Data security on the campaign trail

From your online shopping habits and geographic location to the direction of your political interests, candidates running for office are regularly collecting your data. This probably doesn’t come as a surprise, but have you ever stopped to think, “What are they doing with that data?”

There is a major conversation surrounding data privacy and security in terms of political campaigns and elections. Just a few months ago, a data breach in the Philippines exposed more than 200,000 email addresses, 1 million passport numbers and 15 million fingerprint records that belonged to voters.

Recently, I spoke with Taylor Armerding at CSO Online about the present cause for concern surrounding big data and the election. Voters today simply aren’t aware of the risk that political campaigns pose to their privacy and security – but awareness about those risks is key. Below are a couple of things you should know about election data before you head to the polls.

How are politicians collecting voter data?

To save time, politicians often pull voter data from open source tools and data aggregation platforms in order to avoid developing their own databases. These tools stack, rank and create clusters of like-minded voters to build different buyer personas.

Because the data typically comes from a third-party vendor, campaigns have very little control over that data – which also means they’re unaware of the security backing it up. This leaves politicians at a dead end, forced to take the vendor’s word that the service is actually secure. When working with vendors, candidates should protect their constituents’ security by asking questions like, “How is voter data being protected?” and, “Who has access to voters’ private information?”

How can political campaign teams improve their security efforts?

One way to protect election data is by adding a security expert to the campaign team. Brenda Leong, senior counsel and director of operations at the Future of Privacy Forum, told CSO, “We recommend that every campaign have a chief privacy officer to monitor just these issues.”

Presidential nominees naturally refrain from publishing private information relating to their campaigns and their voters, but that tendency won’t always protect them from a data leak. A lot of the time, they don’t even know what data is in their possession. For added security, campaigns should invest in tools and services that help create a 360-degree view of their stored data. In this way, data awareness helps the campaign take responsibility for voter information.

Read more true data security stories.

  Like This
Andrew Hay

Andrew Hay

With over 15 years of data security experience in various roles inside organizations as well as advising them, Andrew serves as the chief information security officer at DataGravity. He is responsible for the development and delivery of the company’s comprehensive data security strategy. Prior to DataGravity, Andrew was the director of research at OpenDNS (acquired by Cisco) and the director of applied security research and chief evangelist at CloudPassage.