The correct response is to change the wording on the ballot so if collected information is used for a crime the organization who leaked it is liable - even if the leak is unintentional (that the leak happened through a zero-day exploit doesn't isn't a defense against the leak)