This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
| less than a minute read

New FTC Cyber Complaint Shows New Approach

The Federal Trade Commission on Feb. 1 entered a consent order to resolve a complaint alleging unfair and deceptive practices by Blackbaud, Inc. relating to a well-publicized data breach at the company.  While most of the FTC complaint trods familiar ground, paragraphs 29-31 allege that Blackbaud's failure to delete records in accordance with the company's records retention policy constituted an unfair business practice because the failure resulted in a greater amount of personal information being accessible in the security breach.  Also worth noting is that the consent order mandates that Blackbaud make the company's records retention schedule available on its website.

The FTC and other regulators have urged companies to maintain a records retention schedule, both for privacy and cybersecurity purposes.  The new complaint shows that failing to adhere to records retention policies can result in enforcement actions.

Let me know if you would like to discuss the FTC's action or data retention and destruction policies.