Your data is under attack: Are you ready?

Bricker & Eckler LLP

Bricker & Eckler LLP

On July 16, 2020, Blackbaud, a U.S. cloud software company and one of the world’s largest providers of financial and fundraising technology for nonprofit organizations and education institutions, notified its customers of a ransomware attack that occurred in May 2020 related to personal data stored on its servers. Numerous universities, colleges, health care organizations, foundations and nonprofit organizations were affected.

This cyberattack serves as a reminder for organizations to review their cybersecurity practices and vendor agreements for obligations and compliance with security, risk and privacy programs. Here are some questions to ask yourself when reviewing these practices and agreements:

  • Do you know who is responsible for appropriate and timely notice for the data compromised?
  • Do you know what to do when your organization receives such a notice?
  • Do you know what laws, regulations and standards apply?
    • General Data Protection Regulation (GDPR)
    • Health Information Portability and Accountability Act (HIPAA)
    • Family Educational Rights and Privacy Act (FERPA)
    • Each state and accrediting body has unique cybersecurity breach notice requirements for personal information, insurance and employee data, etc.

Risk assessments are also vital for due diligence and security practices of organizations and their vendor management programs.   

  • Are your vendor agreements up-to-date with current laws and regulations, including a Business Associate Agreement, if applicable?
  • Are you testing data security measures with your vendors, and do you know what happens following a security incident for notification/reporting and indemnification?
  • Are you actually conducting proper and regular assessments?

Ultimately, it is your responsibility (and liability) to protect your organization’s information and data, even if it’s stored elsewhere.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Bricker & Eckler LLP | Attorney Advertising

Written by:

Bricker & Eckler LLP

Bricker & Eckler LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.