There’s no question that the upcoming presidential election is sparking strong feelings among voters from all backgrounds, regions and political inclinations. Meanwhile, campaign staffers are constantly seeking new ways to collect voter data and reach their audiences when it counts. And as the majority of Americans go about their daily online browsing routines, they’re sharing personal information with the managers of those campaigns.
From your Facebook friends and “likes” to your purchase history on Amazon, your personal data helps political candidates profile typical voters and their top concerns. While this activity is no different than any company’s attempts to create buyer personas that represent real consumers, government agencies often rely on more limited resources than organizations in the private sector. As a result, government organizations frequently face security risks – recently, a Philippines-based data breach affected more than 200,000 email addresses, 1 million passport numbers and 15 million fingerprint records belonging to voters.
Awareness is a key factor in understanding – and guarding against – security risks, whether you’re a government agency worker, a campaign volunteer or a voter. Below are three things every participant should know about data security in the coming election season:
The data collected by political staffers isn’t always sensitive – until you add personal information.
As experts poll constituents to gather their opinions on political candidates and trends, the focus is usually on qualitative questions about timely issues. Campaigns then aggregate this data to connect certain preferences with voting habits – so they can discover, for example, if a voter’s amount of children or annual salary correlates with her stance on a political matter.
However, campaigns and political organizations also collect supporters’ contact information, financial data for donations and even social security numbers in their work with the public. When that sensitive information is further informed by qualitative data, it paints a comprehensive picture of individual voters and compounds the security risk at hand.
Data doesn’t disappear when election season ends.
Unless political organizations are forced to delete outdated information, they simply continue to collect data as new election seasons come and go. The third-party software-as-a-service (SaaS) and open source aggregation solutions that help amass databases of voters’ information and preferences can also retain access to that data. As a result, voter security can unknowingly exist at the mercy of the data security solutions and techniques that campaign staffers are using.
Security belongs in voters’ (and campaign managers’) hands.
Of course, voters can refuse to share certain information with campaigns, whether they decline to engage with political social media accounts, restrict the privacy settings on their web browsers or enact any other number of security measures. When dealing with sensitive data, it’s always a good practice to go with one’s gut – if a voter doesn’t feel like she should share certain details with an organization or campaign, she should follow her instinct and avoid it. Voters can also write to their representatives to inquire about how personal information is being used, and if it’s guaranteed to be destroyed in a timely and secure fashion.
It’s also critical that government agencies hold up their end of this agreement and follow those safe data management and disposal practices. By auditing their stored data and fully taking stock of its risks, they can ensure sensitive data is at a minimal risk of exposure. After all, campaign seasons are already fraught with political missteps and perceived gaffes. If a political organization overlooks the exposure of voters’ private data, it risks losing trust and support from valuable constituents – for good.
By Andrew Hay, chief information security officer of DataGravity / With more than 15 years of data security experience in various roles inside organizations as well as advising them, Andrew Hay serves as the chief information security officer at DataGravity. He is responsible for the development and delivery of the company’s comprehensive data security strategy.