Securing a Successful Transaction through Focused Privacy and Data Security Due Diligence
Time 2 Minute Read
Categories: Information Security, Security Breach

Privacy and data security issues have become the subject of critical focus in corporate mergers, acquisitions, divestitures and related transactions. In 2016 and 2017, several large transactions, especially those involving telecommunications, entertainment and technology companies, have been impacted by either concerns about the collection and use of personal information or significant information security breaches. The FTC has sharpened its focus on the use of personal information as a factor in evaluating the competitive effects of a given corporate transaction, and the SEC is now closely scrutinizing privacy and data security representations made to investors in public filings connected to transactions. More broadly, privacy and data security problems that are not timely discovered before entering into an M&A transaction can become significant liabilities post-closing and also lead to litigation.

The Importance of Thorough Due Diligence

Because of this heightened concern, it is imperative that companies conduct thorough due diligence about privacy and data security issues before entering into a transaction. The goals of the due diligence process should be to help the parties in a transaction understand (1) what promises and representations a company has made with respect to privacy and data security; (2) whether a company needs to obtain any consents from consumers, employees or others post-transaction to be able to use the personal information previously collected; (3) how the parties’ information security programs are structured; (4) how the company has responded or could potentially respond to significant data breaches; and (5) the buyer’s potential liability for privacy and data security issues post-closing.

Hunton & Williams Can Help

Hunton & Williams has created a cross-disciplinary legal team dedicated to guiding companies through the minefield of regulatory and cyber-related risks associated with high-stakes corporate mergers and acquisitions. The new team brings together the firm’s renowned capabilities in privacy and cybersecurity with its recognized strength in M&A transactions.

Read the full client alert.

Tags: Consent, Federal Trade Commission, Liability, Lisa Sotto
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 2 Minute Read
Illinois’ Damages Limitation for Biometric Privacy Violations Applies Retroactively  

On April 1, 2026, the U.S. Court of Appeals for the Seventh Circuit held that the 2024 amendment to Illinois’ Biometric Information Privacy Act, limiting damages, applies retroactively to pending cases.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
FTC Issues COPPA Policy Statement Encouraging Adoption of Age-Verification Technologies

The Federal Trade Commission has issued a new Policy Statement encouraging the adoption of robust age‑verification technologies by pledging not to bring enforcement actions under the COPPA Rule against operators of general‑ or mixed‑audience sites that collect, use or disclose personal information solely to determine users’ ages, so long as long as they follow strict safeguards.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 1 Minute Read
FTC Issues Second Report to Congress on Cyberattacks

On February 6, 2026, the Federal Trade Commission announced its second report to Congress on its efforts to combat ransomware and other cyber attacks.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 1 Minute Read
Year in Review: Top Insurance Cases of 2025
By , , and

If recent years have taught insurance practitioners anything, it is that the most consequential coverage disputes rarely turn on novelty alone. In 2025, courts continued to resolve high‑stakes insurance disputes by returning to first principles—examining when claims are related, how losses and occurrences are defined and aggregated, and how policy language allocates risk across time and conduct. D&O coverage and other core insurance law issues again occupied center stage, while decisions in property, cyber, and liability disputes reinforced a familiar theme: policy interpretation remains the decisive factor in determining whether coverage is available in an increasingly complex claims environment. As the decisions discussed below demonstrate, 2025 confirmed that even as risks evolve, coverage disputes remain grounded in careful, policy‑specific analysis.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page