Allegations that cloud software provider Blackbaud violated California's Consumer Privacy Act because of a malicious breach of customer data in 2020 will move forward while some claims that were also part of a consolidated class-action lawsuit against the firm were struck down in a South Carolina court, according to The Register
In her 33-page ruling, US district judge J. Michelle Childs said Blackbaud's registering itself as a data broker qualifies the company as a business subject to privacy regulations stated in the CCPA
. If successful, the CCPA claim could cost the firm up to $750 per violation for the case's plaintiffs.
Judge Childs also allowed another claim, this time filed under Florida's Deceptive and Unfair Trade Practices Act, to move forward partially and seek injunctive relief while denying a claim for damages to be awarded under the same law. The claim alleged that Blackbaud acted in a deceptive and unfair manner when it allegedly made "misrepresentations and omissions about its security efforts and the scope of the ransomware attack."