Legal Integration Playbook: Strategic and Practical Information Governance Considerations in M&A
This article provides a playbook for the five key areas general counsel must address from a legal risk mitigation perspective, in partnership with records management and IT teams, during a merger or divestment.
November 12, 2019 at 11:45 AM
7 minute read
M&A activity in the United States has reached a total value of approximately $35 billion in the last 30 years, and activity has steadily increased over the last decade. 2017 held a record number of deals in a single year, up 12 percent over the previous year. Since 2000, transactions in the health care, financial services and energy sectors account for the majority of M&A activity. Alongside this rise in deal size, the scope and complexity of post-M&A activity is also increasing, introducing an entirely new set of considerations for in-house legal departments. For example, in recent months CBS and Viacom announced a merger, forming one of the largest media enterprises in the world. Several pharmaceutical sector leaders have announced strategic acquisitions, with Bristol Meyers Squibb's purchase of Celgene Pharma and AbbVie's announcement of its acquisition of Allergan.
While the executive suite focuses on the financials, strategic outcomes and growth potential, counsel must address a variety of additional issues to fully harness the strategic objectives of a deal. Many of these—such as merging legal hold systems, separating sensitive document repositories, reviewing contractual obligations and realigning data governance policies—involve a heavy lift. Even before those activities commence, counsel is often immersed in the complex and resource-intensive process of responding to second request investigations from regulators. After working to fulfill a second request and receiving clearance for the deal, in-house counsel has little breathing room before the legal integration process must begin. Early planning and securing the buy-in for resources and funds is key.
Initially, an Integration Management Office (IMO), typically sponsored by the CEO or COO, is established to work through the various merging or separating work streams across finance, records, IT, HR, legal, compliance and business units. While HR, finance and certain IT functions are often prioritized, information governance, compliance and records management also require due diligence and dedicated resources. As noted by Sedona Conference commentary on information governance, "Information is crucial to modern businesses. Information can have great value, but also pose great risk, and its governance should not be an incidental consideration."
Below is a playbook for the five key areas general counsel must address from a legal risk mitigation perspective, in partnership with records management and IT teams, during a merger or divestment.
- Data privacy. Whether a transaction involves entities governed by HIPAA, GDPR, the California Consumer Privacy Act (CCPA) or other data protection laws, organizations must assess and mitigate risk relating to personally identifiable information (PII) and other sensitive data. This includes addressing the locations and sources of PII for employees, customers, vendor partners and other data subjects and may require a thorough data mapping exercise. Understanding the flow of data—what is received, what is done with it, where and why it is stored and for how long—is critical in order to take action to maintain compliance with various data privacy regulations. As an example, PII that may be contained on networks and servers of a divesting company, but belongs to the employees and customers of the parent company, will need to be separated and scrubbed from the divesting company's systems. Data privacy programs may also need to be updated for the merged company or divesting company to assess if any new data privacy laws and regulations will be applicable to the new entity due to doing business in new geographies or service areas. Security must be addressed in the due diligence process to avoid vulnerabilities after the deal is closed. To this end, Sedona advises, "The parties should identify a deal team 'quarterback' with data privacy and security expertise".
- Contract intelligence. In pre-merger stages, counsel must make informed decisions about the target company's contract obligations, risks and liabilities contained in each party's contracts, Day 1 closing requirements and whether anything within the contracts may create barriers for the transaction. Post-merger, counsel should be leveraging outside technology providers and experts to identify synergies and opportunities for consolidation between contracts. This includes locating and benchmarking "most favored customer" clauses within contracts to drive value and optimize revenue.
- Legal hold and preservation. Acquiring companies must analyze the legal matters they are inheriting, including the custodian and data source landscape (employees, business and information systems, hardcopy records and their locations globally) and their impact to business continuity and legal hold obligations, navigating local laws and regulations around data preservation and data transfer. Close attention to preservation requirements and how acquired data sources are incorporated into legal hold workflows is critical to avoid data spoliation or inadvertent violation of a local data protection law in existing or future cases. This is also a good time for counsel to evaluate existing legal hold technology and whether it needs to be updated to meet the needs of the new litigation profile. Similar steps must be taken for legal matters that will be managed jointly or transferred to the divesting company for separating custodians and data to maintain ongoing legal hold data preservation obligations for companies being divested. Tactically, counsel or their delegates in information governance, records or e-discovery teams must be prepared to work with IT. Collaboration will be needed for email migration, collection and copying of data to appropriate secure networks or cloud storage, documentation of the preservation process and locations of data on legal hold and establishing points of contacts for requesting additional legal holds.
- IP protection: When a company is divested, it is critical for the parent company to separate its IP from departing network servers and other data sources that may contain critical business information and trade secrets. Without this step, both organizations may face trade secret misappropriation or data leakage. Stakeholders in various regions should collaborate on creating workflows for identifying files, folders and systems that contain IP in order to identify documents and data that need to be removed from the divesting company's networks or vice versa. Outside experts can support the team by developing custom workflows using a combination of file indexing technology solutions, AI enabled algorithms, data analytics, conducting sample document reviews and remediation applications that log and track decisions on a file by file basis throughout the remediation process.
- Resources. Executing legal integration activities during the commotion of a merger or divestment is often too resource-intensive for internal teams to manage alone. Counsel must secure executive sponsorship for these initiatives, and the resources needed to complete them. Bringing in outside experts with specialized skill sets across information governance, data privacy and legal hold management is a prime solution. This provides counsel with experienced project managers and ad-hoc resources to supplement the team in ensuring a smooth transition and sound risk mitigation. Many of these activities extend beyond Day 1, and outside resources can keep things moving forward while allowing the legal team to focus on their core day jobs. Outside experts are also able to step in and help counsel make a strong business case for securing initial and ongoing resources for mission critical legal integration projects.
While M&A activity is a massive undertaking for corporate legal departments, it also provides a timely opportunity to evaluate information governance programs. Teams can take a proactive approach to the process and identify best practices and checks and balances that should be built into the newly formed company to bolster legal hold, IP protection, contract obligations and compliance. The end result is an improved data governance framework and an overall stronger risk posture for the organization.
Rena Verma is a senior managing director in FTI Technology's information governance, privacy and security practice, with nearly two decades of experience in providing legal operations, e-discovery and information governance advisory solutions to legal departments and law firms.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllAs 'Red Hot' 2024 for Legal Industry Comes to Close, Leaders Reflect and Share Expectations for Next Year
7 minute read'So Many Firms' Have Yet to Announce Associate Bonuses, Underlining Big Law's Uneven Approach
5 minute readTikTok’s ‘Blackout Challenge’ Confronts the Limits of CDA Section 230 Immunity
6 minute readEnemy of the State: Foreign Sovereign Immunity and Criminal Prosecutions after ‘Halkbank’
10 minute readTrending Stories
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250