UPDATE ON GEORGIA’S VOTER REGISTRATION DATABASE SECURITY
the public fully informed, here are the facts as they stand concerning the
security of Georgia’s Voter Registration Database.
- The Secretary of State’s Office is required by
law to share voter registration information with news media and political
parties. My office provides an update to these 12 organizations
every month. One IT employee who was responsible for managing voter
registration information made a mistake and shared personal voter
information with these 12 groups in October.
- This employee knew he made a mistake but did not
notify anyone. I eventually found out about it late Friday afternoon
when one of the recipients called to inform me of this extra information.
- I immediately took action, investigated to find
out the facts, and by Monday morning we had state investigators contacting
these 12 organizations to retrieve the discs with the information.
- To be clear - the voter registration system was
not hacked. Human error led to this information being shared
with media and political parties. All 12 discs have been recovered
or confirmed they were destroyed by the recipients. I am confident
that all voter information is secure and safe.
- A similar, but more limited, situation occurred
once before in October of 2012. An example is an Oconee county voter
registration list was sent out with additional information. All of
the information was recovered at that time.
- This was one of the problems that exposed that
the long time IT bureaucracy in the agency was broken, so I hired a top
consulting team to help completely restructure the entire IT
department. We hired almost all new
personnel. We also implemented an
all new Voter Registration System that remains secure today.
- Part of this overhaul was new security procedures
that this IT employee did not follow. His violation of the rules led to this
today, here’s where we stand:
- The IT employee has been fired. I can
confirm all of the discs have been secured or destroyed.
- I am in
the process of engaging Ernst & Young, a top professional services firm
with specialization in IT security, to conduct a thorough, top to bottom
review of our IT policies and procedures.
- In the meantime, I have implemented strict new
rules governing the release of voter information. Only the Chief Information Officer can
make changes to the voter registration database, and only at my explicit
direction. Before any voter
registration information is released, it will be reviewed by three of my
senior staff. This will not happen
- I want to thank the news media and the political
parties involved for working with us to resolve this unfortunate situation
quickly. They acted responsibly and voters can rest assured their
information is safe.
- If voters have any questions about this issue or
need assistance, please visit our website or call our hotline set up for
this issue: 404.654.6045.
Brian Kemp has been Secretary of State since January 2010. Among the office’s wide-ranging responsibilities, the Secretary of State is charged with conducting secure, accessible, and fair elections, the registration of corporations, and the regulation of securities, charities, and professional license holders.