SPRING 2018 TODAY’S GENER AL COUNSEL
Cybersecurity
Privacy and Cybersecurity Issues in M&A By Sheryl Falk and Alessandra Swanson
32
N
othing quite beats the exhilarating work involved in a merger or strategic acquisition. From the late nights of strategic discussions to the grueling exercise of due diligence, business interests must be balanced with vital legal decisions. Chief among them are considerations related to the privacy and cybersecurity practices of the target entity. With increased regulation of personal information and rising rates of
security breaches and cybercrime, this area has become critical in the diligence exercise. Querying the target to determine whether a breach has occurred has become standard practice. However, there are other issues to explore that could expose your company to liability in connection with the target’s violation of privacy-focused laws. It is essential to have a plan to identify areas of material risk that may either thwart the deal or require significant
mitigating measures. This article highlights issues that typically arise during corporate transactions, and may serve as a starting point for thinking through privacy due diligence. INITIAL ANALYSIS
Privacy and cybersecurity laws and the accompanying risk are rapidly evolving. While your business team is busy wrapping its arms around traditional areas of diligence, such as employee benefits