In our final installment on privacy, cyber security, and your board, we look at privacy and cyber issues in M&A. So you are thinking about acquiring a new entity? Divesting of current one? Due diligence will need to be conducted to best understand and evaluate privacy and data security issues and risks. Your board will expect this of you, especially as more and more data security issues receive top billing in the news. The board will want to make sure buyers have done their jobs and have looked at and understand the type of personal information the target acquisition collects and stores, how it protects such personal information, and the details surrounding any prior data security breaches suffered by the target. If divesting a company, expect that the other side will ask similar questions about privacy and data security. Boards, in thinking about their duty of care and oversight of privacy and data security matters, will want to make sure that these issues are not forgotten in the M&A process. For our prior post on this topic, click here for day one, here for day two, here for day three, and here for day four.

Putting it into practice: When entering into the purchase or sale of a business, boards are becoming more and more focused on privacy and data security issues and ensuring the appropriate due diligence is conducted to address such risks and issues.