ThinkstockPhotos-87341406-webThis article is the third in a series of articles that discuss the importance of privacy and data security considerations in the transactional context.

In any transaction in which an entity invests in or acquires another business or its assets, the investing or acquiring entity (the “Acquiror”) should fully evaluate its counterparty (the “Company”), the Company’s assets, and the Company’s liabilities and risks prior to the consummation of the transaction. A spate of significant data security incidents and exposés in the past few years has raised awareness across industries of the need to adequately contemplate privacy concerns and appropriately secure data systems. Businesses, acquirors, and investors increasingly understand that expensive data security incidents, lawsuits, and government investigations can result from basic failures to comply with applicable privacy laws or data processing contracts or, with regard to information security, well-established industry best practices.
Continue Reading Privacy and Data Security Due Diligence

ThinkstockPhotos-87341406-webThis article is the second in a series of articles that discuss the importance of privacy and data security considerations in the transactional context.

In light of numerous costly security breaches affecting disparate sectors of the American economy, public companies—ranging from merchants like Target Corporation and The Home Depot to technology firms like Adobe Systems, and from entertainment companies like Sony Entertainment to insurers like Anthem Blue Cross, to name a few examples—are under increased pressure to ensure that cyber risks are appropriately evaluated, addressed, and disclosed to investors. Because of the increasing number and cost of data security incidents, the U.S. Securities and Exchange Commission (SEC) has taken an active role in advising public companies on how to appropriately manage and disclose cyber risks. SEC cyber risk guidance to date, outside of advice specific to the financial services industry, relates to: (i) the responsibilities and duties that boards of public companies must bear with regard to cyber risk; and (ii) the manner in which public companies should disclose (when appropriate) the relevant cyber risks in company filings with the SEC.
Continue Reading Navigating Public Company Cybersecurity Obligations: Advising Boards and Disclosing to Investors