Part 2: Risks Associated with Transfers of Personal Data and Post-Closing Integration
One aspect of mergers and acquisitions that is receiving growing attention is the relevance of privacy issues under U.S. and European Union (“EU”) laws as well as the laws of a growing number of other jurisdictions. This two-part blog post discusses the principal M&A-related privacy risks and highlights certain “traps” that are often overlooked. In Part 1, we discussed risks associated with a target’s pre-closing privacy-related liabilities and considered ways to mitigate these risks through adequate diligence and privacy-related representations in M&A agreements. In this Part 2, we discuss the risks associated with transferring or disclosing personally-identifiable information (“personal data”) of an M&A target (or a seller) to a purchaser (or prospective purchaser) and those associated with the purchaser’s post-acquisition use of such personal data.