Pierce Atwood Privacy and Data Security Practice Group Chair Peter J. Guffin recently was asked by Gartner to share his expertise on privacy and cybersecurity due diligence for its Board Briefing series. In recommending greater board-level oversight of due diligence, he was quoted in the Briefing stating, “There’s no one-size-fits-all approach to M&A, but from a cybersecurity perspective, the buying company should focus on vulnerabilities and red flags raised by the risk profile of the target company.”
Peter also shared these recommendations which were included in the Board Briefing:
- Expand privacy and cybersecurity clauses in M&A contracts in order to establish greater accountability
- Involve privacy and cybersecurity experts in due diligence to conduct comprehensive assessments of the regulatory landscape, which will help organizations identify top risks, establish robust mitigation plans, and establish clear accountability for the target company and broader M&A efforts
- Provide greater board-level oversight of due diligence, as regulators are requiring boards to exercise greater oversight of data management practices
In addition to Peter’s data privacy practice, he is a Visiting Professor of Practice at the University of Maine School of Law, and co-director of the school’s Privacy Law Program. Peter is a frequent speaker and author on issues of privacy and cybersecurity.