Utah’s conflicting election laws put officials in ‘untenable position,’ says outgoing state auditor

Following a review last summer of Utah’s election process, the state auditor on Friday published a report revealing several legal conflicts and concerns around how to protect voters’ data privacy while keeping the process transparent.

Utah State Auditor John Dougall’s office conducted the review after receiving numerous complaints from the public, according to a news release. The office reviewed the candidate petition signature verification process, and legal controls over the disclosure of voter registration data found in election code and the state’s open records law.

Dougall, whose term ended Monday, said the state’s laws create “inconsistencies” regarding the protection of certain personal data, treating similar voter data differently depending whether it’s in the state’s election database or on a candidate’s petition.

Utah’s report comes as many states contend with how to protect personal data. Several new comprehensive data privacy laws go into effect this year.

Utah’s report, addressed to Lt. Gov. Deidre Henderson, identified several areas for improvement.

The state’s voter registration form requires residents to provide a name, address, birthday, driver license number or state identification number and the last four digits of their Social Security number. This information, including voter signature, is stored in a statewide database used by election officials across the state, called the Voter Information and State Tracking Application, or VISTA. However, access to VISTA is primarily governed by the state’s public records law, called the Government Records Access and Management Act, or GRAMA, and anyone can request access to data held there through a public records request.

In Utah, certain, non-private voter data — including name, address, party affiliation, voting participation history, last registration update date, county, precinct and district — are accessible through a GRAMA request, according to the report.

The state’s election code allows Utah voters to request to have their voter registration data classified as private if they meet certain requirements, such as submitting proof they have been or will be a victim of domestic violence. But, private data can still sometimes be accessed.

Both GRAMA and the state’s election code allow election officials to sometimes disclose private voter registration data to “qualified persons,” which can include government employees, political parties, candidates for public office, their employees, independent contractors or volunteers.

Additionally, the report notes that the data voters share when they sign candidate petitions for access to a primary ballot — which includes a name, signature and address — have differing levels of protection under GRAMA. For voters who haven’t requested their registration data to be classified as private, GRAMA allows names and signatures to be released under public records law.

According to the report, Utah’s statewide election office received requests for the list of voters who signed petitions in the most recent election cycle, as well as requests to view original signed petitions. Under Election Code and GRAMA, the office only provided a list of the names of voters who had not requested their registration information be classified as private, and only allowed requesters to view voter signatures on the petitions, instead of making copies.

“While this position appears to comply with the provisions of GRAMA and the Election Code, it illustrates a gap in the transparency statute for the Petition signature verification process, the report read. “It also highlights inconsistencies between transparency efforts over the election process and how similar information is treated under different sections of the Election Code. In particular, we note the inconsistency between the rigid protection over voter names and signatures when it comes to observing Petition information and signature verification versus the rather broad disclosure allowed by statute for voter registration data.”

Interference with transparency could weaken “the public’s trust in the integrity and reliability of that election process,” the report noted. The auditor’s office recommended lawmakers make changes in the upcoming legislative session. Dougall said the conflicting statutes put election officials in “an untenable position.”

“It is unclear how election officials can avoid compromising privacy for transparency,” Dougall said in a press release. “Furthermore, voters who request privacy protections for their voter registration records may be lulled into a false sense of security, given how freely that data may be shared and the lack of any follow-up to ensure sensitive data is protected.”

Maintaining privacy and transparency while storing voter registration data is a challenge for many states. Each state has its own unique laws regarding which voter registration data is made public, who is eligible to request it, what information can be disclosed and how the information may be used. Like Utah, many other states have programs that allow people to request that their records be made confidential.