The past few years have witnessed the unprecedented rise of Big Data. Fully 90% of today’s data was created over just the past two years. Businesses now double the amount of data they capture and store every 1.2 years. And, every two days, we create as much information as we did from the beginning of time until 2003. Corporate employees now routinely access corporate networks from remote locations and are estimated to each possesses three separate mobile devices that can be utilized for that purpose.
In light of these facts, it’s not surprising that we also recently have witnessed a surge in information-related liability. Data breaches are now front page news, and they often lead to reputational damage, class action litigation and regulatory scrutiny, any one of which can threaten the viability of many organizations. Massive data stores can lead to crippling eDiscovery costs for litigants, and cyberterrorism, which threatens proprietary information assets and critical infrastructure, is a matter of national security.
In light of these modern-day realities, dealmakers cannot go back to “business as usual” when it comes to conducting due diligence in connection with mergers, acquisitions or similar transactions. Today’s M&A due diligence must also focus on the target entity’s information and its related and practices.
In addition to traditional areas of due diligence inquiry, such as financial condition, assets, and tax issues, deal makers now need to delve into the information owned and controlled by the target entity and how that information has been governed. The goal should be to uncover risks and liabilities associated with the target entity’s data so that the deal can be appropriately valued or, perhaps, avoided altogether.
Dealmakers should ask what information the target organization is responsible for, does it know where all its information is located, does it have policies governing the collection, storage, use and disposal of information, and are those policies current and enforced. Dealmakers also should inquire as to how the target entity secures its computer networks and other information assets, and whether it has any history of data breaches or data security incidents.
No deal maker wants to buy a breach or a data set that will drag them into years of costly litigation, especially if those issues could have been identified during the due diligence process. Information governance inquiries aimed at uncovering the big risks that might be associated with Big Data should be an important component of today’s corporate deal-making processes.