Corporate data security breaches are at an all-time high, making data privacy and cybersecurity planning in M&A transactions more crucial than ever. Counsel for buyers should evaluate and prioritize data privacy and cybersecurity risks when assessing a potential target and through the contract and closing a deal.

Examining a target's data assets and identifying cybersecurity vulnerabilities are essential to valuing a deal, implementing risk mitigation measures, and planning for successful data integration post-acquisition. Due diligence should include an examination of the target's data inventory, data locations, data collection processes, privacy policies, security controls, information governance guidelines, risk assessment programs, and cybersecurity insurance policies for vulnerabilities.