CIPP-US - Limits on Private-Sector Collection and Use of Data - Section 2.6
Explain privacy due diligence obligations in mergers, acquisitions, and divestitures, including the assessment of data asset liabilities and transfer mechanisms.
Explain how M&A due diligence must assess a target's data asset liabilities, including past breach exposure, regulatory investigations, and contractual privacy representations and warranties, before a transaction closes. Recognise that FTC guidance expects the acquirer to honour the original privacy promises made to consumers absent affirmative consent for material changes.
M&A due diligenceData asset liabilityFTC guidance on M&APrivacy representations and warranties
More in this domain
Back to all Limits on Private-Sector Collection and Use of Data objectives, or the CIPP-US cert hub.
Examworthy is not affiliated with or endorsed by IAPP. Original, blueprint-aligned practice material only.