Blackbaud Breach Affects 20 UK Universities

By Dave McKay | July 25, 2020

Why Choosing Data Processors Needs Due Care and Attention

Blackbaud, the world’s largest supplier of “education administration, fundraising, and financial management software” has suffered a breach in May, 2020. There are over 20 UK Universities and other organizations affected by the breach.

And, because under the General Data Protection Regulations (GDPR) regulations you are jointly responsible for breaches that occur at your data processors, those customers are now facing fines from the Information Commissioner’s Office.

The BBC listed these institutions amongst those affected by the breach:

  • University of Birmingham
  • De Montfort University
  • University of Strathclyde
  • University of Exeter
  • University of York
  • Oxford Brookes University
  • Loughborough University
  • University of Leeds
  • University of London
  • University of Reading
  • University College, Oxford
  • Middlebury College, Vermont
  • West Virginia University
  • New College of Florida
  • Cheverus High School: Catholic High School Portland
  • The Bishop Strachan School, Canada
  • University of North Florida
  • Rhode Island School of Design, US
  • Ambrose University, Alberta, Canada

Any company that you allow to process, store, or transmit personal data that you have provided to them is a data processor to you. You are the data controller.

If a data processor has a breach, you are both liable. They’re liable because they had the breach. You’re liable because you chose to trust them. You picked them as a team-mate, so you are liable too.

This is why due diligence of data processors is so critical. How do you know they have a good data protection culture, backed up by robust and comprehensive policies and procedures? You don’t—unless you find out for yourself. That’s the being diligent part. Get it wrong, and it can be expensive.

And you should consider more than the immediate financial impact of a fine, there’s the reputational damage and loss of faith to deal with.

McKay Consulting can help with data processor due diligence from both angles—when you need to check someone out and when someone is checking you out.

Source: BBC

Categories

Tags