CF on Cyber: Cybersecurity Due Diligence in M&A Deals Under the CCPA and GDPR

Sophisticated due diligence in corporate mergers and acquisitions has long included an assessment of the cybersecurity posture and privacy protocols of the target company. But the new California Consumer Privacy Act (CCPA) and the European Union’s General Data Privacy Regulation (GDPR) have raised the stakes for compliance, particularly for target companies that process or collect personal information or otherwise earn a living from consumer data. In this podcast, cybersecurity attorneys Jack Clabby and Joe Swanson and M&A attorney Jackie Swigler offer their top five inquiries for cyber due diligence in this enhanced landscape. The discussion is of use both to those looking to invest in or acquire companies subject to the CCPA or the GDPR and to such companies or owners who are preparing for a sale or strategic partner. After a helpful overview of the applicable regulations and their impact generally, the podcast turns to a discussion of the top five tips beginning at around the 7:00 minute mark.