A consistent topic of discussion we’ve encountered has been the issue of privacy, and two very different sides of privacy. On the one hand some clients never want any internal information shared, while other clients want the same data security, but must remain compliant in the event of any public information requests (for example city government).

While the rules differ across state lines, to demonstrate the relative lack of data privacy, we decided to submit an information request to the state of Montana to attain internal bill tracking lists (Preference List) from different organizations. After reviewing the State of Montana LAWS Preference List Help page, we found a very basic grounds to make such a request:

Users of Preference List “NOTES” should understand this information is stored on a public server, paid for and maintained with public funds, and therefore may be subject to disclosure upon request.

Operating under the assumption we could request a complete copy of a Preference List of tracked items, as well as the internal list notes, we consulted with legal counsel and they agreed.

We went ahead and submitted a request directly to the Montana Legislative Council, requesting a copy of the bill tracking lists and associated notes from NorthWestern Energy and the Montana Association of Counties (chosen at random as we assumed these groups track a large volume of legislation). After submission, the request floated around for a few days until we heard back from the Montana Legislative Services Division mentioning they were looking into our request from a legal and administrative standpoint.

Interestingly enough, they indicated this was their first such information request (they were extremely helpful). Therefore, prior to receiving the documents we agreed to pay a $70 fee to cover the legal and administrative costs associated with investigating and acquiring the tracking lists and notes. After the invoice had been issued the requested documents were sent via email. The information contained within the documents is not especially interesting and won’t be shared, however, the point is, anyone can make such requests, if you are sharing sensitive internal information this can have consequences.

Data held by the state is public, and should be. The direct comparison we can make is with our service, where no customer data will ever be public. So how do we protect your data? To start with our infrastructure is hosted on Amazon Web Services (AWS). Hosting your application infrastructure on AWS does not have to imply security, but it’s a platform where all the fundamental tools for securing and protecting customer data exist and where they are easy to audit. A few measures we have taken include only single person access to the encrypted key used to gain read access to the database, IAM users routinely rotate keys and have a limited scope, and a strong password policy for users accessing the console.

Across the U.S., state IT and legislative departments do fantastic work. However, the reality is, in this new digital information age hyper focused on privacy and riddled with uncertainty, assumed private data is anything but private when stored on public servers. If privacy and data protection is on your mind, and you’d like complete access and control of your internal information, it’s in your best interest to use an alternative and secure tool.

For any questions, comments, or feedback regarding data privacy or how the Statehill legislative affairs management platform can help keep your information secure, get in touch at kjb@statehill.com.

* Our intent in writing this in no way reflects on the state of Montana data security or privacy, merely, we wanted to bring to light the issue of assumed private information, not being private. All information was acquired in good faith using our own name and email address, we did not operate under any false pretense to attain said information.

* We did not acquire a list from Northwestern Energy as their most current list was dated 2007.