United States of America: Issued ruling in California Attorney General lawsuit against Blackbaud over alleged failure to implement appropriate safeguards to protect personal data

On 13 June 2024, the California Attorney General announced a USD 6.75 million settlement with Blackbaud, a software company, for violating consumer protection and privacy laws due to inadequate data security practices that led to a data breach in 2020. Blackbaud, which stores sensitive information for nonprofit organisations, misled its customers and the public about the extent of the breach and its data security measures. The company's actions breached several California laws, including the Reasonable Data Security Law, Unfair Competition Law, and False Advertising Law. As part of the settlement, Blackbaud must enhance its data security and breach notification practices. This includes implementing stronger data disposal protocols, multi-factor authentication, and improved monitoring of suspicious activities.