As the primaries leading to the 2016 presidential election get underway, the increasing use of big data in political campaigns has largely stayed under the radar. John Kasich’s spending in New Hampshire highlights that a component of his success may have been his investment in data and work with the Koch Brothers-affiliated data firm i360 to target independent voters who were likely to make their voting decisions in the hours leading up to the primary. Barack Obama’s superior technology and data strategies are credited, in part, for his success in 2008 and 2012. The Democratic National Convention’s temporary suspension of Bernie Sanders’ access to the DNC voter database due to staffers’ unauthorized access to Hilary Clinton’s data has further shed light on the importance of data to the campaigns. However, the protection and security of data collected by campaigns, given the amount and the specificity of data collected on individuals, has had little focused attention.
The risks associated with campaign data collection are significant as many campaigns are fleeting, have fewer incentives to ensure security of data and collect more (and more detailed) information than many retailers or other businesses. The Online Trust Alliance (OTA) recently released its new guide and analysis of 2015 data breaches, citing a rise in targeted cyber-attacks based on, among other things, the value of data a company possesses. The OTA further found that approximately 30% of data breaches in 2015 related to a “lack of internal controls.” These trends suggest that political campaigns may be prime targets for hackers as the campaigns possess valuable and detailed data on individuals and there are no standards for internal control such as encryption standards or password management standards. While the Federal Trade Commission has been active in seeking transparency and accountability for data brokers, no federal law requires data brokers to maintain the privacy of consumer data used in political campaigns, sets standards for the security of data used in political campaigns or allows voters to know what information has been collected about them or to correct inaccuracies in the data.
As campaigns big and small become more sophisticated users and collectors of data, the risk associated with a failure to maintain data security best practices becomes great. Political campaigns should consider data security a priority as the public’s trust is on the line. Voters and political parties should ensure that political campaigns are accountable for employing data security best practices to maintain the public’s trust and avoid this ticking time bomb of data vulnerability.