Interested in training for your team? Click here to learn more

Managing Sensitive Data in M&A Transactions: Recent Trends, State Laws, and FTC/DOJ Enforcement

A Playbook for Managing Consumer, Location, and Health Data as Privacy Risks and Laws Continue to Evolve

Recording of a 90-minute premium CLE video webinar with Q&A

This program is included with the Strafford CLE Pass. Click for more information.
This program is included with the Strafford All-Access Pass. Click for more information.

Conducted on Wednesday, August 16, 2023

Recorded event now available

or call 1-800-926-7926

This CLE course will provide a holistic view of data protection aspects needed for successful M&A transactions. Increasingly, issues are being raised around risks relating to sensitive personal data, which can have a significant impact on current and future valuations and liabilities. The panel will discuss how the M&A landscape has changed and how privacy issues should be approached at various stages of the transaction in light of the evolving nature of state, federal, and international privacy laws.


Consumer, health, and location data has become valuable in the marketplace, aiding in the rise of data brokers and analytics firms that collect, share, aggregate, and analyze data for insights they can provide to businesses, investors, or others. The desirability of consumer personal information and data will only increase, particularly as technologies and AI-powered solutions offer additional methods to gain insights and value from such information. This has led to increased scrutiny regarding the use of such sensitive data in the context of M&A deals.

In the M&A context, buyers often assume the liabilities of an acquired company, including past and future noncompliance with data protection laws. It can be challenging to balance "not changing" what made the target attractive in the first place with the risks to the buyer of integrating new people, products, and processes that may still be maturing on the data protection front.

As companies continue to acquire businesses that collect sensitive information, they will need to ensure there are adequate contractual restrictions in place to comply with the developing privacy laws and regulations that could alter the value and usefulness of such data. This will likely mean that privacy policies, terms of service, or even broad user agreements covering all company services, now and in the future, may need to be altered or restated to clarify how, when, and in what types of situations companies can use personal consumer data.

Listen as our authoritative panel discusses the privacy and data protection compliance pain points across the lifecycle of an M&A transaction. They will also outline strategies to address challenges such as data integration, notices, marketing, and state, federal and global compliance.



  1. Identifying the privacy-related risks in an M&A deal
  2. Current laws, regulations, and trends with respect to data protection and privacy
  3. Key issues to look for during the due diligence process
  4. Addressing privacy-related/data protection risks during negotiations
  5. Allocating privacy risks when drafting transaction documents
    1. Representations and warranties
    2. Indemnity provisions
    3. Insurance
    4. Other contractual measures that can be used to mitigate privacy risks
  6. Ensuring a successful privacy-related integration project after closing


The panel will review these and other key issues:

  • What data protection risks may affect M&A transactions and how?
  • What are common privacy-related/data protection issues that arise during the due diligence phase and how best to address them?
  • What transaction documents, terms, or clauses are needed to protect both the buyer and seller?
  • How to approach post-closing integration projects


Cole, Cynthia
Cynthia J. Cole

Baker & McKenzie

An intellectual property transactions attorney, Ms. Cole also has expertise in digital transformation, data privacy,...  |  Read More

Justice, Brittney
Brittney Justice

Baker & McKenzie

Ms. Justice focuses her practice on global privacy and data protection. She provides advice to a wide range of clients...  |  Read More

Stephanie Adamson King
Stephanie Adamson King
Chief Legal Officer


 |  Read More

Access Anytime, Anywhere

Strafford will process CLE credit for one person on each recording. All formats include course handouts.

To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Video