Blog hero image
Articles

Ensuring Data Privacy and Internal Accessibility During Mergers & Acquisitions

Published July 20, 2022

Mergers and acquisitions often result in complicated issues for legal teams regarding proper eDiscovery and Information Governance.

The subsumption or combination of both companies’ data sets creates the need to understand both data sets more clearly and to have a cohesive plan on how to treat the data moving forward.

In an ideal world, the acquired or merging target company coming on board has exactly the same strategy for Information Governance and data management as the purchasing company. But in reality, there are likely numerous differences between the two companies’ approaches.

Purchasing and target companies must understand their data prior to finalizing the deal to ensure that privacy and internal accessibility are maintained both during and after the transition, ultimately enabling the future success of the resulting combined company.

Gathering Data: Focus on Data Management

Mergers and Acquisitions result in a large volume of new and existing data that requires review by the related companies, their legal representatives, and potentially regulatory authorities.

So, having your in-house or outside counsel review every single piece of data on their own or turn over entire sets of data to regulatory authorities for review would take too long to complete, nor would it be cost-effective.

With the large amount of structured and unstructured data produced today, it is important to leverage eDiscovery and Live EDA technology to help determine which data is relevant for the action.

In a similar vein, redundant, obsolete, and trivial (ROT) data is best excluded from data sets before a merger or acquisition begins. For mergers and acquisitions that require regulatory oversight, as is the case for financial services, healthcare, or other large corporations, it is important to identify the data that regulators require to review and approve while excluding privileged, unrelated, and ROT data from the set.

IPRO’s guide, Data Governance and eDiscovery for Financial Services Corporations, offers tips for managing data involved in mergers and acquisitions, as well as other factors specific to the financial industry data management issues.

Protecting Your Assets: Managing Risk to Business Data

Data privacy is also a concern during mergers. For the company acquiring another or merging with its new partner, has the other company adhered to the same level of data privacy protection prior to and during the transaction process?

Invariably, the systems for managing the data differ. But they should discover if there is a process in place to ensure the data is combined and sorted correctly according to a new Information Governance policy the that combined company plans to utilize.

Adherence to regulatory standards is also an important point to review during mergers and acquisitions. Has the target company properly vetted its partners and vendors? For example, were all financial documents stored for an appropriate length of time and with the correct parameters for storage, archiving, and deletion?

If not, the purchasing company should be aware of what is their new potential liability is.

Ensuring Appropriate Internal Accessibility

Ensuring appropriate user access to data is also crucial during corporate mergers to ensure continued adherence to existing privacy regulations. Both companies must understand and be able to document who has access to what data during and after the transition.

Every new member, including outside counsel or consultants joining your team, should only have access to the data they need. Granting the proper access to each user protects that data from unintentional breaches through phishing attacks and unauthorized disclosure. Attentiveness to data access also protects against malicious actions like intellectual property theft.

Succeed and Proceed after Merging and Acquisitions

Having the tools to properly manage your data while mitigating risk must always be a key part of your organization’s strategy, even when you aren’t involved in a merger or acquisition process.

This preparation enables your legal team to devote its full time to analyzing, reviewing, and reporting on the data related to investigations.

IPRO offers solutions to help your organization understand and manage your data properly to ensure you remain compliant with privacy regulations while ensuring appropriate internal accessibility.