Secretary of State Brian Kemp’s explanation of the release and retrieval of voter’s private personal information

The release of private information of Georgia voters maintained by the Secretary of State’s office and its steps to retrieve the released information has raised serious and reasonable questions, concerns and fears.   The following is the Secretary of State Brian Kemp’s statement and explanation regarding his office’s handling of the matter and how voters who have further questions may contact his office:



Secretary of State Brian Kemp today announced his office has secured all 12 discs sent from his office that contained personally identifiable voter information.

“As of 11 a.m [November 19, 2015], all 12 discs containing sensitive voter information have been retrieved or destroyed,” Kemp said. “My staff has verified with the media outlets and political parties that received these discs that they have not copied or otherwise disseminated confidential voter data to outside sources. I am confident that our voters’ personal information has not been compromised.”

“I take full responsibility for this mistake and have taken immediate action to resolve it. The employee at fault has been fired, and I have put in place additional safeguards effective immediately to ensure this situation does not happen again.” 

“Moving forward, the secure site for voter data downloads will be locked to prevent changes by any employee other than the Chief Information Officer acting at my direction. Further, a three-part check will be required before a disc containing the statewide voter file can be released to the public. It is my top priority to protect the personal information of all Georgians.”

For additional information or assistance, voters can contact the Secretary of State Office’s dedicated hotline for this issue: 404-654-6045.

The following statement detailing this situation was posted on Kemp’s website earlier today:

On Friday, November 13, 2015, my office learned that voters’ personal information was inadvertently included on a statewide voter file that was sent to twelve groups on October 13, 2015. 

As a standard practice, these twelve groups, comprised of Georgia’s news media and political parties, receive a computer disk with an updated list of all of Georgia’s registered voters every month. This information is available to them per existing Georgia law. 

However, in October, a clerical error in the IT Division led to these discs containing personal identifying information that should not have been included. Other than the employee who made the error, this error was not known until Friday, November 13, 2015 when an organization that received a disc notified the Secretary of State’s office. The IT employee responsible has been fired for breaking internal rules governing the release of this information. 

Upon learning of this mistake, my office took immediate action to retrieve the discs and to confirm that the recipients had not copied or otherwise disseminated the data. 

All twelve discs have been accounted for. Each recipient, including the Georgia Republican Party and the Georgia Democratic Party, has confirmed that the data was not retained or disseminated to any outside parties. 

To reiterate, the Georgia Voter Registration System was not breached. The system has been and remains secure. This issue was caused by a clerical error that has been remedied. While information was included on those twelve discs that should not have been, we are confident that the information has now been secured.

I take full responsibility for this mistake and want to assure Georgia’s citizens that it is my top priority to protect their personal information. I have put in place additional safeguards to insure this situation does not happen again.


  1. gcp says:

    ” I take full responsibility ” tranlates to ” I was in charge but it’s not my fault”. Such a response is typical of bureaucrats and politicians when they screw up.

  2. saltycracker says:

    1. The system was breached by websters definition.
    2. It is a screw up and in zero tolerance territory.
    3. It is a continuation of embarrassments.

    Maybe the elected need a few more beers with their distributor.

  3. Will Durant says:

    I’ll just parse the first paragraph concerning the sleight of hand being attempted to have the public focus on the disposition of the 12 physical discs as opposed to the larger issues of a dysfunctional agency:

    “My staff has verified with the media outlets and political parties that received these discs that they have not copied or otherwise disseminated confidential voter data to outside sources.”

    Of course they copied the discs. No one this day in age would utilize the raw data directly from a CDR, too slow and you wouldn’t risk your only copy of the data to loss from a single scratch. The most likely scenario for larger organizations would be that a database administrator would import it to an existing database for their own dissemination of the voter list. We can only hope that their import was keyed to the normal fields and did not pick up the additional SSN & DLN fields. A smaller organization like Peach Pundit as noted by Mr. Wagar just copies the file in total to a local drive. His disc and undoubtedly most of, if not all of the others were not treated as confidential data because the normal distribution only contained public domain data.

    The copying could be relegated to a clerical type since it isn’t sensitive. It could have just been copied to a public area on a server for anyone to read. It could have been turned over to an outside vendor who functions as their DBA. Three of the discs were not returnable including Mr. Wagar’s which was simply trashed because, why not it wasn’t sensitive data to his knowledge. I even shred my junk mail and corporations that deal with truly sensitive data shred employee hard drives, the only guaranteed method of permanent deletion. Regardless of all of this the only certainty is that there is no possible way that the Secretary’s statement regarding the handling of this data can be this certain. Dozens, if not hundreds of people have had access to the data. To simply give an assurance that there wasn’t one bad apple in that barrel is at best naïve.

    “I am confident that our voters’ personal information has not been compromised.”

    I am not nor should anyone else be that is reading this hooey.

  4. Andrew C. Pope says:

    I bet he’s sitting smugly in his office, congratulating himself for the great job he did in “controlling” this situation. The man is as oblivious as he is incompetent.

  5. John Konop says:

    I have known Brian for a long time from years ago. He is a very nice guy from my dealings with him in the past, and he is well spoken. Obviously this was a screw up, but no need for the personal shots at him. Much easier to kick people when they are down. In no way am I defending what happen, but Brian is a good guy.

    • Will Durant says:

      He may be a nice guy. Few politicians are not, at least outwardly. On this issue he has not been forthcoming and now he is dissembling with this statement.

      • South Fulton Guy says:

        Thank you Will for the new vocabulary word for me:


        1. to give a false or misleading appearance to; conceal the truth or real nature of: to dissemble one’s incompetence in business.
        2. to put on the appearance of; feign: to dissemble innocence.
        3. Obsolete. to let pass unnoticed; ignore.

        • Will Durant says:

          Yanno, I can’t recall ever hearing the word used outside of the political arena. I think I first had to look it up reading something from my namesake. Though if you substitute the word government for business in the first example that is exactly what we have here.

    • Doug Deal says:

      This is nonsense. Nearly every sociopath is a “nice guy” and unfortunately a number of them become politicians due to the core competency overlap.

      He obviously is in over his head and is simply using this as a stepping stone to run for governor. Likely because it was supposedly a safe spot, unlike controversial ones like AG, education or even insurance commissioner. Somehow he has still managed to screw things up in new never before imagined ways.

  6. Doug Deal says:

    This “explanation” demonstrates that they have no IT infrastructure that is worth a damn.

    The data pull for these records should be in set queries and scripts that are simply run when needed. Are they telling us that they compose a new query each and every time and this scapegoat accidentally included the ssn field, or are they saying that their automated script pulls the ssn by default and then some clerk removes it before making the disks.

    Either way, this is insanity when dealing with PII data. It is bordering on criminal negligence. And to think that recovering these disks does ANYTHING to cover up the breach is naivety at best and more likely points to the gross incompetence that we have come to expect from this SoS.

    I have purchased this disk myself on several occasions and the very first thing I do is parse it into my database and correct the myriad of errors in the data. I then dispose of the worthless piece of plastic. Because of how the data was often corrupted and plagued with errors, I also imported in a raw format and let my scripts then assign it to the right columns.

    Their belief that the data breach has been plugged is a belief that of the at least 12, but maybe as many as 50 who would have had some kind of access to the data did what they said and didn’t take a cut for themselves. Even if done with the best of intentions, what is the guarantee that this was not then sent to other people, even if just out of curiosity? And once in the wild, it is then open to anyone who happens upon it.

    These are the keys to people’s lives, finances and identities, yet this moron thinks that it is no big deal and takes “responsibility” by ending someone else’s livelihood.

    What a jerk. With the problems that have come under his watch, he needs to resign.

Comments are closed.