Topic: Privacy and data protection

Subscribe to Privacy and data protection RSS feed

Evaluating the Legal Risks of Data Assets in M&A

Data is an essential asset for many businesses, and one that is increasingly acquired through M&A transactions. Identifying and assessing the particular legal challenges of data assets is crucial for acquirers to mitigate the risks associated with these assets and unlock their full value. While issues will depend on the particulars of each transaction, the following is a high-level overview of significant considerations.

What rights in the data assets is the acquiring company receiving?

Evaluating a target company’s rights to their data assets is often more complex and uncertain than for more tangible assets. Such rights are often limited by … Continue Reading

How to ensure that emails of former employees do not fall through the cracks when purchasing a business

The importance of email in the workplace presents a variety of legal challenges when purchasing a business. Among those are concerns relating to emails and the email addresses of the seller’s employees who are no longer employed by the purchaser after closing.

First, there are confidentiality concerns in connection with former employees receiving information they should no longer have access to. Second, there are concerns that customers or other relevant individuals may be emailing former employees instead of the current employees of the purchaser. This can result in missed sales opportunities, gaps in customer service and a negative impact on … Continue Reading

Cybersecurity in M&A Transactions: Friend or Foe?

The heavy reliance on technology in today’s data-driven world means that cybersecurity threats must be taken seriously. More specifically, with respect to M&A transactions, a target’s cybersecurity mechanisms have become an important part of the due diligence consideration. Indeed, it is important to have a firm grasp on the nature and extent of a target’s cybersecurity vulnerabilities, the likelihood of a breach, and the procedure in place to remedy a breach, if necessary. These considerations have the power to significantly alter the value of a transaction, or even derail it entirely.

With the introduction of EU’s General Data Protection RegulationContinue Reading

(Un)masking value: how the data masking market can impact M&A activity

Recent rumblings about the “data masking” market have put this concept on the radar of many, which warrants a closer look at the relevant trends and the potential of data masking. The information age has made cybersecurity a necessity and the increase of data breaches and malware attacks have led to calls for greater data protection.

What is data masking?

Perhaps surprisingly, the purpose of data masking is more than just obfuscating original data in order to protect it. An additional layer is the process of creating a structurally similar, yet inauthentic version, of an organization’s data that can be … Continue Reading

AI as a solution for cybersecurity problems in M&A deals

Artificial Intelligence (AI) has immense potential as a solution for cybersecurity vulnerabilities in M&A deals. Generally, M&A deals generate value and as such, understanding vulnerabilities on the acquirer and target sides is important for completion of the transaction. With the common usage of networks and servers to store high volumes of data by corporations, vetting for cybersecurity attacks has become a priority in the M&A due diligence process. In a recent study, IBM reported that the global average cost of a data breach has risen 6.4 percent over a 12 month period to $3.86 million. The average … Continue Reading

A-I Captain! Know the legal risks of buying an AI company… or go down with the ship

On February 21, 2019, Blackberry completed its acquisition of Cylance, a privately-held artificial intelligence (AI) and cybersecurity company. Acquisitions of AI companies like Cylance are becoming increasingly common as businesses seek to realize the opportunities in offering much-improved products or services to their customers. Canada, in particular, has become a hotspot for activity in the AI industry.

Acquiring an AI company is not always smooth sailing. There are common risks that buyers must be aware of prior to embarking on an acquisition.

Know where the data comes from

An AI derives its value from data sets used … Continue Reading

Are you a processor of personal information?

The typical business model has significantly expanded in recent years, and often includes an element of collecting, using, storing or modifying personal information (also known as “processing”). If you are involved in processing personal information, you may likely be considered a “processor”. As a processor, it is crucial to understand the principles for processing data as well as the rights of the individuals whose personal information you are processing.

The following are some key principles for processing personal data:

  • Lawful Reason and Consent: Canadian privacy law typically requires processors to obtain consent from individuals in order to process their
Continue Reading
LexBlog