When evaluating a potential target company, buyers/investors often underestimate the breadth and depth of diligence that should be done with respect to data privacy and cybersecurity matters. The tendency to accept vague, high-level responses from the target company without more in-depth follow up can create unnecessary risks in the acquisition.
On March 23, 2017, members of Dechert’s Data Privacy and Cybersecurity Group hosted a webinar entitled “US Data, Cybersecurity and Privacy Issues in M&A Transactions.” The webinar provided an overview of tips for conducting diligence, the role of big data in business, the key legal risks associated with the receipt of data and how to manage such risks via reps and warranties. Members of the group also provided an in-depth look at: (i) how buyers can make sure they are receiving the privacy- and cybersecurity-related documents they really need from target companies; (ii) ways to evaluate whether a target company is actually implementing its stated policies and procedures; and (iii) special considerations related to HIPAA compliance diligence and the receipt of health information under HIPAA.
* Please note that since the date of the live presentation of this webinar, on April 3, 2017, President Trump signed into law “A joint resolution providing for congressional disapproval under chapter 8 of title 5, United States Code, of the rule submitted by the Federal Communications Commission relating to "Protecting the Privacy of Customers of Broadband and Other Telecommunications Services".” (S.J.Res.34, 115th Cong. (2017).)