Section 410.80  Revocation of Access to the Statewide Database; Decertification

a)         In the case of an immediate threat to the security of voter data, Board staff may immediately revoke access to the statewide database without notice. The Board will give notice of the revocation to an affected election authority as soon as practicable and will restore access to the statewide database as quickly as feasible following a revocation under this subsection (a). 

b)         Board staff will immediately revoke the access granted to the statewide database on a limited basis under Section 410.40(a)(5) if the procedures outlined in Section 410.40(a)(2) through (a)(4) are not met within 60 days following the proclamation of the results of the applicable election under Section 410.40(a)(5). Access to the statewide database will be restored upon the successful completion of the certification procedures outlined in Section 410.40(a)(2) through (a)(4).

c)         A computer-based voter registration may be decertified under this Part and access to the statewide database by the decertified computer-based voter registration system may be revoked by Board staff if:

1)         the election authority or computer-based voter registration system vendor fails to implement the risk mitigation recommendations made under Section 410.70(c) within 90 days of being sent notice of the risk mitigation recommendations;  

2)         the election authority or computer-based voter registration system vendor makes a material misrepresentation to the Board concerning the system or during the certification standards verification process; or

3)         the election authority or computer-based voter registration system vendor fails to provide notification to the Board as required by Section 410.70 (a) or impedes the ability of Board staff to analyze the circumstances surrounding a security breach and make recommendations for the mitigation of future risk as set forth in Section 410.70(c). 

d)         The Board will follow the below procedure before access to the statewide database is revoked for a reason listed in subsection (c):

1)         The Board will send notice of its intent to consider a revocation of access to the statewide database to each affected election authority and to the computer-based voter registration system via first-class mail and email, if an email address is available, at least 30 days prior to the Board meeting to consider the revocation. 

2)         At the Board meeting at which revocation under this subsection (d) is considered, the Board will consider any statements or documentation it deems relevant. The Board will vote to revoke access, allow continued access, or continue the matter until the next regular Board meeting. 

3)         If the Board votes to revoke access under subsection (d)(2) or does not vote to allow continued access at its next regular meeting following a continuance granted under that subsection, within 7 days after the Board meeting, Board staff will revoke access to the statewide database for the computer-based voter registration system.