Update on Georgia's Voter Registration Database Security
To keep the public fully informed, here are the facts as they stand concerning the security of Georgia’s Voter Registration Database.
• The Secretary of State’s Office is required by law to share voter registration information with news media and political parties. My office provides an update to these 12 organizations every month. One IT employee who was responsible for managing voter registration information made a mistake and shared personal voter information with these 12 groups in October.
• This employee knew he made a mistake but did not notify anyone. I eventually found out about it late Friday afternoon when one of the recipients called to inform me of this extra information.
• I immediately took action, investigated to find out the facts, and by Monday morning we had state investigators contacting these 12 organizations to retrieve the discs with the information.
• To be clear - the voter registration system was not hacked. Human error led to this information being shared with media and political parties. All 12 discs have been recovered or confirmed they were destroyed by the recipients. I am confident that all voter information is secure and safe.
• A similar, but more limited, situation occurred once before in October of 2012. An example is an Oconee county voter registration list was sent out with additional information. All of the information was recovered at that time.
• This was one of the problems that exposed that the long time IT bureaucracy in the agency was broken, so I hired a top consulting team to help completely restructure the entire IT department. We hired almost all new personnel. We also implemented an all new Voter Registration System that remains secure today.
• Part of this overhaul was new security procedures that this IT employee did not follow. His violation of the rules led to this human error. As of today, here’s where we stand: • The IT employee has been fired. I can confirm all of the discs have been secured or destroyed.
• I am in the process of engaging Ernst & Young, a top international auditing firm that specializes in IT security, to conduct a thorough, top to bottom review of our entire operation.
• In the meantime, I have implemented strict new rules governing the release of voter information. Only the Chief Information Officer can make changes to the voter registration database, and only at my explicit direction. Before any voter registration information is released, it will be reviewed by three of my senior staff. This will not happen again.
• I want to thank the news media and the political parties involved for working with us to resolve this unfortunate situation quickly. They acted responsibly and voters can rest assured their information is safe.
• If voters have any questions about this issue or need assistance, please visit our website or call our hotline set up for this issue: 404.654.6045. Brian Kemp has been Secretary of State since January 2010. Among the office’s wide-ranging responsibilities, the Secretary of State is charged with conducting secure, accessible, and fair elections, the registration of corporations, and the regulation of securities, charities, and professional license holders.