Experts following M&A trends predict that the volume of technology-centered deals will rise significantly in 2017. More than ever, businesses feel the pressure to innovate and expand in the digital age that we live in. As such, it is critical that, well prior to closing, a buyer properly completes its due diligence with regard to the target company’s data protection policies. Particularly, buyers should pay attention to trending technologies such as smart machine technology, which process large amounts of complex granular data, as well as platform-based technology.
What should buyers emphasize when performing due diligence investigation of technology? Confirming and understanding a target company’s data security capabilities should be among a buyer’s top priorities. A buyer should identify what, if any, data security policies are in place, and whether those policies are regularly tested to check for weaknesses in the policy itself and/or its implementation procedures. Another top priority should be determining what regulatory compliance issues may arise if the target company operates in a highly regulated industry such as health care or banking. As part of its due diligence, a buyer should request notifications of data breaches or other reports made to regulatory agencies from the target company to review the target’s exposure to breaches of those agencies’ regulations. Such a breach may include unauthorized access to customer information or network hacking instances.
Other necessary considerations a buyer should pay particular attention to are whether any of the target company’s customers are also the buyer’s competitors. In this situation, a buyer must strike a careful balance between accessing the target’s confidential data and making certain guarantees to these customer competitors to ensure that the customers do not fall away and affect the target company’s valuation. A buyer should also contemplate how the target company’s technology would integrate with its own. While it is impossible to imagine every condition that might arise upon integration, a quick comparison of the buyer’s own policies and procedures with the target company’s policies and procedures will allow a buyer to evaluate and select the best system for integration, or otherwise separation, of the technologies.
Finally, a prospective buyer should negotiate appropriate representations, warranties, and indemnification protections to address any risks associated with any data protection weaknesses identified during the due diligence phase of the transaction. These negotiations play an important role in holding the target company accountable for the accuracy of the information regarding the reliability of its data protection policies.
Roetzel attorneys can assist you in completing a strategic review and evaluation of a target company’s technology. If you have questions about this topic, or about technology M&A in general, please contact one of the listed Roetzel attorneys.
View PDF