Privacy and data security issues have become the subject of critical focus in corporate mergers, acquisitions, divestitures and related transactions. In 2016 and 2017, several large transactions, especially those involving telecommunications, entertainment and technology companies, have been impacted by either concerns about the collection and use of personal information or significant information security breaches. The FTC has sharpened its focus on the use of personal information as a factor in evaluating the competitive effects of a given corporate transaction, and the SEC is now closely scrutinizing privacy and data security representations made to investors in public filings connected to transactions. More broadly, privacy and data security problems that are not timely discovered before entering into an M&A transaction can become significant liabilities post-closing and also lead to litigation.
The Importance of Thorough Due Diligence
Because of this heightened concern, it is imperative that companies conduct thorough due diligence about privacy and data security issues before entering into a transaction. The goals of the due diligence process should be to help the parties in a transaction understand (1) what promises and representations a company has made with respect to privacy and data security; (2) whether a company needs to obtain any consents from consumers, employees or others post-transaction to be able to use the personal information previously collected; (3) how the parties’ information security programs are structured; (4) how the company has responded or could potentially respond to significant data breaches; and (5) the buyer’s potential liability for privacy and data security issues post-closing.
Hunton & Williams Can Help
Hunton & Williams has created a cross-disciplinary legal team dedicated to guiding companies through the minefield of regulatory and cyber-related risks associated with high-stakes corporate mergers and acquisitions. The new team brings together the firm’s renowned capabilities in privacy and cybersecurity with its recognized strength in M&A transactions.