secretary of statevoter privacyadrian fontesaddress confidentialityelection securitygovernment accountability

Prescott: Arizona Secretary of State Exposed 373 Protected Voters' Addresses and Phone Numbers in Privacy Breach

M

Marcus Whitfield

The Breach

The Arizona Secretary of State's Office accidentally released the home addresses and telephone numbers of 373 voters whose information state law requires to be kept private, according to records obtained by Votebeat.

The error exposed people enrolled in Arizona's address confidentiality program. That program includes victims of domestic violence, sexual assault, and stalking. It also covers voters protected by court order, including judges, prosecutors, and law enforcement officials.

Prescott-area voters who are enrolled in the program could be among those whose information was released.

How It Happened

The mistake originated in February 2024, according to internal emails. A records analyst asked Craig Stender, then the director of voter registration, administration, and technology at the secretary of state's office, for help pulling voter data to fulfill public records requests.

Stender advised the analyst to pull the information in a way that bypassed the office's standard safeguards, according to emails reviewed by Votebeat. The normal protocol requires staff to run a public-facing report that automatically removes protected voters from the final list. A second staff member is then supposed to double-check the results.

That second check never happened.

The error went undiscovered for nearly nine months. During that time, the voters' personal information was released to multiple political and consumer data firms through the office's routine public records request process.

The Aftermath

State law says the secretary of state "shall not disclose any address or telephone number" of voters enrolled in the address confidentiality program unless required by a court order or in response to a request by another state or local government entity.

Weeks before the 2024 presidential election, officials attempted to claw back the information and notified impacted voters, according to the emails.

"We certainly apologize for it, and we're doing all we can to try to make sure [the affected voters are] aware that it happened, be transparent about it, and frankly, hold people accountable," Keely Varvel, chief of staff to Secretary of State Adrian Fontes, told Votebeat.

The secretary of state's office ultimately fired Stender, saying he caused the error by incorrectly instructing the records analyst. Records show Stender disputed those allegations.

Voters Left Alarmed

Only a handful of the 373 people affected responded to the notice sent by the secretary of state's office. Those who did expressed concern about what entities had obtained their addresses and phone numbers.

One voter asked, "What date this breach happened, and who you released my information to."

Another, a police officer who had long had their information protected through the court system, asked: "What does the AZ Secretary of State plan to do about this to protect us."

A Breach of Trust

State Sen. J.D. Mesnard, a Republican who sponsored the legislation establishing Arizona's voter confidentiality program, called the error "a breach of trust."

"It's possible that they'll have covered their tracks sufficiently enough that there won't be any damage, and no one will ever know the difference," Mesnard said. "But it's definitely, I'm sure, going to put doubt in people's minds. The trust factor is broken, and they're always going to wonder, how protected is it?"

Ian Lamoreaux, a forensic psychiatrist who specializes in violence risk assessment, said the situation was "definitely unsettling" for those on the protected list.

"There's some expectation of privacy," Lamoreaux said. "There's an expectation that there's a system in place that is going to protect you, that's going to keep you safe from those who are out there wanting to do harm, and then that protective layer is pretty suddenly and kind of strikingly just stripped away."

The secretary of state's office responded to concerned voters by releasing documents showing which entities had received their information and what steps those recipients took after the state asked them to delete the data.

Varvel told Votebeat that the office had "policies and procedures in place which should have prevented it."

"Unfortunately, we have members of our staff that fell down on the job and didn't follow those policies and procedures," she said. "So, we have done what we can to try to rectify the problem, but we certainly know that's not making it go away."

It remains unclear whether any of the exposed voters faced actual harm as a result of the state's mistake.

Related Articles