Wiley’s Privacy, Cyber, and Data Governance and Corporate Practices advise clients pursuing mergers, acquisitions, joint ventures, and other transactions involving companies collecting, using, and sharing consumer data. Federal, state, and international laws widely regulate companies’ use and management of data, and companies’ data management practices can create significant risk in transactions.
These laws are not static, and a company can face significant liabilities if it is unprepared to deal with evolving laws and expectations around data privacy and security. Corporate directors and senior management are expected to identify and manage cybersecurity and privacy risks in mergers, acquisitions, and other deals. We regularly partner with transaction co-counsel to evaluate the regulatory impact of specific privacy or cybersecurity matters, including government investigations and liability risk.
- We advise clients on effective due diligence to understand legal obligations and risks of collection and use of personal data, including risks related regulatory interest or investigations.
- We counsel companies on cybersecurity risk management programs, supply chain management, vendor and third party risk management, among other topics relevant to diligence in corporate transactions.
- We regularly counsel clients on privacy laws ranging from the European Union’s General Data Protection Regulation (GDPR), to federal privacy laws enforced by the Federal Trade Commission (FTC), to state laws such as the California Consumer Privacy Act (CCPA) and the Illinois Biometric Information Privacy Act (BIPA) – and we monitor and track potential developments at the congressional, agency, and state levels.
- We also counsel on risks and best practices in cyber and data security, including FTC requirements, the National Institute of Standards and Technology (NIST) Cybersecurity Framework, state laws including California’s Internet of Things (IoT) data security law and the New York Department of Financial Services Cybersecurity Regulation, and other information security requirements.
- We advise clients across a wide range of sectors, including technology, media, financial services, insurance, government contractors, retail, and telecom providers.
Our privacy, security, and data governance counseling builds on Wiley’s decades of expertise in advising on regulatory aspects of complex and high-profile media and telecom transactions. With the emergence of such laws as the GDPR and CCPA, the proliferation of litigation and regulatory interest around data breaches and biometric data collection, and the prospect of more laws to come, diligence on privacy, cyber, and data governance has become a critical part of evaluating and structuring transactions.
A sample of our recent representative experience includes:
- Represent private equity investment firm with billions in capital with privately negotiated investments involving cybersecurity and privacy diligence reviews of target companies. A recent example included analyzing a target company’s investigation, response, and recovery from ransomware event impacting customer financial data.
- Counseling private equity investment firm on compliance and risk management activities of portfolio companies’ cybersecurity and privacy programs.
- Represent a major telecommunications carrier evaluating joint venture and acquisition targets to assess compliance with multiple federal and state legal regimes related to consumer data collection, handling and use; consider regulatory and litigation risks along with contractual and operational mitigations including indemnifications.
- Conduct privacy due diligence on behalf of major advertising and software firm acquiring a location data startup.
- Advise client on due diligence on financial privacy laws and potential mitigations in transaction structuring.
- Represent client in due diligence to assess regulatory exposure due to pending federal and state investigations in due diligence process, and assist in handling matters post-acquisition.
- Artificial Intelligence (AI)
- Connected & Autonomous Vehicles
- Cyber and Privacy Investigations, Incidents & Enforcement
- Cyber Insurance
- Digital Assets, Cryptocurrencies, and Blockchain
- Digital Health
- GDPR and Global Privacy
- The California Consumer Privacy Act (CCPA) and the California Consumer Privacy Rights and Enforcement Act (CPRA)
- Transactional Support and Due Diligence on Privacy and Cybersecurity