The Georgia Secretary of State's Office has refused to release public documents that likely detail how a massive data breach in the office happened and exactly how outside groups handled more than 6 million voters' personal information.
Among documents the office will not release because of an ongoing internal investigation are the field notes from investigators describing how 12 organizations handled sensitive data including Social Security numbers and birth dates accidentally given to them on compact discs a month before officials discovered the breach.
The Secretary of State's Office also refused to release the personnel file of the IT employee fired two weeks ago because of what Secretary of State Brian Kemp called a "clerical error."
State law allows agencies to exempt public documents from disclosure if they relate to an open internal investigation. Officials said they would release the documents once they completed their review.
The move to shield them now, however, angered some lawmakers who have criticized Secretary of State Brian Kemp for how he has handled the gaffe. It also came as the League of Women Voters of Georgia on Monday formally asked Gov. Nathan Deal to open an independent inquiry into the mess.
“It is hard to comprehend how the Secretary of State’s Office is refusing to produce documents because of a pending investigation,” said state Rep. Scott Holcomb, D-Atlanta. “Didn’t the Secretary of State’s Office complete its investigation before it terminated an employee? And didn’t the Secretary of State publicly state that everything has been corrected? If so, what’s the hold up?”
Anyone registered to vote in Georgia was affected by the disclosure —- some 6.2 million people.
Kemp has said the employee he fired inadvertently added the personal data to a public statewide voter file before it was sent out last month to 12 organizations that regularly subscribe to “voter lists” maintained by the state.
The groups receiving the data included state political parties, news media organizations and Georgia GunOwner Magazine.
Kemp, who says he became aware of the breach Nov. 13, has said all 12 data discs illegally disclosing the private information have either been recovered or destroyed, and that the data was not disseminated. He also denied the disclosure was a breach of the state’s voter registration system, saying the system itself was not hacked.