Data Privacy and Cybersecurity Risks in M&A Deals: Pre-Planning, Due Diligence, and Risk Allocation Strategies

Minimizing Impact of Cybersecurity Vulnerabilities on Transaction Value

Recording of a 90-minute premium CLE webinar with Q&A

Conducted on Wednesday, February 5, 2020

Recorded event now available

or call 1-800-926-7926
Course Materials

This CLE course will provide guidance to deal attorneys for managing and allocating data privacy and cybersecurity risks in M&A transactions. The panel will discuss best practices for identifying and addressing data privacy and cybersecurity concerns throughout the life of a deal, from developing an acquisition strategy and identifying a potential target, to conducting due diligence, to allocating risk in the transaction documents.


Data security breaches are at an all-time high, and the data privacy legal landscape is changing at a rapid pace, with new and expanded data protection laws nationally and internationally. At the same time, data is often the most valuable asset of a target company. For these reasons, data privacy and cybersecurity planning in M&A transactions is more crucial than ever. Counsel for buyers should evaluate and prioritize data privacy and cybersecurity risks when assessing a potential target and through the contract and closing a deal.

Examining a target's data assets and identifying privacy and cybersecurity vulnerabilities are essential to valuing a deal, implementing risk mitigation measures, and planning for successful data integration post-acquisition. Due diligence should include an examination of the target's data inventory, data locations, data collection processes, privacy policies, security controls, information governance guidelines, risk assessment programs, and cybersecurity insurance policies for vulnerabilities.

When negotiating and drafting the transaction documents, counsel for both parties should tailor the reps and warranties provisions related to the target's data privacy and cybersecurity protocols and how the parties will resolve issues that arise from regulatory noncompliance or data security breaches, including appropriate indemnity and insurance provisions to allocate risk.

Listen as our authoritative panel of deal attorneys examines critical considerations for managing and allocating data privacy and cybersecurity risks in M&A deals.



  1. Data privacy and cybersecurity issues to consider when planning an acquisition strategy
  2. Creating a due diligence checklist to fit the data assets of the target
  3. Key issues to look for in the diligence process
  4. Allocating data privacy and cybersecurity risks when drafting and negotiating transaction documents
    1. Representations and warranties
    2. Indemnity provisions
    3. Insurance


The panel will review these and other key issues:

  • What should counsel request from the target company to identify potential data privacy and cybersecurity vulnerabilities early in a transaction?
  • What reps and warranties and indemnity provisions should be included in the transaction documents to allocate risk?
  • How might data assets and vulnerabilities affect deal valuation, and what should the documents say concerning any related price adjustments?


Brill, Alan
Alan Brill, CIPP/US

Senior Managing Director

Mr. Brill consults with law firms and corporations on investigative issues relating to computers and...  |  Read More

Gold, Kim
Kimberly J. Gold, CIPP/US

Reed Smith

Ms. Gold's practice focuses on data privacy, cybersecurity, digital health, and transactional matters. She advises...  |  Read More

Access Anytime, Anywhere

Strafford will process CLE credit for one person on each recording. All formats include course handouts.

To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Video