Posted In: Business Transactions & Corporate Counseling, Cybersecurity & Data Privacy & Cybersecurity & Data Privacy
Industry:
Technology
Corporate TIPS Blog: The Importance of Due Diligence for Transactions
By Brian D. Merklin on August 7, 2019
The due diligence period is a crucial time in any deal. During the diligence period, advisors are digging into every aspect of the target company, analyzing financials and substantiating contracts. However, technology is often over looked. Technology plays an important role in M&A transactions and the due diligence required prior to closing any deal. Both the intellectual property and technological assets of the target company, as well as the current privacy and compliance aspects of the company, must be thoroughly evaluated. Ensuring that the target company has enforceable rights to the intellectual property being purchased is important, especially to protect the purchaser from claims of infringement.
Equally important is determining whether the target company is in compliance with data privacy laws in force around the United States and the world, such as California’s Consumer Privacy Protection Act and the European Union’s General Data Protection Regulation, or other similar laws. It is also imperative to determine whether the target company has ever been impacted by a data breach and is required to give notice regarding the incident. Awareness of these types of issues is critical to avoiding landmine situations, which may involve a misunderstanding of assets or unwanted liability.
Equally important is determining whether the target company is in compliance with data privacy laws in force around the United States and the world, such as California’s Consumer Privacy Protection Act and the European Union’s General Data Protection Regulation, or other similar laws. It is also imperative to determine whether the target company has ever been impacted by a data breach and is required to give notice regarding the incident. Awareness of these types of issues is critical to avoiding landmine situations, which may involve a misunderstanding of assets or unwanted liability.
Intellectual Property Rights, Licenses, and Assets
Every M&A transaction is unique, involving different assets and diverse industries. Understanding the assets involved, and the industry is one of the first steps in due diligence. Many industries utilize intellectual property, whether it is self-owned, or licensed. Determining whether self-owned intellectual property is properly protected is important.
It is also critical, when licensed technology is included, to ensure that the company is in compliance with and properly owns all applicable licenses. If running the business requires certain technology, and there is a question regarding those licenses, it is important to act cautiously to avoid missing critical licensure information. Ensuring that the licenses are easily transferrable or assignable is important so that the successor business or user can employ the technology without the threat of loss. This is especially important when the licensed technology forms the basis of the operations.
Data Privacy
Data breaches seem to be common place these days. From Target to LabCorp to Marriott International, companies of any size may be compromised. Therefore, it is imperative, to evaluate the target company’s data privacy protections, procedures and history to determine whether there is any unknown risk regarding liability for data privacy breaches. Ensuring that the correct protections and procedures are in place is pivotal in mitigating potential future loss to the fullest extent. Under Ohio’s Data Protection Act, a company can fall under a safe harbor provision if it enacts certain specific security frameworks to protect against data breaches. If the target company has these policies and procedures in place, the threat of future loss or liability to any successor is greatly reduced. Additionally, exploring a company’s history as it relates to data privacy, as well as looking at its current data privacy programs and procedures can help a purchaser evaluate the potential for loss or risk.
Conclusion
Thorough due diligence as it relates to the technology and data privacy of a target company in an M&A transaction is important to ensure that the buyer has access to the technology it needs. As important, however, is determining the amount of risk, and the steps to avoid liability. Both of these goals can be achieved through thorough due diligence that is specifically crafted to explore these issues.
Mergers and Acquisitions involving technology and intellectual property can become complex quickly, and although this article may provide insight into the basics, you should consult with legal professionals to ensure that you are meeting objectives in any transaction. Brouse McDowell is here to help our clients navigate these tricky waters. Brouse McDowell offers legal services related to mergers and acquisitions of technology- and intellectual property-based assets or companies, including data privacy and cybersecurity audits, due diligence related to pre-breach and cybersecurity planning services, cybersecurity and data privacy transactional services, data regulatory compliance services including GDPR, breach response and disclosure obligation services, cyber liability insurance review, and any related litigation issues regarding cybersecurity and data breaches (investigation, defense, insurance recovery and response). Contact us for more information.
This blog is intended to provide information generally and to identify general legal requirements. It is not intended as a form of, or as a substitute for legal advice. Such advice should always come from in-house or retained counsel. Moreover, if this Blog in any way seems to contradict advice of counsel, counsel's opinion should control over anything written herein. No attorney client relationship is created or implied by this Blog. © 2024 Brouse McDowell. All rights reserved.