What Is Actually in a Voter File
The core record, maintained by each state, typically contains your name, residential address, mailing address, year or full date of birth, party affiliation where states register it, precinct, and your participation history: which elections you voted in, going back years. Participation history records that you voted, never how; the secret ballot survives. Some states include phone numbers; a few historically included partial Social Security numbers or driver's license data in the registration record itself, though those fields are generally excluded from the public version.
Public accessibility is not an oversight. Voter rolls are public records for accountability reasons that predate the internet: parties and candidates verify eligibility, researchers audit elections, and journalists check the rolls for irregularities. The transparency is doing real democratic work. What changed is the cost of assembling, copying, and cross-referencing the records, which fell from "weeks in a county clerk's office" to zero.
Who Gets the File
Access rules vary widely by state. Some states restrict the file to political committees and require signed use agreements limiting it to electoral purposes. Others sell it to effectively anyone: journalists, academics, marketers, or a private individual with a modest fee. Ohio and a handful of other states have gone further and publish downloadable voter rolls on state websites.
Above the state files sits a commercial layer. Firms such as L2, Aristotle, and TargetSmart assemble the state files into national databases, keep them updated, and enrich them by joining against consumer data: estimated income, modeled ethnicity and religion, magazine subscriptions, gun ownership likelihood, hundreds of scored attributes per person. Campaigns of both parties are the primary customers, and the enriched national voter file is the backbone of modern political targeting. The enrichment is the part your state never collected and never asked your consent for; it arrives from the same broker ecosystem described in our data broker opt-out guide.
The Two Leaks That Covered Nearly Everyone
Aggregation concentrates risk, and the record here is concrete.
In December 2015, security researcher Chris Vickery found a database of 191 million US voter registration records configured for public access on the open internet: names, addresses, dates of birth, phone numbers, party affiliations, and vote history, essentially the national voter file, requiring no password. No party ever formally accepted responsibility for the misconfiguration.
In June 2017, UpGuard researchers found an Amazon S3 bucket belonging to Deep Root Analytics, a data firm working for the Republican National Committee, publicly readable and holding about 198 million voter profiles, roughly 1.1 terabytes. This was the enriched version: alongside the registration data sat modeled scores on individual voters' likely positions on dozens of political issues. Anyone who found the URL during the exposure window could have copied the political profile of nearly every American adult.
You can update your address or, in some states, cancel a registration. You cannot recall a copy. Every download of a state file, every broker snapshot, every leaked bucket is a fork of your record that persists and circulates on its own schedule, with your home address in it.
Why This Is a Safety Issue
For most registrants, the voter file mostly means political mail and campaign texts. For a smaller group, it is the weak point that undoes every other precaution. A voter record is a name-to-home-address lookup, refreshed by the government whenever you move and re-register. People-search sites ingest voter files among their sources, which means the address you carefully keep off social media can surface from your civic registration instead. For stalking survivors, abuse victims who relocated, judges, and journalists who write about violent actors, that lookup is the difference between an online harasser and one at the door; the mechanics are the same ones covered in our doxxing protection guide and OSINT footprint post.
Legislatures know this, which is why nearly every state operates an Address Confidentiality Program (ACP): a scheme, typically for documented survivors of domestic violence, sexual assault, or stalking, that substitutes a state-issued address for your real one across public records, voter rolls included, and forwards your mail. Many states also shield specific professions, police officers, judges, prosecutors, on request. The protection is real but narrow, requires enrollment before the records propagate, and does nothing about copies already circulating.
The Same Data Under Other Rules
The US arrangement is one policy choice among several, and the contrast is instructive. In the European Union, political opinions are special-category data under GDPR Article 9, with processing prohibited by default and narrow exceptions; a broker openly selling per-person modeled political stances would be operating squarely inside the prohibition. The UK splits its electoral register in two: an open version anyone can buy, which individual voters may opt out of, and the full version restricted to elections, credit referencing, and law enforcement. Canada restricts its federal list of electors to electoral participants and purposes.
| Jurisdiction | Who can obtain voter data | Individual opt-out |
|---|---|---|
| US (most states) | Political actors always; in many states, researchers, media, or the general public | Rare; ACPs for documented safety cases |
| UK | Open register sold commercially; full register restricted | Yes, from the open register |
| Canada (federal) | Parties, candidates, election administration | Limited; commercial sale not permitted |
What a US Registrant Can Do
- Learn your state's rules first. The National Conference of State Legislatures maintains a state-by-state summary of who may access voter data and for what purposes. What is possible depends almost entirely on where you live.
- If you have a documented safety need, enroll in your state's ACP before your next registration or move, so the substitute address is what propagates.
- Mind the optional fields. Phone number and email are frequently optional on registration forms, and leaving them blank keeps them out of every downstream copy.
- Register the address, not the assumption. Voter registration generally must use your residential address, but where state law permits a separate mailing address, using one keeps at least the mail-facing record less precise.
- Work the downstream copies. People-search sites that republish voter data honor removal requests in most cases, and several states' privacy laws now compel them to. It is recurring maintenance rather than a one-time fix.
There is no way to fully separate voting from record creation, and declining to vote over it is a bad trade against a risk that, for most people, is manageable with the steps above. The useful posture is the same one that applies to every dataset in this series: know the record exists, know who can read it, and shrink the optional parts.