ATLANTA — A report released Monday by Secretary of State Brian Kemp faults a single employee for the release of all Georgia registered voters' personal information.
The 30-page report is the fullest accounting yet from Kemp's office after a lawsuit filed last month revealed nearly 6.2 million voters' Social Security numbers, driver's license numbers and birth dates had been released to media outlets and political parties.
The report, produced by two of Kemp's deputies, faulted an employee in the office's Information Technology Division for violating policies and procedures, being unclear with a contractor and giving another employee his login to access a file containing voters' information.
Gary Cooley, who was fired Nov. 17, had not been named by Kemp's office before the report's release. Cooley, reached by phone Monday evening, said he was still reviewing the report and planned to release a response Tuesday.
"There are a number of untrue statements," Cooley said, adding "it's clear the secretary of state is trying to throw me under the bus."
Gov. Nathan Deal also signed an executive order Monday appointing three private-practice lawyers as special attorneys general representing Kemp in the lawsuit filed by two Georgia voters. No cost estimate was provided.
Deal's executive order said Attorney General Sam Olens and the Georgia Department of Law declined to represent Kemp "due to the potential conflict of interest." A spokesman for Olens said the office's consumer protection responsibilities could cause a conflict.
The report from Kemp's office traced the release of voters' birth dates, and Social Security and driver's license numbers back to an Aug. 1, 2014, request from the Georgia Department of Revenue. That agency regularly received a copy of the statewide voter file to match with its own database, the report said.
The report said employees and contractors of the secretary of state's office began discussing the best way to regularly provide the sensitive information. More than a year later, after an IT manager at the Department of Revenue asked for an update, Cooley asked a contractor to create a one-time report containing the sensitive information.
An employee of contractor PCC Technology Group saved the file on Oct. 5 into a folder that only Cooley could access using a login and password. Seven days later, Cooley asked the employee when it could be completed. When he learned that the file containing personal data was added to the folder, Cooley asked that it be replaced immediately.
The report said that wasn't soon enough. The 12 discs dated Oct. 13 already had been produced by an Elections Division employee using Cooley's login information to copy the file.
Kemp's office regularly sends an updated list of all registered voters in the state to political parties and news organizations as required by Georgia law. The state sells the file to others. It is supposed to include only a voter's name, residence, mailing address, race, gender, registration date and last voting date.
"If Mr. Cooley had chosen to mention the data issue to his supervisor, project manager, security manager, the elections director, the elections systems manager, or any employee involved with the project, the discs likely could have been recovered before they were even mailed," the report said. "Instead, Mr. Cooley chose to cover up his mistake and remain quiet."
The report said Kemp personally learned of the data release when a recipient called him Nov. 13 to report it.