Georgia secertary of state hires firm to audit agency security

Personal voter information improperly released has been returned or destroyed, Secertary Brian Kemp says

Getting your Trinity Audio player ready...

By Staff Reports

[email protected]

ATLANTA — Georgia Secretary of State Brian Kemp said late Friday that he is hiring an accounting firm that he described as a “top international” company that deals with information technology security to give his agency a “top to bottom” review following the improper release of personal information of 6 million state voters.

Kemp said in the statement that he emailed to news organizations that a “similar, but more limited, situation” occurred three years ago and that in both instances, the problem stemmed from human error, not the hacking of Georgia’s voter registration system.

The secretary of state said all 12 of the discs that were released to news or political organizations with information such as birth dates and Social Security numbers have been recovered or destroyed. An IT employee who Kemp said violated security procedures, leading to the release of the personal voter information, has been fired.

“I am in the process of engaging Ernst & Young, a top international auditing firm that specializes in IT security, to conduct a thorough, top to bottom review of our entire operation,” he said.

Kemp said his office is required by law to share voter registration information with news media and political parties and that the office provides that information monthly to the dozen organizations that received the discs with the personal information included. He said the employee knew he had made a mistake but did not report it, which Kemp learning of the problem on Nov. 13 when one of the organizations contacted him about it. State investigators were in contact with the 12 organizations Monday to retrieve the data, he said.

“To be clear — the voter registration system was not hacked,” Kemp said. “Human error led to this information being shared with media and political parties. … I am confident that all voter information is secure and safe.”

He said an Oconee County voter registration list was sent out with extra information on the voters in October 2012, and that information was recovered as well. That problem exposed as the agency’s IT bureaucracy “was broken” and led to the hiring of consultants to restructure the IT department.

“We hired almost all new personnel,” Kemp said. “We also implemented an all new Voter Registration System that remains secure today. Part of this overhaul was new security procedures that this IT employee did not follow.”

In the meantime, he said, he has implemented “strict new rules” on releasing voter information. Now, he said, only the chief information officer can change the voter registration database at Kemp’s “explicit direction” and three senior staffers will review it before any information is released.

Voters with questions can contact the agency’s website or call a hotline set up for this issue: (404) 654.6045.

Attention home delivery customers:
Starting March 4, your paper will be delivered by the post office.

We appreciate your patience.
Questions? Call 229-888-9300.

Sovrn Pixel