Marquee Background
Marquee Background

Offit Kurman Blogs

M&A Nuggets

M&A Nuggets: Be Prepared for Due Diligence, Before You Go to Market Part 3 – Privacy Policies

September 22, 2022

By Glenn D. Solomon

This is Part 3 of a series on steps business sellers should take to make sure their house is in order before going to market.  The Health Insurance Portability and Accountability Act, better known as HIPAA, was enacted in 1996 as one of the first laws to protect the privacy of personal identifiable information.  The increase in attempts by cybercriminals to obtain or hold hostage private information, whether through ransomware, phishing attacks or other efforts, has been in part the reason for spurts in the enactment of additional privacy laws to protect personal information.  As a result of the greater susceptibility of personal information to attack and the increase in the number of laws designed to protect the information, privacy laws and policies have become one of the due diligence areas most focused on by buyers.

To be prepared, sellers must first understand which privacy laws apply to them.  In the United States, HIPAA, which is designed to protect healthcare information, is the most significant federal law.  At present, there is no overall federal law protecting privacy information in general.  However, several States have enacted their own privacy laws, including California, Virginia, Utah, Colorado and Connecticut, and more are on the way.  It is important to determine whether these laws apply to your business.  A State’s law may apply to your business even though you do not do business in that State.  Among the most important overseas laws is the General Data Protection Regulation, known as GDPR, which regulates the information of residents of the European Union.  Again, just because your business does not operate in the European Union does not mean that your business is not subject to the GDPR, as that law applies to businesses that collect and process information of European residents.

The privacy laws establish policies and standards that must be followed to protect personal information.  Once it is understood what laws are applicable to your business, the next step is to determine whether your business has in place the policies and standards that are required, including whether its online privacy policies and terms of use are sufficient.  Making sure that your business is in compliance with privacy laws will not only go a long way to protect the personal information of persons who do business with you (your employees, customers and members of the public who visits your website or app), but will provide comfort to potential buyers that you have adequately dealt with this area of high risk.

If you have any questions about this or any other M&A issue, please contact Glenn Solomon at gsolomon@offitkurman.com or 443-738-1522.

Categories: M&A Nuggets

Related People

Related Services

  • Posts
  • About
  • Subscribe

Firm Highlights