Data Privacy and Cybersecurity Due Diligence in M&A Deals

Identifying Vulnerabilities, Drafting Data-Related Provisions in M&A Agreements, Post-Acquisition Data Integration Considerations

Recording of a 90-minute premium CLE webinar with Q&A

This program is included with the Strafford CLE Pass. Click for more information.
This program is included with the Strafford All-Access Pass. Click for more information.

Conducted on Tuesday, September 22, 2015

Recorded event now available

or call 1-800-926-7926
Course Materials

This CLE course will provide guidance to deal attorneys for conducting data privacy and cybersecurity due diligence in M&A transactions. The panel will discuss best practices for identifying data protection vulnerabilities, leveraging data assets when negotiating deal value, drafting data and cybersecurity-related risk provisions in M&A agreements, and ensuring a successful post-acquisition data integration.


The explosion of big data and the prevalence of corporate data security breaches makes data privacy and cybersecurity due diligence in M&A transactions more important than ever. Examining a target’s data assets and identifying security vulnerabilities are essential to valuing the deal, implementing data and security risk mitigation measures, and planning for successful data integration post-acquisition.

Comprehensive due diligence includes examining a target’s data inventory, data locations, data collection processes, privacy policies, security controls, information governance guidelines, risk assessment programs, cybersecurity insurance policies and a lot more. In doing so, counsel for buyers and targets must ensure compliance with federal and state privacy laws and data security standards.

Listen as our authoritative panel of deal attorneys examines key considerations for conducting data privacy and cybersecurity due diligence in M&A deals, and offers strategies for using the results of due diligence to negotiate deal value, manage deal risk and plan for post-acquisition data integration.



  1. Conducting due diligence
    1. Identify assets to be inventoried
    2. Request and review privacy policies, security controls, data collection processes, prior incidents, etc.
    3. Determine value enhancing potential of data
  2. Drafting data and cybersecurity-related risk provisions in the M&A agreement
  3. Post-acquisition data integration considerations


The panel will review these and other key issues:

  • The best approaches for counsel to identify and examine data assets during due diligence
  • The most critical information counsel should request from the target company during data privacy and security due diligence
  • The impact of data and cybersecurity assets and vulnerabilities on deal valuation
  • Provisions to include in the M&A agreement to address data vulnerabilities and mitigate deal risk


Anderson, Roberta D.
Roberta D. Anderson

K&L Gates

Ms. Anderson has over fifteen years of experience in complex commercial litigation and alternative dispute resolution....  |  Read More

Brill, Alan
Alan Brill, CIPP/US

Senior Managing Director

Mr. Brill consults with law firms and corporations on investigative issues relating to computers and...  |  Read More

Gerard M. Stegmaier
Gerard M. Stegmaier

Goodwin Procter

Mr. Stegmaier's practice is devoted to public and private corporate governance, intellectual property and...  |  Read More

Access Anytime, Anywhere

Strafford will process CLE credit for one person on each recording. All formats include course handouts.

To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Video