How to Remain Data Defensible During Divestitures
- Regulatory & Compliance
- 3 Mins
Create a divesture strategy, monitor the portfolio, find a buyer, prepare to separate a portion of the business, close the sale, and oversee the transitionary period. This is the usual flow of events during a divestiture, but one key component cannot be discounted during this process – defensible data segregation. Before getting into why this is a key element of divestitures, let’s break down what it is and why an organisation may decide to divest.
A divestiture is when a company sells, exchanges, closes down, or otherwise disposes of part of their operations. This is generally a strategic decision to maintain profits when a certain business unit is not performing as well, is no longer relevant to their core competencies, or becomes redundant due to Mergers and Acquisitions (M&A) activity. However, divestitures may also result from bankruptcy proceedings as a way to meet outstanding debts and reorganise the company.
When divesting assets, it is crucial not to forget what information is contained in the data being sold to avoid any legal, regulatory, or contractual violations. Here are two steps organisations should add to their divestiture checklist that can help identify and segregate confidential data defensibly and remain compliant during the process.
1. Don’t Forget the Information Governance Component
When going through a divestiture, the sale will include company data but this does not mean that all the data from that business line should migrate over to the buyer. It is critical to identify and review information prior to migration to avoid disclosure of data that could open the divesting organisation up to liability. Advancing defensible information governance processes to identify and segregate data is key and an important part of risk management efforts.
There are several reasons to have a defensible data strategy. This includes avoiding disclosure of information that would violate a law or regulation, such as privacy obligations. Organisations will also have clauses protecting confidential information in their contracts, settlement agreements, and other legal documents. Lastly, there may be proprietary information and trade secrets comingled internally that could be accidentally divulged during a divestiture if the organisation fails to perform due diligence or establish strong information governance procedures.
A data-driven information governance strategy will not only help safeguard sensitive data, but also establish ownership, limit the risk of breached information during transfer, and keep operations running smoothly. This can be tough with larger organisations that do not have their data in order, as information inevitably becomes comingled. Facing divestiture deadlines on top of this can render it hard to efficiently transfer the right information out, maintain ownership over the data that needs to remain with the divesting company, and effectively close down a business line. This is where outside expertise is valuable.
2. Seek Help from the Experts
A partner with the resources to implement robust information governance and data security practices that has divestiture experience is the key to a smooth transaction. A provider can help organisations get their houses in order as a proactive measure. Having clear retention and storage policies, data mapping, records management tools, and segregated systems are solid options to explore.
Once the divestiture process begins, that partnership will already be established to tap into quickly. Approaching data segregation in the following manner can reduce the risk of exposing trade secrets or other confidential information during the process.
- Apply exclusions to confidential and sensitive data types
- Identify inclusionary data related to the divested entity
- Review all necessary data in place prior to migration
A provider that understands the organisation’s systems and information governance practices can implement these steps and segregate data more efficiently. Another plus is when the data can remain in the organization’s systems whether it lives in the cloud or on-premise. This eliminates additional costs for searching, analysing, and reviewing data.
For example, many organizations use Microsoft products to chat with colleagues, hold meetings, create documents, and much more. There is a high chance data that needs to be segregated prior to divestiture will live in this environment. Having a provider that can leverage a tool such as Microsoft Purview will help fulfil divestiture requirements without incurring any external storage fees and keep all sensitive data within their internal Microsoft system. This is a prime example of how having the right external advisors with expertise and access to the right tech can make all the difference.
Before moving forward with a divestiture, organisations should be thinking about their data. Failing to be thorough risks disclosure of confidential information. This can lead to unhappy clients, legal liability, data breaches, operational interruption, and reputational harm. Prioritising information governance and collaborating with outside expertise will foster effective transactions and keep data where it needs to live. Having the same provider to turn to not only for a divestiture but for long-term information governance strategies will ensure that organisations are handling their data in the most efficient and risk-conscious manner.
The contents of this article are intended to convey general information only and not to provide legal advice or opinions.