Streamline Sales Due Diligence for Government with airSlate SignNow

How to create outlook signature

thank you for joining tuned for Shelton associates in our time 18 Weber Wednesday Siri we are coming to you live from downtown Washington DC our webinars are every Wednesday into any upcoming schedule on our website past webinars and all ance are also on our website and our YouTube channel one of the writers secured a recording from federal contracting topic of our complimentary we have questions for our speaker today you can email him directly to the contact information you'll see on the last slide all right it's just a little bit about us we are watching to DC based firm and provide services to federal contractors this ranges from market analysis reports to proposal writing and also post-award compliant confirmation is on our website this visit us there we do offer advertising on our newsletter so you can feel free to reach out to us and we'll get back to a lot bigger speaker today's come in conference you can be covering a framework for due diligence with data and M&A transaction thank you for joining us today Kevin I'm going to go and hand over to you Thank You Mallory I appreciate the opportunity to talk about this I for those of you who joined who were at the earlier talk at 12 o'clock this will go into more details around framework for due diligence and a transaction around data and by that I mean the transaction is necessarily around data but but there's an M&A transaction there's data is being involved in the target company how you go about looking at what the what the risks and not and what the value of that is so if you go to the next slide please now so as I mentioned at 12 o'clock I believe that data is an asset in more and more organizations and so therefore as a lawyer I look at ways to make sure that the organization can protect this value and minimize the operational legal risk and when you think of it in that way and you're doing a corporate transaction in M&A or an investment you want to make sure that you do sufficient due diligence around the data assets to make sure that you understand what you're acquiring that the value is there even if it doesn't show up on the on the financial statements at least that the value that you expect us you're going to get from an operational standpoint is there and that you can minimize the risk and so that's why you know I've developed this framework for due diligence of data in the corporate transaction next slide please Mallory so today I'm going to be talking about five separate areas please go back please go back one yeah so today I'm going to be talking about five separate areas that I think are important to think about from a is a framework standpoint one are the operational considerations how the target company uses the data second is ownership rights who has ownership or intellectual property rights or any other rights associated with the data in the organization the target company what are their internal policies and procedures associated with with that data and how they use it what obligations and rights do they have in contract licenses agreements whether those be customer contracts whether those be website Terms of Service what are those the customer agreements all the different ways that they're ingesting data into their organization either directly or indirectly and then developing products and services what what obligations are rights associated with that and then looking a little bit at insurance as a way to help protect against any risk and understand what what is covering what's not covered in the target company next slide please Mellie so I'm going to sort of walk through a number of questions that I think about when doing due diligence around data and then from this for surfers that will be around operational considerations so what type what can what data does the target company obtain from third parties and how do they how do they obtain it so that might be directly from consumers through a website or by providing a product and services it may be from third parties that they license data from it may be part of a software service that they provide and then they get certain data as part of that as well as increasingly happen within within companies so just understanding how the company is obtaining data is going to be important and this isn't just personal information it's any type of data that may be subject to being used by the target company next the next piece of that is how does the company use and store the data that's going to be an important consideration as well if for those of you who familiar with data protection and privacy laws mapping the data is very important for an organization understanding where it's resides what countries what servers who has access to it from a privacy standpoint is important but it's also important from a larger standpoint understanding of what a target company has where the is who has access to it are they adequately trained for the particular use particularly if it's being used in products and services is going to be important and are they familiar with and are they following the laws and policies particularly with regard to personal information whether that be the GDP are or whether that be data breach laws whether that be the California consumer Privacy Act which is going to be coming in implemented in January of this year any of those laws are they aware of them are they taking steps to protect against that and that's going to be increasingly important particularly around personal information but also around other types of information that are that are being used to develop products and services or use internally for decision-making next slide please Mary similarly to the data protection is what sort of cybersecurity measures has the target company implemented are those adequate are those do those satisfy certain regulatory concerns for instance if they're the financial industry or the health industry those are important considerations as well if they're government contractor are they aware of the new requirements the government's imposing particularly familiar in the Department of Defense and are they was up to up to speed on those all of those considerations need to be looked at understanding whether the target company has been sued or threatened with a lawsuit or subject to investigation from a regulatory standpoint or whether they've had to do an analysis because they had a concern that there's been a data breach and they didn't know if they needed to satisfy certain state data breach requirements all our measures that an organization will want to take and as has been shown in the past couple years failing to do that has resulted in significant operational and penalties for companies who have acquired a liability associated with a data breach or a breach of personal information so this isn't particularly important and as a data being used in decision making is it is it fit for purpose for the applications being used as I mentioned on the earlier call there are different types of data quality standards that should be considered is it accurate enough is it precise enough is timely enough is it complete enough I'll do that does the organization have Quality Assurance and quality control processes in place to make sure that those decisions are being made with data that is of sufficient quality and those are going to be increasingly important particularly as we start moving into AI and machine learning and decision making is being made more and more in a black box if you will based on algorithms and understanding where the data is coming from is going to be very important next slide please memory so the next set of issues around as I said ownership rights understanding does the company create data products and services that are shared externally and if so are they providing adequate protection their agreement or from a technical standpoint to make sure that the value associated with that data is being protected and similarly if the target company is using data from third parties is it complying with the requirements or so that those third parties have from an intellectual property standpoint from a contractual standpoint and as products and services are being used around or being developed using a variety of sources both internal and external making sure that the derivative products that may be created are being are subject to are complying with the applicable licenses or agreements and also that they're protected going forward so those are going to be increasingly important issues and the due diligence inquiry as well next slide please I have a specific section on open data let's just have a question on okay open data and this isn't applicable to a lot of companies but many companies particularly in the government space are using open data as part of their products and services and understanding what the licensing terms associated with that are if they're instance for instance if they're subject to share alike provisions much like in the open open software licenses understanding that it's going to be increasingly important there's a tendency within the open data community to think that thinks that data can and should be shared freely but they're all subject to license agreements in in my experience some organizations are less aware of the risks associated with all the terms associated with those an if you're requiring company you don't want to take on that risk or at least you want to understand what that risk may be as I mentioned the derivative products you want to understand what the respective rights of all the different parties that have contributed to that directive products are making sure that there's no there's no risk of someone coming back and saying that they have certain rights and that derivative product and I mentioned scraping data for some organizations there is a policy to go out and collect data off the websites of third parties and integrate that into their decision-making or into their data holdings and the law around that is still somewhat unclear and can vary from jurisdiction to jurisdiction so just understanding what those are but those laws are and how the data was collected and what rights that data was subject to what type of data it is are all part of the process that I think organizations need to need to consider when they're doing due diligence to make sure that the target company has you know is complied with or has taken the steps necessary to make sure they're in compliance with a lot next slide please Mary so is any type of due diligence process understanding internal policies and procedures is important certainly from a data protection standpoint that's the case understanding what privacy policies they have in place whether those privacy policies whether they're internal policies that can make sure that those privacy policies that external privacy policies are being complied with is there a sufficient size security response if there's been a breach who's responsible is there a point of contact has there been sufficient training for individuals both around cybersecurity data protection is there a data breach response plan if so has it been complied with if there was a data breach is there a business continuity plan are those plans adequate for the situation for the from a business standpoint and in some cases for insurance coverage as well so all of those things are that need to be addressed and understood in a in a due diligence process and then Quality Assurance quality control force policies and procedures do they understand the risks or potential risks associated with the data that they're using for products and services whether they be external or internal and if so is there someone making sure that they are it's accurate enough timely enough complete enough and not being used for other purposes because sometimes once data gets into an organization and someone sees its value it can be it can be used for another purpose because it data often seems that it can be but just because it can be used for another purpose doesn't mean it's a sufficient quality unless you have unless your target company has some folks who are very familiar with the you know data science and quality issues sometimes data can be used in the way that it's not fit for it so it's important to be able to support be able to balance those and make sure that the organization have policies in place to deal with that next slide please memory so I put contracts licenses agreements in my mind the privacy policy that an agreement that an organization puts on it's on his website making sure that it's complied with those policies is very important for those of you who follow privacy you'll know that one of the areas of where the Federal Trade Commission has gone after companies is when they have say they're going to do something on your privacy policy on their website and then they don't actually do it that's an area where the FTC can go after you even if it's not technically a violation of privacy policy privacy law itself it can be considered a deceptive or unfair trade practice and so it's important to make sure that the organization can can do what it says is doing and a website and has been doing that and that you as the acquiring company can do the same thing and then also as an any type of asset making sure that the agreement with vendors and customers on both you're sure will refer to any type of data including personal information can you understand the provisions regarding data security what requirements are being imposed on the target company and what requirements is the target company imposing on its vendors are on it and his customers and those be complied with other indemnification provisions is there insurance to deal with the data breach for a cyber security incident of some sort all of those things are something that should be considered from a third-party standpoint next slide please and then understanding what representations and covenants has been made to third parties with respect to the quality of the data or the related products and services and making sure that the acquiring company understands what those risks are and that it feels comfortable with the acquiring company the target company can make those representations has there been any claims against those do they have any concerns associated with those do they have insurance and we'll talk about in terms a little bit to address those that there have been products and services that have been sold using data is there adequate insurance for data quality issues and do the third-party providers do they have the customers the data vendors do they have adequate protection do you have adequate protection from them or does the target company evaluate protection in the event of the quality of the data that's been ingested into the target company is insufficient for the users that they're being used and that's going to be increasingly important again as products and services are developing around real-time decision making and of decision making of increased value and we're going to see that is removing the Internet of Things and machine learning and augmented reality and understanding that and being able to protect against that is going to be important excuse me next slide please then the last component and one that I don't think is necessarily thought of as much as it should be certainly people are looking at data protection cyber security insurance and making sure that the target company is as has those but being able to understand what what the various language is what the exclusion are how courts are looking at some of the cases that are developing and here recently as insurance companies are pushing back against claims for data protection cyber cyber security breaches there's a lot of different levels of issues associated with that and we could do a whole webinar associated with those or out insurance but being able to understand what that is and whether the coverage is adequate and whether the exclusions are sufficient or or overly burdensome are going to be important and then also what if any insurance coverage that does the target company have covering that arise issue liabilities that arise to poor data quality and that's insurance that it has on itself it has a self but also insurance that it may have from it from vendors and then also if there's any insurance obligations that have been put on it by its by its customers as sometimes the case as well so again this is something that in a lot of different type of assets or other different type of risks businesses are very familiar with and work closely on like in my experience is still an emerging area particularly around due diligence and data issues and so it needs to be it needs to be considered now I think that's it all right thank you so much Kevin for joining us today to have any questions for a meeting reach out to his email or phone numbers on the screen and this concludes webinar thank you you