Report about data privacy laws not protecting public servants

Priorities Podcast: "Report about Data Privacy Laws Not Protecting Public Servants" Date: February 25, 2026
Host: Keely Quinlan (StateScoop)
Guest: Justin Sherman (Interim VP, Public Service Alliance's Security Project)

Overview

In this episode, Keely Quinlan interviews Justin Sherman about his recent report analyzing why comprehensive state consumer data privacy laws fail to safeguard public servants—such as school board members, legislators, judges, and emergency responders—from increasingly sophisticated digital and real-world threats. The conversation unpacks the intersection of data privacy and public safety, emphasizing glaring legal gaps that leave critical government workers vulnerable to doxing, harassment, and violence.

Key Discussion Points and Insights

Background & Rising Threats

Growing digital threats: Sherman highlights how the exposure of public servants’ private information facilitates modern threats, including doxing and even physical attacks.
- “There’s such an interesting but often underexplored intersection between [data privacy and violent threats toward public servants]...what’s the role of personal data in facilitating the ability for an individual who wants to hurt a school board member or a teacher or a state legislator?” — Justin Sherman [02:26]
Violence enabled by data access: Examples include high-profile attacks where assailants used purchased or scraped data to locate and target public officials and their families (e.g., the 2020 murder of a judge’s family, attacks on state legislators).

The Legal Landscape: Four Critical Gaps (Sherman’s ‘Criteria’)

Sherman’s report examines 19 state consumer privacy laws for four rights:

Compel agencies to redact public records — e.g., removing home address from property records.
Compel data brokers to stop selling data acquired from public records.
Stop data brokers from selling data sourced elsewhere — such as retail or digital data.
Private right of action — ability for individuals to sue companies directly.

Findings:

“None of the 19 states allow anyone to redact public records data. None...allow you to redact in a data broker’s record or stop a data broker from selling data it got from a public record.” — Justin Sherman [12:22]
Only the third criterion has consistent coverage (opt-outs for non-public-record-sourced data). Even California’s law, with limited private right of action, doesn’t address opt-outs for public servants in the context discussed.

Why Are Public Servants Left Out?

Focus is ‘consumer privacy,’ not occupational safety: State laws are built to address broad consumer concerns (data breach notifications, marketing opt-outs), not targeted violence. This gap leaves public servants exposed despite their elevated risk.
Digitization changed the threat landscape: What was once accessible only via in-person record search is now instantly purchasable for “50 cents” online.
- “For a long time, public records were only kept in physical hard copy form...Public records have really changed with digitization.” — Justin Sherman [13:11]

Correlation Between Data Exposure and Violence

Statistical evidence:
- 58% year-over-year increase in threats against members of Congress in 2025.
- 1,000+ serious attacks on federal judges (2019–2024).
- 90% of state legislators experienced violent abuse or threats (BDI, 2021–2024).
- 75% of local officeholders less willing to serve due to safety fears.
- “People should not be forced to choose between serving their community and protecting their family.” — Justin Sherman [29:38]
Underreporting: Many cases go unreported; the full scale is unknown. Victims often remain silent, making systematic tracking difficult.

The Most Consequential Gap: Public Records Exemptions

Key Problem: The inability to redact personal info from public records or block the subsequent sale by brokers is viewed as the foundational vulnerability.
- “If you go to the data brokers and say, could you please stop selling my data because I’m worried about violence…they can decline that request.” — Justin Sherman [25:16]
Public interest vs. privacy: Sherman stresses the need for nuanced policy—not a binary ‘all-or-nothing’ approach to public records.

Looking Forward: Potential Solutions & Trends

California’s ‘DROP’ system:
- Central opt-out platform for data brokers, though does not address public record data specifically.
- “It’s a really great investment by California...maybe other states will look to that.” — Justin Sherman [30:12]
New Jersey’s Daniel’s Law:
- Provides limited redaction rights for public servants, facing opposition and court challenges from the data broker industry.
State-level action is critical:
- With federal inaction, more states are enacting or enforcing privacy laws.
- “Many different states, ranging from California to Texas to Maryland...are pursuing these kinds of state privacy enforcement actions.” — Justin Sherman [32:32]

Notable Quotes & Memorable Moments

On the dire reality for public servants:
- “It is crazy to even say out loud that...people should not be forced to choose between serving their community and protecting their family.” — Justin Sherman [29:38]
Personal data and violence:
- “Public servants are certainly targeted a lot through this kind of data or exposed through this data.” — Justin Sherman [28:33]
On stakeholders' responsibility:
- “Public records enable transparency...they’re important for accountability watchdog groups...But do you need to print their apartment number where they live with their two-year-old son?” — Justin Sherman [26:39]

Timestamps for Important Segments

00:02–02:26 — Introduction & report summary
02:26–04:13 — Justin Sherman sets context: intersection of privacy and rising violence
04:13–09:16 — How violence is enabled by exposed data; high-profile cases
09:56–17:05 — Detailed legal criteria; why state laws fall short; digitization’s impact
17:05–23:47 — Evidence linking data exposure to threats; underreporting issue; statistics
23:47–28:45 — Solutions: private right of action vs. public records exemptions
28:45–33:10 — Forward-looking trends: new laws, state policy leadership
33:10–End — Closing thanks and outro

Final Thoughts

The episode spotlights a clear and present danger: public servants in the U.S. face mounting threats, and current privacy laws—designed for consumers—do little to shield those who serve the public. Justin Sherman’s report advocates for more nuanced, security-focused amendments, empowering public servants to reclaim control over their sensitive data without undermining democratic transparency. The conversation closes on a note of cautious optimism that state-level innovation, advocacy, and legal action will gradually narrow these critical safety gaps.

Overview

Key Discussion Points and Insights

Background & Rising Threats

Growing digital threats: Sherman highlights how the exposure of public servants’ private information facilitates modern threats, including doxing and even physical attacks.
- “There’s such an interesting but often underexplored intersection between [data privacy and violent threats toward public servants]...what’s the role of personal data in facilitating the ability for an individual who wants to hurt a school board member or a teacher or a state legislator?” — Justin Sherman [02:26]
Violence enabled by data access: Examples include high-profile attacks where assailants used purchased or scraped data to locate and target public officials and their families (e.g., the 2020 murder of a judge’s family, attacks on state legislators).

The Legal Landscape: Four Critical Gaps (Sherman’s ‘Criteria’)

Sherman’s report examines 19 state consumer privacy laws for four rights:

Compel agencies to redact public records — e.g., removing home address from property records.
Compel data brokers to stop selling data acquired from public records.
Stop data brokers from selling data sourced elsewhere — such as retail or digital data.
Private right of action — ability for individuals to sue companies directly.

Findings:

“None of the 19 states allow anyone to redact public records data. None...allow you to redact in a data broker’s record or stop a data broker from selling data it got from a public record.” — Justin Sherman [12:22]
Only the third criterion has consistent coverage (opt-outs for non-public-record-sourced data). Even California’s law, with limited private right of action, doesn’t address opt-outs for public servants in the context discussed.

Why Are Public Servants Left Out?

Focus is ‘consumer privacy,’ not occupational safety: State laws are built to address broad consumer concerns (data breach notifications, marketing opt-outs), not targeted violence. This gap leaves public servants exposed despite their elevated risk.
Digitization changed the threat landscape: What was once accessible only via in-person record search is now instantly purchasable for “50 cents” online.
- “For a long time, public records were only kept in physical hard copy form...Public records have really changed with digitization.” — Justin Sherman [13:11]

Correlation Between Data Exposure and Violence

Statistical evidence:
- 58% year-over-year increase in threats against members of Congress in 2025.
- 1,000+ serious attacks on federal judges (2019–2024).
- 90% of state legislators experienced violent abuse or threats (BDI, 2021–2024).
- 75% of local officeholders less willing to serve due to safety fears.
- “People should not be forced to choose between serving their community and protecting their family.” — Justin Sherman [29:38]
Underreporting: Many cases go unreported; the full scale is unknown. Victims often remain silent, making systematic tracking difficult.

The Most Consequential Gap: Public Records Exemptions

Key Problem: The inability to redact personal info from public records or block the subsequent sale by brokers is viewed as the foundational vulnerability.
- “If you go to the data brokers and say, could you please stop selling my data because I’m worried about violence…they can decline that request.” — Justin Sherman [25:16]
Public interest vs. privacy: Sherman stresses the need for nuanced policy—not a binary ‘all-or-nothing’ approach to public records.

Looking Forward: Potential Solutions & Trends

California’s ‘DROP’ system:
- Central opt-out platform for data brokers, though does not address public record data specifically.
- “It’s a really great investment by California...maybe other states will look to that.” — Justin Sherman [30:12]
New Jersey’s Daniel’s Law:
- Provides limited redaction rights for public servants, facing opposition and court challenges from the data broker industry.
State-level action is critical:
- With federal inaction, more states are enacting or enforcing privacy laws.
- “Many different states, ranging from California to Texas to Maryland...are pursuing these kinds of state privacy enforcement actions.” — Justin Sherman [32:32]

Notable Quotes & Memorable Moments

On the dire reality for public servants:
- “It is crazy to even say out loud that...people should not be forced to choose between serving their community and protecting their family.” — Justin Sherman [29:38]
Personal data and violence:
- “Public servants are certainly targeted a lot through this kind of data or exposed through this data.” — Justin Sherman [28:33]
On stakeholders' responsibility:
- “Public records enable transparency...they’re important for accountability watchdog groups...But do you need to print their apartment number where they live with their two-year-old son?” — Justin Sherman [26:39]

Timestamps for Important Segments

00:02–02:26 — Introduction & report summary
02:26–04:13 — Justin Sherman sets context: intersection of privacy and rising violence
04:13–09:16 — How violence is enabled by exposed data; high-profile cases
09:56–17:05 — Detailed legal criteria; why state laws fall short; digitization’s impact
17:05–23:47 — Evidence linking data exposure to threats; underreporting issue; statistics
23:47–28:45 — Solutions: private right of action vs. public records exemptions
28:45–33:10 — Forward-looking trends: new laws, state policy leadership
33:10–End — Closing thanks and outro

wavePod

Get Free Podcast Summaries in Your Inbox

Pick Your Shows

Subscribe Free

Get Instant Summaries

Summary

Overview

Key Discussion Points and Insights

Background & Rising Threats

The Legal Landscape: Four Critical Gaps (Sherman’s ‘Criteria’)

Findings:

Why Are Public Servants Left Out?

Correlation Between Data Exposure and Violence

The Most Consequential Gap: Public Records Exemptions

Looking Forward: Potential Solutions & Trends

Notable Quotes & Memorable Moments

Timestamps for Important Segments

Final Thoughts

Summary

Overview

Key Discussion Points and Insights

Background & Rising Threats

The Legal Landscape: Four Critical Gaps (Sherman’s ‘Criteria’)

Findings:

Why Are Public Servants Left Out?

Correlation Between Data Exposure and Violence

The Most Consequential Gap: Public Records Exemptions

Looking Forward: Potential Solutions & Trends

Notable Quotes & Memorable Moments

Timestamps for Important Segments

Final Thoughts