A Republican state senator has joined the ranks of those requesting Georgia Secretary of State Brian Kemp release public records detailing how a massive data breach in the office happened and exactly how outside groups handled more than 6 million voters' personal information.
State Sen. Bruce Thompson, R-Cartersville, also seemed to express doubts about how Kemp has handled the gaffe, which The Atlanta Journal-Constitution made public in mid-November.
“Many of us do not share your office’s confidence that this information has not been copied to another disk or computer, and that the risk has been mitigated.” Thompson wrote Friday in a private letter to Kemp, a copy of which was obtained by the AJC.
“Constituents are particularly concerned why the public was not made aware in a timelier manner,” Thompson wrote. “After all, it is their personal information that has been compromised.”
“I hope that upon release of these documents we can have a constructive discussion about policies that can be taken to ensure 1) protection of data, and 2) timely responses from government officials when situations of this magnitude occur,” Thompson wrote.
Kemp responded in a statement Monday, saying: “As I have said many times before, my office is conducting an internal investigation into this issue. As soon as that investigation is finalized, which will be soon, my office will release our findings as well as any documents related to the investigation.”
Thompson's letter came the same day the Georgia chapter of the Society of Professional Journalists also urged Kemp to release documents related to the breach.
The law allows state agencies to exempt public documents from disclosure if they relate to an open internal investigation, although non-disclosure is not mandatory in most cases.
Kemp officials have said the law allows them to shield records related to the suspension, firing or investigation of complaints against public officers or employees.
In statements to the AJC on Monday, Thompson said he considered Kemp a friend.
But, he added, “because a breach did occur, it is important that government be transparent about the processes,” Thompson said. “My constituents expect me to act as their advocate in state government.”
Among the documents the office will not release are the field notes from investigators describing how 12 organizations handled compact discs containing sensitive data that were accidentally given to them in October. Officials discovered the breach of information, including voters’ Social Security numbers and birth dates, a month later. The agency also refused to release the personnel file of the information technology employee fired two weeks ago after what Kemp called a “clerical error.”
That worker, longtime state programmer Gary Cooley, has disputed Kemp's version of events and last week told the AJC that he did not have the security access to add millions of Social Security numbers and birth dates to a public data file. Cooley instead outlined a more complicated series of missteps and miscommunications, both within the office and with PCC Technology Group, an outside vendor tasked with managing voter data for the state.
Kemp has said all 12 data discs illegally disclosing the private information have either been recovered or destroyed, and that the data were not disseminated. Last week, he announced plans to offer voters a year of free credit and identity theft monitoring services.
About the Author
