Every company has its own data privacy policies and compliance strategy. But what happens when two companies merge, or one buys out the other? And what if one of those companies regularly deals with more jurisdictions or stricter privacy laws, or has a more restrictive approach to privacy policies than the other?
Today, we’ll take a quick look at how business owners can approach privacy compliance during an acquisition.
Both company leadership teams should discuss each other’s privacy approach and policies as part of the acquisition process. For the buyer, that means:
For the seller, awareness means:
The leadership of both companies (as well as their legal teams) should also examine their existing technology and processes for privacy compliance, as well as any planned or proposed changes. One company may very well have a more robust approach than the other. For instance, a California-based business must consider the state’s comprehensive privacy laws every time it collects or processes data. A business based in Texas, a state with no privacy laws currently, has fewer regulations. (This doesn’t necessarily mean that the Texas-based company has a bad privacy approach – it simply means they haven’t had to contend with strict legislation before.) When the two merge, the company with a more robust privacy system may be the best choice to move forward.
Adopting the more comprehensive privacy approach allows the new combined company to begin “future-proofing” itself immediately. A national privacy law may pass in the US soon, and individual states have been adopting their laws. Not to mention the very comprehensive and very strictly enforced privacy laws elsewhere in the world! It’s better to start with a system that can adapt to new laws than to build one from the ground up at the last minute.
Both companies gathered data long before the merge. Now, they face the task of not only combining their separate data collections, but also handling it legally through the whole process. The purchasing company will be responsible for all of this data and any compliance mistakes that they may inherit from the selling business.
Several key considerations here include:
During a company merge, there’s plenty going on already. Don’t let privacy fade into the background! Get in touch with our team of experts today for help giving your new privacy strategy the attention it needs.