Security numbers of 4,697 faculty and graduate assistants had been mistakenly published on a university website, according to KBTX; the UK’s Barnoldswick Medical Centre acknowledged that almost 500 patients’ email addresses were mistakenly circulated on a patient survey, according to Pendle Today; and New Zealand’s Southern District Health Board apologized for accidentally sending 60 patients’ private health information to a member of the public, according to The Southland Times.
According to a recent CompTIA report, human error is a more significant issue than many companies realize. “While only 30 percent of companies rate this as a serious concern, they also report that the human element accounts for 52 percent of the root cause of security breaches,” the report states.
“Training is the clear answer for mitigating human error, but companies struggle with understanding how to make an investment in training,” the report adds. “Only 54 percent of companies offer some form of cybersecurity training, with the format most often being new employee orientation or some kind of annual refresher course.”
A recent eSecurity Planet article offered advice on how to offer security awareness training that works.