Key Data Compliance Questions for Lawyers Taking on M&A Cases

Antitrust discussion in the 2020s has reached a high profile, with well-known companies at the center. Major telecom carriers like Sprint and T-Mobile and large entertainment studios like Disney and the former 20th Century Fox have all been at the forefront of major scrutiny. Most recently, Google has inherited the mantle of most scrutinized tech company for antitrust policy from Microsoft, with a second Department of Justice investigation within a 12 month period.

While it isn’t only Fortune 500 companies which must consider extra scrutiny on mergers and acquisitions, increased activity at the level of the DOJ can set precedent and a general tenor for companies of all sizes. And among the many assets that are under consideration for absorption in a buyout, companies must also consider electronic records, metadata, and the various assets stored on servers and on the cloud.

Entering into the M&A field, firms can develop data strategies to discover and catalog sensitive data ahead of time. To proceed with the vast amount of information in front of them, organizations will need to start with a data mapping procedure, preferably with an experienced partner. This will lay out the amount of work necessary for all involved parties as negotiations and regulatory hurdles are cleared. The ability to protect data that will be necessary for compliance and safely delete data that is redundant will also be crucial.

As the process of organizing data ahead of M&A becomes more digitized, there are several key questions a firm will be challenged to address when considering data in particular. Here are five of the most crucial as defined by our Evolver Legal Services experts:

  • At what stage of the process are Chief Information Officers (CIOs) getting involved? Does each entity in the merger even have the equivalent of a CIO or do they have a less cybersecurity-focused IT structure?
  • Do both entities have the same approach to structuring data? How much structured data and unstructured data will be dealt with?
  • Are there multiple legacy systems involved or have both entities moved on to similar platforms?
  • What are the different approaches to cloud data and dark data – data that is collected, processed, and stored without specific business purpose?
  • Are all sources of cloud data being considered, including social data and cloud communications.


In a growing category of their own are the privacy and security considerations of data from entities entering an M&A agreement. Firms facilitating a merger must have a process for categorizing the legal types of sensitive data and engage with vendors who are intimately familiar with the concept. The ability to speak the language of IT and privacy will also be critical in providing adequate questionnaires to IT departments and determining the extent of prior data breaches.

With the increasing frequency of new technology options, the world of due diligence now includes a consistent approach toward data of all kinds, from intentional business-related data to incidental metadata. Creating a roadmap with an experienced partner that knows which questions to ask early in the process can help streamline even the most complex of mergers. We’ve found that customers and partners tend to think of eDiscovery in the context of litigation. But in a world becoming more reliant on electronic information, it applies here in the world of M&A, as well. 



If your firm or in-house counsel is preparing for M&A or are anticipating an M&A event, contact Evolver Legal Services to learn how we can help identify legacy data, streamline the due diligence process, and provide end-to-end guidance in complying with eDiscovery requirements. You can also learn more about Evolver’s eDiscovery, managed services, and redaction solutions in our services section.