With the emergence of new regulatory frameworks like GDPR and the California Consumer Privacy Act, a greater understanding and protection of the oil running the engine has become top priority for companies of all sizes and industries.
Just as financial information and cyber risk realities have long required organizations to employ accountants and cybersecurity professionals to conduct frequent audits and implement proactive monitoring, data privacy now requires a unique level of organizational data diligence, in addition to the appointment of personnel such as data protection officers (DPOs) to serve as advocates for the plethora of consumer and employee data companies collect, store and manage.
- Data privacy: will it be as in vogue as it was in 2018?
- Regulation and compliance: staying secure in the face of increasing threats to privacy
- Data Privacy is having its day
Regulations are hindering M&A and investment momentum
While responsible handling of consumer and employee information and greater
overall understanding of organizational assets, which in turn, can be used to enhance business processes, represent the positive effects of enhanced privacy regulation, a concerning trend is the impact frameworks like GDPR are having on M&A activity. Recent research shows over half (55 percent) of M&A professionals have had deals fall through due to concerns over GDPR and target firms’ data practices, and 66 percent of those M&A professionals believe GDPR will increase acquirers’ scrutiny of data protection policies and processes of target firms.
Examples abound for how a lack of data privacy due diligence can lead to disastrous M&As, not to mention steep fines and public fallout. Starwood’s compromised database and ensuing acquisition by Marriott, for instance, demonstrates how even the world’s largest hotel chain isn’t immune to the dire consequences of poor data diligence and less-than-comprehensive understanding of assets being acquired. There was also Verizon and its discovery of a prior data breach at Yahoo! after having agreed to acquire the company, which led to a $350 million reduction in the purchase price, a $35 million penalty to settle securities fraud charges and another $80 million to settle securities lawsuits brought on by disgruntled shareholders.