Privacy and Data Security Issues in M&A Transactions

February 26, 2020

In order to keep a merger or an acquisition moving forward without stalling or—even worse—collapsing altogether, it is important for businesses and their legal counsel to keep privacy and cybersecurity top of mind.

Some key considerations include the following: 

  • If a target company cannot collect and deploy data consistent with data privacy laws, there may be flaws in the premise for the deal or the business model itself. 
  • Failure by a target company to meet its data privacy and security obligations can be a major risk for the acquiring company. 
  • The transfer and sharing of data in connection with diligence and after the transaction may in itself violate data privacy laws.

Additionally, in terms of the status of data privacy laws in the United States and United Kingdom, there are some conflicting views. 

  • Some see the fact there is no all-encompassing data privacy or cybersecurity statute in the United States as an opportunity for companies to continue operating more freely. 
  • However, others look at this as an area of confusion given that there are varying bodies—state attorneys general, federal agencies, etc.—trying to address data security in their own ways. 
  • In Europe, the General Data Protection Regulation applies the desired structure for some, but for others the rules are too complicated. 

If you are either a buyer or a seller or are working with them, listen for more important takeaways. 

Listen to the recording >>

Media Module - Datasource Item: Privacy and Data Security Issues in MA Transactions

This presentation was part of the Morgan Lewis M&A Academy webinar series.