Data Privacy Matters

Information regarding software solution decisions that every election administrator should be aware of.
Personal security is taken seriously by every individual to varying degrees. If anyone has had their identity stolen that resulted in financial accounts being created in their name and/or fraudulent charges on their credit card is keenly aware of the risk and reality. It’s been said that if you haven’t experienced identity theft, it’s only a matter of time. Many of us take precautions to limit the risk in hopes of deterring the threat, such as: shredding financial documents, not sharing personal information, not clicking on apparent phishing emails or being vigilant about using secure passwords, avoiding the use of birth dates, portions of their social security number especially the last four digits. Most recently, I had my Papa John’s account hacked and my “Papa Dough” was used by a bad actor to get free pizzas at my expense. 

When you’re a victim of identity theft, you feel violated. 

When personal security is managed by the individual, they are in control – as much as possible – and can use the tools known to them to protect their information. However, there are other ways that our information can be unknowingly shared. There are many software companies that offer software at a low cost or even free because they sell the data being captured. 

With the rising threat to election officials, election administrators should exercise caution in the software and services they use, particularly as it deals with our poll workers, the front lines of the great democratic exercise, voting. 

The threat isn’t just to our finances being attacked, but in the election space, MDM  comes into the picture. What would be a better target than the front lines of the voting process? If you want to do harm to the perception of the integrity of elections, eroding trust from the inside out is the way to go. The old adage, “a kingdom divided against itself cannot stand”; in this example, the kingdom is our democracy. 

Information, such as email addresses can be obtained and used to infiltrate your poll workers inboxes with MDM targeting the upcoming elections. Bad actors are clever and will likely use malinformation to sow seeds of doubt. If the front lines can be manipulated to believe false information, or even become skeptical and have doubts, that can perpetuate throughout your poll worker workforce thereby having a grave impact on voters as well, not to mention the added headache as an administrator to dispel another MDM conduit. MDM dissemination in this manner is rendered powerless without poll worker information. We shouldn’t take personal information that we are entrusted with lightly.

How are you protecting your poll worker information? 

As a former election administrator, data security was of the utmost importance and it was protected with all vigilance as it related to our Voter Registration System, Voting Systems and associated software. However, we hadn’t contemplated, or at least hadn’t ventured into other election management systems, such as those that manage poll worker information. Though software, and good software at that, is available to help with the management of scheduling trainings for poll workers at little to no expense, the potential cost is great. These companies turn around and sell the captured data to 3rd parties, therefore relinquishing any control of  where, or how far the data is spread.  However, their hands are tied because that is where their revenue is generated to continue providing their low cost or free solutions. These companies likely have no ill intent towards their customers, however there is cause for concern. Be smart when considering companies that have an attractive product at an attractive price, the devil is the details. Often, in the fine print, a company openly shares the data may be used for marketing or research purposes.  Or used by the company’s other divisions. Those details matter, and those details if not noticed can be the yeast in the dough that can make our democracy and perception thereof go sour. 

We recently had a conversation with an employee of a 3rd party solution for surveys and communication. This individual shared how they loved working with election offices around the country, providing free services, because of the emails and phone numbers they received.  Our election workers are a marketer’s dream: Folks who are mature, well-educated, above average income who have already been vetted as a “good individual”. A list of these individuals can be sold for a good price! 

Just as we are vigilant over protecting our own personal information, we should be concerned, if not more concerned when we are handling the personal information of others. 

The same considerations given to our voter registration systems and voting systems need to be applied to any software solution where personal information is being captured, especially in the election space. With the heightened threat to election workers, a best practice would be to choose a company that doesn’t sell your data. Keep in mind that you will have to pay more for their services because they aren’t selling your data for revenue. When you select a vendor that assures you the data is yours, and no one else’s, you can rest with a good conscience knowing that you are protecting the personal information of those involved in the election process. If you’re an election administrator and thinking of contracting with any software company, know the details of their data privacy policy, there’s likely a link on their website, if not, ask them for it. 

Let’s discuss data privacy policies for a hot minute. Have you ever wondered what it means when the policy says they install “cookies” for a better user experience, and share your information with business partners or sister companies, or just for their own research/ marketing purposes? How will that really impact your privacy, if at all?

In real time, the data aggregator engines compile data from numerous sources to produce a current image of the user, which leads to an even more complex user profile. For example: If John Doe visited an election website, car website, sports website, news website and then viewed his social media, this all can be aggregated and used to create John Doe’s latest profile spotlighting his interests, likes and dislikes, etc… Now this profile can be used for marketing and perhaps for MDM too. 

We think of social media as the platform for spreading MDM, but we must not turn a blind eye to the reality of how low cost and free software can be used indirectly as a potential pandora’s box for the dissemination of targeted MDM. 

Leave no room for doubt that you might be exposing the individuals that you rely upon to serve as your poll workers to be targeted with unwanted solicitations, MDM, or worse, potential identity theft, depending on the data that is being captured. In our fight against MDM, we may be unknowingly fueling it at the same time with the use of software where the data isn’t protected. You can’t put out a fire by pouring gasoline on it, that is in fact what we’re doing when we choose a solution where the data is being sold.