Due Diligence: Data Privacy & Cybersecurity Issues
John Jenkins
NOVEMBER 27, 2023
This Gibson Dunn memo reviews some of the privacy and cybersecurity issues that buyers should keep in mind when conducting M&A due diligence.
This site uses cookies to improve your experience. By viewing our content, you are accepting the use of cookies. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country we will assume you are from the United States. View our privacy policy and terms of use.
John Jenkins
NOVEMBER 27, 2023
This Gibson Dunn memo reviews some of the privacy and cybersecurity issues that buyers should keep in mind when conducting M&A due diligence.
Deal Law Wire
OCTOBER 20, 2022
Privacy and cybersecurity practices of target companies are being increasingly scrutinized throughout the due diligence process in M&A transactions. vulnerability and penetration testing), a buyer may not be comfortable with the company’s cybersecurity risk exposure.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
John Jenkins
APRIL 14, 2022
Privacy & cybersecurity concerns have followed a similar path. 10) provides an overview of privacy and cybersecurity diligence issues. Last week, I blogged about ESG due diligence, which has gone from a buzzword to a high priority item in M&A transactions in a short period of time. This Sidley memo (p.
Harvard Corporate Governance
DECEMBER 3, 2023
Many S&P 500 companies disclosed they have not experienced past material cybersecurity incidents; however, geopolitics and remote work have heightened cybersecurity risk. This post is based on their recent Deloitte report.
Harvard Corporate Governance
OCTOBER 10, 2023
In fact, as other areas of the business face tighter budgets this year, 48% of CEOs planned to increase investment in cybersecurity and data privacy, according to a survey from advisory firm PricewaterhouseCoopers.
Harvard Corporate Governance
FEBRUARY 20, 2024
Beyond the SEC, investors have also recognized the increased importance of portfolio companies successfully overseeing and managing cybersecurity risks. As cybersecurity risks have become more prevalent and costly, shareholders have put increased expectations on the Board, who is in place to protect the value of their investment.
Harvard Corporate Governance
MARCH 17, 2023
Securities and Exchange Commission, on Thursday, March 16, 2023 Tags: Cybersecurity , Data Privacy , investors , Regulation S-P , SEC enforcement , Transfer agents Statement by Chair Gensler on Amendments to Regulation S-P Posted by Gary Gensler, U.S.
Harvard Corporate Governance
AUGUST 17, 2023
The Securities and Exchange Commission (SEC) released its final rule on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure on July 26, 2023. Still, disclosure can seem a daunting prospect if your company’s cybersecurity program won’t withstand investor scrutiny. This post is based on their PwC memorandum.
Harvard Corporate Governance
SEPTEMBER 25, 2023
Although there is not one correct approach for overseeing AI risks, boards of companies that rely on AI for material products, services or operations (or relevant committee members) may want to consider receiving training on AI and associated risks, as well as management reports on the company’s use of AI.
Law 360 M&A
FEBRUARY 1, 2024
As law firms face ever-increasing risks of cyberattacks and ransomware incidents, the legal industry must implement robust cybersecurity measures and privacy-centric practices to preserve attorney-client privilege, safeguard client trust and uphold the profession’s integrity, says Ryan Paterson at Unplugged.
Harvard Corporate Governance
DECEMBER 30, 2022
Trust, Risk, and Opportunity: Overseeing a Comprehensive Data and Privacy Strategy. Tags: Cyber-risk , Cybersecurity , Data Governance , Data Privacy , Databases , Privacy. Posted by Maria Castañón Moats, Barbara Berlin, and Joseph Nocera, PricewaterhouseCoopers LLP, on Monday, December 26, 2022. Posted by Matthew C.
Cooley M&A
JULY 19, 2019
While some may view this as the ICO simply continuing to flex its muscle (in light of news of a £183M (approximately $123M) British Airways fine a day earlier), the Marriott fine and others likely to follow could have significant implications on future M&A transactions involving cybersecurity and data privacy matters.
Mckinsey and Company
SEPTEMBER 15, 2022
Consumer faith in cybersecurity, data privacy, and responsible AI hinges on what companies do today—and establishing this digital trust just might lead to business growth.
Law 360 M&A
JUNE 26, 2023
Attorneys are the weakest link in their firms' cyberdefenses because hackers often exploit the gap between individuals’ work and personal cybersecurity habits, but there are some steps lawyers can take to reduce the risks they create for their employers, say Mark Hurley and Carmine Cicalese at Digital Privacy & Protection.
Harvard Corporate Governance
MARCH 19, 2023
In recent years, however, these programs have become larger and more deeply integrated with companies’ core business strategies, including strategies for avoiding risks, such as those presented by gender and racial discrimination claims, the impacts of climate change, and cybersecurity and privacy gaps.
Harvard Corporate Governance
APRIL 22, 2022
Tags: Audit committee , Audits , Boards of Directors , Cybersecurity , ESG , Financial technology , Privacy , Risk , Risk management , Risk oversight.
Law 360 M&A
APRIL 17, 2023
Allen & Overy LLP said Monday it is continuing to expand its presence stateside with the addition of a cybersecurity and privacy expert as a new partner to lead the firm's U.S. privacy and data security practice based out of its Silicon Valley office.
Mckinsey and Company
SEPTEMBER 13, 2022
Consumer faith in cybersecurity, data privacy, and responsible AI hinges on what companies do today—and establishing this digital trust just might lead to business growth.
John Jenkins
JULY 9, 2023
The intro to the guide explains that screening activities have expanded in many jurisdictions to cover considerations related to cybersecurity, consumer protection, data privacy, supply chain and strategic sectors, and governments are increasingly willing […]
Deal Law Wire
JULY 13, 2023
Some important advice for companies looking to purchase AI in a recent Lexpert article authored by our Head of Technology and Co-Head of Information Governance, Privacy and Cybersecurity Imran Ahmad , Associate Roxanne Caron , and Associate Suzie Suliman.
Sun Acquisitions
MARCH 20, 2024
Cybersecurity Due Diligence As technology advances, the importance of cybersecurity in M&A transactions also increases. Buyers must assess the target company’s cybersecurity posture to identify potential vulnerabilities and risks. Technology is undeniably transforming the landscape of mergers and acquisitions.
Audit Board
JUNE 30, 2023
Cybersecurity The U.S. Securities and Exchange Commission (SEC) is continuing to release cybersecurity disclosure rules for public companies. Department of Labor (DOL) has announced new cybersecurity guidance for plan sponsors and fiduciaries regulated by the Employee Retirement Income Security Act (ERISA).
Audit Board
JUNE 30, 2023
Cybersecurity The U.S. Securities and Exchange Commission (SEC) is continuing to release cybersecurity disclosure rules for public companies. Department of Labor (DOL) has announced new cybersecurity guidance for plan sponsors and fiduciaries regulated by the Employee Retirement Income Security Act (ERISA).
Law 360 M&A
MAY 13, 2022
Jenner & Block LLP has added seven partners to the leadership of its data privacy and cybersecurity, corporate and professional responsibility practices, the firm announced Thursday.
Harvard Corporate Governance
AUGUST 26, 2022
Tags: Coinbase , Cryptocurrency , Cybersecurity , Insider trading , Liability standards , SEC , SEC enforcement , Securities enforcement , Securities regulation.
Audit Board
OCTOBER 26, 2023
In an era where cyber threats are omnipresent, businesses and individuals are investing heavily in cybersecurity insurance to safeguard against potential financial losses. However, cybersecurity insurance policies are not a foolproof method for transferring risk. What Is Cybersecurity Insurance?
Deal Law Wire
AUGUST 3, 2022
A few key areas to consider while conducting due diligence for an AI Transaction include data, cybersecurity, privacy, and intellectual property rights. Cybersecurity and Privacy. It is also important to note that legislation governing data privacy may soon change.
Audit Board
SEPTEMBER 29, 2023
In addition to financial penalties and disruption to the business, cybersecurity breaches cause reputational damage that can seriously harm the business. In addition, escalating IT compliance risk — exemplified by the recent passage of the SEC’s new cybersecurity disclosure rules in the U.S.
Audit Board
JANUARY 4, 2023
The United States is trying to catch up with the global data privacy laws passed in recent years. has struggled to pass its version called the American Data Privacy and Protection Act (ADPPA). Passing separate privacy laws is creating compliance issues for companies based or doing business in these states.
ThomsonReuters
APRIL 22, 2021
EBSA: Cybersecurity Program Best Practices; Tips for Hiring a Service Provider With Strong Cybersecurity Practices; Online Security Tips; News Release (Apr. A news release indicates that this is the first time EBSA has issued cybersecurity guidance. Best Practices. Hiring Tips. Online Tips. News Release. Hiring Tips.
Audit Board
AUGUST 28, 2022
Investing in your team’s skills and professional development via privacy education and certifications can help your company create a sustainable competitive differentiator while also retaining key individuals. . Why Invest in Privacy Education for Your InfoSec Team? Six Top Privacy Certifications. private sector.
M&A Leadership Council
AUGUST 24, 2023
The Art of M&A® / Due Diligence: Detecting Cybersecurity Risk An excerpt from The Art of M&A, Fifth Edition: A Merger, Acquisition, and Buyout Guide by Alexandra Reed Lajoux Editor’s Note: A growing number of M&A professionals are pursuing the Certified M&A Specialist , or CMAS ® credential.
ThomsonReuters
FEBRUARY 4, 2021
HHS’s Office for Civil Rights (OCR) has issued a report describing its 2016–17 audit program, which reviewed covered entities’ and business associates’ compliance with certain HIPAA privacy, security, and breach notification rules (see our Checkpoint article ). Few covered entities complied with individual access rights.
ThomsonReuters
MARCH 16, 2023
EBIA Comment: The reports include important data from the HIPAA complaints investigated, highlight areas of noncompliance, and provide insights into trends such as cybersecurity readiness. Contributing Editors: EBIA Staff.
John Jenkins
SEPTEMBER 9, 2022
This Norton Rose Fulbright blog provides an overview of the data, cybersecurity & privacy, and intellectual […] But like any emerging technology, the use of AI in a target’s business raises a bunch of issues that buyers need to address during the due diligence process.
Harvard Corporate Governance
JULY 22, 2022
Tags: Antitrust , Corporate Social Responsibility , Cybersecurity , ESG , GDPR , Privacy , Risk disclosure , Social media , Tech companies.
Reynolds Holding
DECEMBER 4, 2022
A new and potentially significant tool in regulatory enforcement is emerging for executives whose companies suffer a cybersecurity incident. Instead, where their actions—or inaction—related to cybersecurity are deemed egregious, company executives may be held personally liable. [2] million consumers’ personal information. [1].
Audit Board
JUNE 15, 2023
In the field of cybersecurity, risk management, and compliance, there are a collection of acronyms that you’ll hear often enough. This article will discuss NIST in detail, focusing on the NIST Cybersecurity Framework , or NIST CSF. The NIST CSF has five central functions: Identify, Protect, Detect, Respond, and Recover.
ThomsonReuters
JUNE 23, 2022
In addition to the HIPAA security rule, the SRA Tool draws from several sources, including publications issued by the National Institute of Standards and Technology (NIST), the NIST cybersecurity framework (see our Checkpoint article ), and—new for this version—Technical Volume 1 of the Health Industry Cybersecurity Practices (HICP).
John Jenkins
MARCH 21, 2022
This Proskauer blog discusses how the EU’s robust enforcement of cybersecurity and privacy regulations are increasing the risk of liability to PE fund sponsors & corporate parents for activities of their portfolio companies and subsidiaries.
ThomsonReuters
NOVEMBER 23, 2022
October 2022 OCR Cybersecurity Newsletter: HIPAA Security Rule Security Incident Procedures (Oct. OCR has released its latest cybersecurity newsletter on the importance of having policies and procedures to detect and respond to security incidents. Available at [link]. 6 (“Standard: Security Incident Procedures”).
ThomsonReuters
AUGUST 11, 2022
When developing security measures consistent with these implementation specifications, you may wish to consider the Health Industry Cybersecurity Practices (HICP) developed by a task group convened by HHS. In technical volumes, the HICP identifies “best practices” to mitigate security threats.
ThomsonReuters
JUNE 8, 2023
Indeed, the HHS press release cautions HIPAA covered entities and their business associates to “improve their efforts” to identify, deter, protect against, detect, and respond to cybersecurity threats and malicious actors.
ThomsonReuters
APRIL 15, 2021
EBIA Comment: Although this case involved identity theft, the court’s analysis did not specifically address cybersecurity standards. For more information, see EBIA’s 401(k) Plans manual at Sections XII.L (“Account Theft and Cybersecurity”) and XXIV.G.2 2 (“Selecting and Monitoring Service Providers”). Contributing Editors: EBIA Staff.
Expert insights. Personalized for you.
We have resent the email to
Are you sure you want to cancel your subscriptions?
Let's personalize your content