State data breach highlights need for extra nonprofit protections

Cover Photo by Tianyi Ma on Unsplash 

A document containing the personal information of nearly 85,000 current and former state employees was available on a state employee portal for over a year, according to a letter from the state Departments of Information Technology and Human Resources.

The letter states the document was not available to the public but was accessible by state employees once they logged in to a password-protected portal. The document contained employee names and Social Security numbers. The letter says that they have no evidence that there were unauthorized views of the document but hedges that “At this time we cannot rule out the chance that the file was improperly accessed.”

This is a horrifying scenario for the thousands of impacted employees. The only silver lining is that the breach occurred on a relatively secure password-protected platform (although the letter specifies that up to 65,000 people would have had access to that platform). Imagine how much more damage could have been done had the document been on a public site.

This security breach highlights the need for a crucial piece of legislation moving through the General Assembly this session. Senate Bill 636, Donor Privacy, forbids state agencies and local governments from compelling nonprofits to disclose their donor lists unless required by state or federal law.

The recent employee data breach reminds us that state agencies are susceptible to human error and security threats. In today’s hyper-politicized cancel culture, it is easy to imagine how a data breach of a nonprofit donor list could leave those donors vulnerable to retaliation. Supporters of the National Rifle Associate or Planned Parenthood may wish to exercise their First Amendment rights with privacy. Unless state or federal law requires it, nonprofit donor information should not be collected by state or local agencies and subjected to that unnecessary risk. SB636 would ensure that is the case in North Carolina.

SB636 has passed the state Senate and is currently awaiting a hearing in the House Judiciary 2 committee.