On Tuesday, polls will be open to voters in eight states, including California, which holds gubernatorial primaries among many other national, state, and local elections. Under California law (Section 2194 of the Election Code), voter data (name, address, phone, age, party affiliation) is supposed to be “confidential and shall not appear on any computer terminal… or other medium routinely available to the public.” However, there’s a big exception to that law: this data can be made available to political campaigns, including companies that provide digital analysis services to campaigns. In other words, candidates and their contractors can get voter data, but there’s little definition in the law about how those parties are required to be custodians of that data and how that data ought to be secured.
“Campaigns are totally reckless with voter data—there’s no question about it,” said Kim Alexander, the president of the California Voter Foundation, a non-partisan organization that works on the logistics of voting in the Golden State.
It’s worth noting that private voter data is often handled very cavalierly in many contests in the United States. In addition to recent controversies involving the Trump campaign, Cambridge Analytica, and others, there have been many large-scale breaches.
In 2015, for example, Georgia sent out physical CDs containing a slew of personal information for 6 million voters. Earlier this year, The Sacramento Bee inadvertently exposed voter data on more than 19.5 million California voters.