Tag archives: privacy

(Un)masking value: how the data masking market can impact M&A activity

Recent rumblings about the “data masking” market have put this concept on the radar of many, which warrants a closer look at the relevant trends and the potential of data masking. The information age has made cybersecurity a necessity and the increase of data breaches and malware attacks have led to calls for greater data protection.

What is data masking?

Perhaps surprisingly, the purpose of data masking is more than just obfuscating original data in order to protect it. An additional layer is the process of creating a structurally similar, yet inauthentic version, of an organization’s data that can be … Continue Reading

Are you a processor of personal information?

The typical business model has significantly expanded in recent years, and often includes an element of collecting, using, storing or modifying personal information (also known as “processing”). If you are involved in processing personal information, you may likely be considered a “processor”. As a processor, it is crucial to understand the principles for processing data as well as the rights of the individuals whose personal information you are processing.

The following are some key principles for processing personal data:

  • Lawful Reason and Consent: Canadian privacy law typically requires processors to obtain consent from individuals in order to process their
Continue Reading

Data privacy in M&A: new reporting and notification requirements

It is time for organizations to think ahead and prepare for new requirements imposed under the Digital Privacy Act (formerly known as Bill S-4). The new requirements, which will result in significant amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA), will come into force on November 1, 2018.

The new requirements impose mandatory reporting and notification for data breaches. Once in force, organizations subject to PIPEDA will be required to notify the Privacy Commissioner of Canada (the Commissioner) and affected individuals in the event of a data breach. Organizations must do so if the … Continue Reading

Legal update: new European data privacy law comes into force on May 25, 2018

On May 25, 2018 the European Union’s General Data Protection Regulation (GDPR) will come into force. The GDPR will create new requirements for Canadian companies that handle the personal information of European individuals. The GDPR also allows for heavy penalties to be imposed on organizations that fail to comply with this new regulatory regime. Based on this, Canadian companies who are involved in M&A transactions should be sure to determine whether the GDPR applies to a target and carefully consider the risks associated with non-compliance.

The GDPR regulates the processing by an individual, a company or an organization … Continue Reading

Better, faster, stronger: revamping the M&A due diligence process with Artificial Intelligence platforms

Voluminous information in M&A transactions

M&A transactions can be time-intensive, often involving contract discovery and analysis, due diligence, data room preparation, verification of representations and warranties, privacy issues and multijurisdictional privacy legislation and intellectual property protection, among other important aspects. As deals become larger in value and scope, the review and analysis of the foregoing information becomes both voluminous and jurisdictionally dispersed. The international nature of companies and deals often result in contracts that are drafted in languages other than those commonly spoken by the lawyers on a file. To maximize efficiency, minimize errors and drive down costs, law firms … Continue Reading

Cyber security: what the hack?

In a previous blog post, we discussed how to manage cyber security risks during the negotiation and due diligence stages of an M&A transaction. In this post we discuss cyber security insurance as a tool for managing this unwelcome risk.

The cyber security risk

Although businesses have been ramping up their information security systems, the pace of cyber security breaches is not slowing down. One study estimates that cybercrime will cost businesses $2.1 trillion globally by 2019. And, as recent security breaches have taught us, a security breach can have reputational, moral, and deeply political complications. The 2014 hack … Continue Reading

Digital Privacy Act streamlines M&A procedures

On June 18th the Digital Privacy Act (Bill S-4) received Royal Assent. This new law provides long overdue amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA). The Digital Privacy Act amends a wide range of PIPEDA provisions from consent to the expansion of the Commissioner’s powers. Easily overlooked in the sweeping amendments are important changes to the consent rules surrounding prospective business transactions. In short, the new rules allow companies to share personal information in prospective business transactions without first obtaining the consent of the persons whom the information is about.

In PIPEDA’s pre-amendment … Continue Reading

What the Ashley Madison hack tells us about M&A security risk

The online service Ashley Madison is reeling from a catastrophic data breach that resulted in the public exposure of its customers’ sensitive private information.  Ironically, the Ashley Madison hack was a very conspicuous and public affair. However, not all cyber security breaches are publicly broadcasted. Most hacks are done surreptitiously such that the hacked company would not know (at least not right away) that it has been attacked. Such “private” hacks can go undetected for months or even years after the initial cyber security breach, and the consequences and damages resulting from the breach are therefore very difficult to predict, … Continue Reading

Privacy breaches and M&A transactions: the importance of due diligence and doing it cautiously

world-mapData and privacy breaches have garnered much media attention as of late and the list of companies that have experienced a breach is mounting. The potential costs to companies resulting from large-scale privacy breaches are immeasurable. In addition to the costs associated with resulting litigation (often in the form of privacy breach class actions), publicized breaches come with reputational harm.

As a result, companies and organizations considering M&A must be alive to privacy issues and privacy laws. While appropriate due diligence can help guard against liability for privacy breaches, companies should be aware that there are privacy risks associated with … Continue Reading

LexBlog