• |

Feb. 28, 2024

Data Retention and Destruction Lessons From FTC’s Blackbaud Case

  • Jaclyn Jaeger
    Cybersecurity Law Report
Effective data disposal and retention policies are key to organizations’ ability to provide adequate security and privacy protection to consumers’ sensitive data. In the FTC’s announcement of its recent settlement with Blackbaud over claims stemming from a 2020 ransomware attack, it said, “Blackbaud’s shoddy security and data retention practices allowed a hacker to obtain sensitive personal data about millions of consumers.” This article examines the circumstances of the breach and the settlement terms, and offers lessons for companies on how to structure data retention and destruction practices, including what to incorporate in their policies. See our two-part series on safeguards for proper disposal of hardware: “Risks and Examiner Expectations” (Feb. 26, 2020), and “Effective Inventories, Policies and Due Diligence” (Mar. 4, 2020).

To read the full article

Continue reading your article with a CSLR subscription.

Most-Read Articles

Spotlight on Trailblazing Women

To mark International Women’s Day 2024, women editors and reporters of ION Analytics interviewed outstanding women in the industries and jurisdictions we cover. In this part, Jill Abitbol, Managing Editor of the Cybersecurity Law Report and Anti-Corruption Report, features notable women in data privacy, cybersecurity, white collar defense, compliance and anti-corruption law, including Christina Montgomery, Leslie Shanklin, Palmina Fava, Alexandra Ross and Lucinda Low. Enjoy reading their inspiring remarks here.

We Celebrate Data Privacy Day 2024

Read the full brief here.