The Georgia Secretary of State’s Office has refused to release public documents that likely detail how a massive data breach in the office happened and exactly how outside groups handled more than 6 million voters’ personal information.
Among the documents the office will not release because of an ongoing internal investigation are the field notes from investigators describing how 12 organizations handled sensitive data including Social Security numbers and birth dates accidentally given to them on compact discs a month before officials discovered the breach.
Among the documents the office will not release because of an ongoing internal investigation are the field notes from investigators describing how 12 organizations handled compact discs containing sensitive data that were accidentally given to them. Officials say they discovered the breach of information, including Social Security numbers and birth dates, a month after the breach.
The Secretary of State’s Office also refused to release the personnel file of the information technology employee fired two weeks ago following what Secretary of State Brian Kemp called a “clerical error.”
State law allows agencies to exempt public documents from disclosure if they relate to an open internal investigation. Officials said they would release the documents once they completed their review.
The move to shield them now, however, angered some lawmakers who have criticized Kemp for how he has handled the gaffe. It also came as the League of Women Voters of Georgia on Monday formally asked Gov. Nathan Deal to open an independent inquiry into the release.
“It is hard to comprehend how the Secretary of State’s Office is refusing to produce documents because of a pending investigation,” said state Rep. Scott Holcomb, D-Atlanta. “Didn’t the Secretary of State’s Office complete its investigation before it terminated an employee? And didn’t the secretary of state publicly state that everything has been corrected? If so, what’s the holdup?”
Anyone registered to vote in Georgia was affected by the disclosure — some 6.2 million people.
Kemp has said the employee he fired inadvertently added the personal data to a public statewide voter file before it was sent out last month to 12 organizations that regularly subscribe to “voter lists” maintained by the state.
The groups receiving the data included state political parties, news media organizations and Georgia GunOwner Magazine.
Kemp, who says he became aware of the breach Nov. 13, has said all 12 data discs illegally disclosing the private information have either been recovered or destroyed, and that the data were not disseminated. He also denied the disclosure was a breach of the state’s voter registration system, saying the system itself was not hacked.
Support real journalism. Support local journalism. Subscribe to The Atlanta Journal-Constitution today. See offers.
Your subscription to the Atlanta Journal-Constitution funds in-depth reporting and investigations that keep you informed. Thank you for supporting real journalism.