Blackbaud (BLKB)

Privacy and security concerns, including evolving government regulation in the area of consumer data privacy, could adversely affect our business and operating results.

The effectiveness of our software products relies on our customers’ storage and use of data concerning their customers, including financial, personally identifying and other sensitive data. Our customers’ collection and use of these data for donor profiling might raise privacy and security concerns and negatively impact the demand for our products and services. For example, our custom modeling and analytical services, including ProspectPoint, WealthPoint and donorCentrics, rely heavily on securing and making use of data we gather from various sources and privacy laws could jeopardize our ability to market and profit from those services. If a breach of customer data security were to occur, our products may be perceived as less desirable, which would negatively affect our business and operating results.

In addition, governments in some jurisdictions have enacted or are considering enacting consumer data privacy legislation, including laws and regulations applying to the solicitation, collection, processing and use of consumer data. This legislation could reduce the demand for our software products if we fail to design or enhance our products to enable our customers to comply with the privacy and security measures required by the legislation. Moreover, we may be exposed to liability under existing or new consumer data privacy legislation. Even technical violations of these laws can result in penalties that are assessed for each non-compliant transaction. If we or our customers were found to be subject to and in violation of any of these laws or other data privacy laws or regulations, our business would suffer and we and/or our customers would likely have to change our business practices. In addition, these laws and regulations could impose significant costs on us and our customers and make it more difficult for donors to make online donations.

Privacy and security concerns, including evolving government regulation in the area of consumer data privacy, could
adversely affect our business and operating results.

The effectiveness of our software products relies on our customers’ storage and use of
data concerning their customers, including financial, personally identifying and other sensitive data. Our customers’ collection and use of these data for donor profiling might raise privacy and security concerns and negatively impact the
demand for our products and services. For example, our custom modeling and analytical services, including ProspectPoint, WealthPoint and donorCentrics, rely heavily on securing and making use of data we gather from various sources and privacy laws
could jeopardize our ability to market and profit from those services. If a breach of customer data security were to occur, our products may be perceived as less desirable, which would negatively affect our business and operating results.

In addition, governments in some jurisdictions have enacted or are considering enacting consumer data privacy legislation, including laws and regulations
applying to the solicitation, collection, processing and use of consumer data. This legislation could reduce the demand for our software products if we fail to design or enhance our products to enable our customers to comply with the privacy and
security measures required by the legislation. Moreover, we may be exposed to liability under existing or new consumer data privacy legislation. Even technical violations of these laws can result in penalties that are assessed for each non-compliant
transaction. If we or our customers were found to be subject to and in violation of any of these laws or other data privacy laws or regulations, our business would suffer and we and/or our customers would likely have to change our business
practices. In addition, these laws and regulations could impose significant costs on us and our customers and make it more difficult for donors to make online donations.

FACE="Times New Roman" SIZE="2">If we are unable, or customers believe we are unable, to detect and prevent unauthorized use of credit cards and safeguard confidential donor data, we could be subject to financial liability, our reputation
could be harmed and customers may be reluctant to use our products and services.

Advances in computer capabilities, new discoveries in the field of
cryptography or other events or developments could result in a compromise or breach of the technology we use to protect sensitive transaction data. If any such compromise of our security, or the security of our customers, were to occur, it could
result in misappropriation of proprietary information or interruptions in operations and have an adverse impact on our reputation or the reputation of our customers. Currently some of our products are not fully compliant with Payment Card Industry,
or PCI, security standards. This or other factors could make customers believe we are unable to detect and prevent unauthorized use of credit cards or confidential donor data, which could harm our business. Additionally, these factors could make
issuing banks believe the transactions of our customers are compromised and refuse to process those transactions, which could harm the reputation of our products and our business.

SIZE="1"> 

20

Table of Contents

Index to Financial Statements

Additional PCI DSS standards go into effect next year. Conforming our products and services to PCI DSS is expensive and
time-consuming. Our failure to maintain compliance with PCI DSS could make customers believe we are unable to detect and prevent unauthorized use of credit cards and bank account numbers or protect confidential donor data and our reputation and
business might be harmed.