The president’s election fraud commission's hotly opposed request for millions of state voter records raises a slew of cybersecurity and privacy concerns, and experts say state governments’ responses offer important examples for businesses that find themselves increasingly under pressure to turn over user data to aid government probes.

The voter data battle began when Kansas Secretary of State Kris W. Kobach, vice chair of an advisory commission that President Donald Trump set up to study federal election voter registration and polling, sent a letter in late June to officials in all 50 states asking for "publicly available voting roll data." The commission sought voters' names, addresses, dates of birth, political party, 10 years of voting history, felony convictions and the last four digits of their Social Security numbers.

Pushback was swift, with at least 44 states refusing to provide the commission part or all of the requested data, citing conflicts with state privacy laws and concerns over how the information would be secured. The Electronic Information Privacy Center also lodged a complaint in D.C. district court on July 3 seeking a temporary restraining order blocking the commission from collecting any voter data.

While the dust-up involves only public-sector players, attorneys say the private sector should not ignore the dispute. Given that companies hold more personal information than ever on their customers and other consumers who use their services, the government frequently turns to them to share user data for regulatory inquiries, and more formally, for evidence sought under subpoenas and search warrants as a law enforcement probe develops, attorneys said.

Major tech companies such as Microsoft, Google and Apple notably have resisted the government’s attempts to seize consumer data in recent years, and attorneys say the way the states have chosen to respond to the election commission’s request provides guidance.

"Compliance with demands or requests for third-party data are not often a straightforward process, and companies would be wise to more carefully scrutinize these requests and demands because there tends to be too quick and easy of a response, sometimes without enough analysis of what the implications are of complying with the requests," said Ed McAndrew, a former cybercrime prosecutor who is co-chair of Ballard Spahr LLP's privacy and data security group. "Politics aside, this situation with the presidential election commission is an instructive one for companies."

Read the full article here. Subscription may be required.