FTC Brings First Standalone Section 5 Unfairness Claims for Unreasonable Data Retention and Inaccurate Breach Notice

On February 1, 2024, the Federal Trade Commission (FTC) announced a complaint and proposed consent order against Blackbaud, Inc. concerning a 2020 data security incident that included a ransomware demand and payment. According to the FTC’s complaint, Blackbaud’s allegedly unfair and misleading conduct included not just deficient data security practices but also a delay in providing accurate notice to its business customers about the breach, including the inclusion of deceptive statements about…
By: Perkins Coie