Florida Department of State confirms data breach
Florida’s Department of State has now issued a press release about a breach first reported on this site yesterday. Here’s their statement:
The Florida Division of Elections has learned of the inadvertent release of non-confidential voter information that occurred in March following the fulfillment of voter registration record extract requests.
The Division of Elections has confirmed that only non-confidential information was released in the data breach. Confidential information such as social security numbers was not released in the data breach.
The incident involved the inclusion of non-confidential information for high-risk professionals. Although voter registration records are public under Florida Public Records law, individuals designated as high-risk professionals are allowed exemption from having some personal contact information made public.
The Florida Division of Elections has already provided written notice to the recipients of 15 CDs containing the exempt information with instructions to disregard, destroy and/or return the information. The division is also in the process of notifying the affected individuals whose information was inadvertently released.
While the incident is still being investigated, it has been determined that the release of the non-confidential information was due to a malfunction in the automated software used to process record extract requests and the department is taking action to prevent future occurrences.
Affected individuals are unlikely to be impacted. However, if any fraud, threats or harassment believed to be connected to this incident occur, individuals are encouraged to report such incidents to local law enforcement.
PUBLIC RECORD EXEMPTION FOR HIGH-RISK PROFESSIONALS
Voter registration records are public under Florida Public Records law. This means non-confidential information such as a voter’s name, date of birth, address, phone number, and email address are public. The only information that is confidential and exempt under all circumstances are driver’s licenses, state identification cards, and social security numbers.
However, the law does allow select group of high-risk professionals to request an exemption for non-confidential information. Individuals designated as high-risk professionals include, but are not limited to, law enforcement officials, judges and high-level state officials. The professional must make the request in writing to each agency that may have the information in its public records.
A spokesperson for the state informs DataBreaches.net that they are sending individual notification letters this week to 45,173 individuals.
A description of the high-risk categories who can request exemption from disclosure of non-confidential information is provided in this form (h/t, flvoters.com)