Penalty Amount
$6,750,000
California Attorney General Rob Bonta announced a $6.75 million settlement with software company Blackbaud over a 2020 data breach that exposed consumers' personal information including Social Security numbers, bank account details, and medical data. Blackbaud was found to have inadequate data security practices, failed to timely and accurately notify impacted individuals of the breach, and made misleading public disclosures about the breach and its pre-breach security measures. The settlement requires Blackbaud to pay penalties and implement enhanced data security and breach notification protocols.
Blackbaud must pay $6.75 million in penalties. It is also subject to injunctive terms requiring it to implement enhanced data security measures, including minimizing retention of personal information in database backups and securely disposing of such backups, implementing multi-factor authentication or password rotation policies, and improving network segmentation, monitoring, and alerting for suspicious activity. Additionally, Blackbaud must strengthen its breach notification practices to ensure timely and accurate disclosures to impacted individuals.
In-house legal teams should review vendor agreements with software providers handling personal data, customer agreements with entities storing consumer information, and internal data processing agreements. Key clauses to audit include data security requirements (to mandate multi-factor authentication, network segmentation, and security monitoring), data retention and disposal clauses (to require minimization of backup data and secure deletion), breach notification clauses (to specify strict timelines for timely, accurate disclosures and prohibit misleading statements), and data security representations and warranties (to avoid deceptive pre-breach claims). Teams should also ensure all agreements comply with California’s Reasonable Data Security Law and related consumer protection statutes.
Entity
Blackbaud
Industry
TechnologyOfficial Press Release
https://oag.ca.gov/news/press-releases/attorney-general-bonta-secures-675-million-settlement-against-blackbaud-over
Complaint[2]
https://oag.ca.gov/system/files/attachments/press-docs/Complaint%5B2%5D.pdf
Blackbaud Judgment final[2]
https://oag.ca.gov/system/files/attachments/press-docs/Blackbaud%20Judgment%20final%5B2%5D.pdf
California Attorney General Enforcement Page
https://oag.ca.gov/privacy/privacy-enforcement-actions
"Attorney General Bonta Secures $6.75 Million Settlement Against Blackbaud Over 2020 Data Breach"
"California Attorney General Rob Bonta today announced a settlement with Blackbaud"
"Blackbaud, a South Carolina-based software company"
"$6.75 million in penalties"
"violated the Reasonable Data Security Law, Unfair Competition Law, and the False Advertising Law related to data security"
"Blackbaud’s failure to implement reasonable data security led to a data breach in 2020"
$49.5M
Blackbaud, a software company, experienced a ransomware attack in 2020 that exposed sensitive personal information, including protected health data, due to inadequate security practices and delayed breach notification. A multistate investigation resulted in a $49.5 million settlement, requiring Blackbaud to enhance data security, implement breach response plans, and undergo third-party assessments.
$49.5M
Blackbaud, a cloud company providing donor management software, experienced a 2020 data breach exposing personal information of millions of donors through its nonprofit customers. A multistate investigation found Blackbaud failed to implement adequate data security and delayed breach notifications. As a result, Blackbaud agreed to pay $49.5 million and overhaul its security practices.
California Attorney General Rob Bonta, joined by attorneys general from seven other states, filed a lawsuit to block the $6.2 billion merger between Nexstar Media Group and Tegna Inc. The lawsuit alleges the merger violates Section 7 of the Clayton Act by reducing competition in local TV markets, leading to higher prices, less local news, and job losses.
California Attorney General Rob Bonta filed a lawsuit against the U.S. Department of Education to block the expansion of IPEDS data collection requiring colleges to submit race-linked student data. The lawsuit argues the demand is arbitrary, capricious, and burdensome, and could enable costly partisan investigations. A multistate coalition co-led the challenge.
California Attorney General Rob Bonta and a coalition of state attorneys general announced they will continue their antitrust lawsuit against Live Nation/Ticketmaster after the U.S. Department of Justice settled the case. The states aim to hold Live Nation accountable for anticompetitive conduct that harms consumers, artists, and venues in the live music industry.
$376K
The California Privacy Protection Agency (CalPrivacy) settled with Ford Motor Company requiring the company to pay a $375,703 fine and change its practices. Ford violated the CCPA by requiring consumers to complete an email verification step before they could opt-out of the sale and sharing of their personal information collected through digital properties and connected vehicle services. In addition to the fine, Ford must provide easy methods to submit opt-out requests with minimal steps, audit its tracking technologies, and ensure compliance with opt-out preference signals including Global Privacy Control.