Data Privacy and Cybersecurity Due Diligence in M&A Deals
Identifying Vulnerabilities, Drafting Data-Related Provisions in M&A Agreements, Post-Acquisition Data Integration Considerations
Recording of a 90-minute premium CLE webinar with Q&A
This CLE course will provide guidance to deal attorneys for conducting data privacy and cybersecurity due diligence in M&A transactions. The panel will discuss best practices for identifying data protection vulnerabilities, leveraging data assets when negotiating deal value, drafting data and cybersecurity-related risk provisions in M&A agreements, and ensuring a successful post-acquisition data integration.
Outline
- Conducting due diligence
- Identify assets to be inventoried
- Request and review privacy policies, security controls, data collection processes, prior incidents, etc.
- Determine value enhancing potential of data
- Drafting data and cybersecurity-related risk provisions in the M&A agreement
- Post-acquisition data integration considerations
Benefits
The panel will review these and other key issues:
- The best approaches for counsel to identify and examine data assets during due diligence
- The most critical information counsel should request from the target company during data privacy and security due diligence
- The impact of data and cybersecurity assets and vulnerabilities on deal valuation
- Provisions to include in the M&A agreement to address data vulnerabilities and mitigate deal risk
Faculty

Roberta D. Anderson
Partner
K&L Gates
Ms. Anderson has over fifteen years of experience in complex commercial litigation and alternative dispute resolution.... | Read More
Ms. Anderson has over fifteen years of experience in complex commercial litigation and alternative dispute resolution. She is a member of the firm’s global Insurance Coverage and Cyber Law and Cybersecurity practice groups, and she concentrates her practice in the areas of insurance coverage litigation and counseling and emerging cybersecurity and data privacy-related issues. She has unique and substantial experience in the drafting and negotiation of D&O, technology E&O, data privacy and “cyber”-liability, and other insurance coverages.
Close
Alan Brill, CIPP/US
Senior Managing Director
Kroll
Mr. Brill consults with law firms and corporations on investigative issues relating to computers and... | Read More
Mr. Brill consults with law firms and corporations on investigative issues relating to computers and digital technology, including the investigation of computer intrusions, Internet fraud, identity theft, misappropriation of intellectual property, cases of internal fraud, data theft, sabotage and computer security projects designed to prevent such events. He has worked extensively on developing methodologies for collecting evidence from corporate information systems.
Close
Gerard M. Stegmaier
Partner
Goodwin Procter
Mr. Stegmaier's practice is devoted to public and private corporate governance, intellectual property and... | Read More
Mr. Stegmaier's practice is devoted to public and private corporate governance, intellectual property and Internet issues, especially as they relate to privacy, information security and consumer protection. He focuses a significant part of his practice on pre-litigation and advisory services relating to business strategy for privacy by design, data protection, intellectual property, and emerging technologies and markets, often acting as outside product counsel to leading innovators and disruptive technology companies. He is designated as a Certified Information Privacy Professional by The International Association of Privacy Professionals.
Close