Corporate information (or so-called sets of ‘Big Data’ within organisations) has grown in volume and prominence over the past decade (Rossi, 2016). This growth shows no signs of stopping – instead, every indication suggests that it is accelerating (Davis, 2016). And as technology has modified individual behaviour, these large data sets are also changing traditional due diligence norms associated with mergers, acquisitions, divestitures and asset purchases in some important ways.

One is how the practice of diligence is performed in virtual deal rooms, incorporating and manipulating digital data in ways unheard of a decade ago (Clayton, 2016). A second is the change in how deal valuation now includes an increased focus during the due diligence analysis that goes ‘beyond just the numbers’ and instead incorporates ‘non-tangible assets and more qualitative analysis’ as part of the ultimate decision as to whether a deal should happen (E&Y, n.d.). And a third, the focus of this piece, is the issue of data security – how the data security practices of the target of a deal matter now more than ever when acquirers are evaluating deal success rates, relative values and the chances for success in the post-deal integration world.

Addressing data security in deal strategy

Some authors have addressed ways in which practitioners can incorporate e-discovery, data privacy, information governance and data security considerations (Janssen et al., 2016) into traditional due diligence checklists and practices (Sherer et al., 2015). They have even presented specifics as to how these factors might be incorporated into valuation discussions during the deal negotiation process (Sherer et al., 2016). This detail is important and necessary for those deal participants who are tasked with implementing strategy. But another crucial audience requires higher-level guidance that summarises general themes of deal data security due diligence: those deal participants that are making decisions, rather than executing strategy.

Apr-Jun 2017 Issue