Data is becoming the fastest growing commodity. Everything we do creates data: driving our car, going for a run, watching TV, reading a book -- these activities are now monitored, quantified, and analyzed. The data collected, how it is collected, how it is used, and how it is stored is dominating the technology industry. But, just as data can be a company's greatest asset, it can quickly become its worst liability. Turn on the news in any given day and a new data breach is making the headlines; and no one is immune. The costs and long-term implications of cybersecurity breaches, unsophisticated technological systems, and weak security are hard to quantify: What is the value of a privacy violation? Has a breached system been secured effectively? Was the data collected by the company done in a transparent and compliant manner? As shown in the Yahoo-Verizon deal, these are a few of the many questions that companies need to start addressing before closing a merger or acquisition. This presentation will discuss the role that cybersecurity and data privacy need to play in the mergers and acquisitions due diligence process. We will delve into how the stakeholders of a deal can gain an accurate and comprehensive understanding of the target company's data risk profile. Incorporating cyber and data privacy into the due diligence process is more important if the target is a company valued for its data: trade secrets, intellectual property, customer lists, etc. This data is only valuable if it is collected and maintained in a secure and compliant manner. We will outline the top data risks to a company's data security and privacy and the information you should know before structuring the deal. You need to be asking how the target should prepare its data security and technology to its maximum advantage. And, also how to protect the acquiring company to ensure that it is buying an asset, and not a liability.
(1) The areas of cybersecurity and data privacy that need to be reviewed to gain an accurate and comprehensive understanding of a target company's risk profile; (2) Understanding the key data and network infrastructure risks that need to be reviewed prior to providing a valuation for a company; and (3) Discussing how to review a company's cybersecurity and data privacy to truly understand the assets and liabilities that are part of the deal.