Technology, Data, and Online Services Due Diligence
| Author | Edward Klaris |
| Pages | 355-388 |
355
I. Introduction
For proper intellectual property due diligence, data and online
services must be carefully surveyed. Following the steps in this
chapter will help you avoid value erosion and increase your value
creation opportunities.
The due diligence process for any transaction involving a target
that holds intellectual property (IP) assets should include a review
of the technology assets and information technology (IT) infrastruc-
ture used to host and store those assets. Section II explains the IT
due diligence process, from the identication of key personnel at the
target organization to the surveying of IT systems and the determi-
nation of third-party licensors of software or vendors of IT software.
Section III covers cloud computing services and investigates
why relying on shared computing resources instead of local serv-
ers can help a company avoid large expenditures. It explains how
Chapter
Technology, Data, and
Online Services Due
Diligence
By Edward Klaris*
8
*I would like to thank Cindy Hong, Luke Budiardjo, and Emily Borich for their
remarkable, diligent, and intelligent contributions to the copyright, trademark, and
technology chapters of this book. In particular, Cindy Hong led the writing and re-
searching team, staying on schedule, and drafting and redrafting where appropriate,
all while holding down a rigorous federal clerkship. I am forever grateful to Cindy,
Luke, and Emily for their contributions.
356 CHAPTER 8
to identify the role cloud computing plays in the target’s current
organization of its IT.
Section IV, “Data, Aggregated Data, and Analytics Tools” covers
a range of important issues, as its title suggests. It begins by high-
lighting that the data the target has collected from itsemployees
and customers can be a valuable asset and explains how this data
should be surveyed. Section IV.B then explains what aggregated
data is and how it differs from raw data because of its potential to
be protected by copyright.
Once you have mapped out the target’s data (both raw and
aggregate), you can maximize its potential by doing two things.
First, you can license it. Section IV.B.3 provides a list of terms and
conditions that you should note when reviewing the target’s data
licenses, or when granting new ones. Second, by employing data
analytics—the process of examining data sets to draw conclusions
that will enhance business gain—you can identify patterns of con-
sumer behavior. Section IV explains how to map out the target’s
current use of data analytics.
Finally, Section V covers the policies that a target has, or should,
put in place regarding the collection and protection of data it might
collect online. If the target is involved in payment card processing,
you will nd the Payment Card Industry Data Security Standards
that are reproduced in Section V to be helpful. Section V also sets
out the Federal Trade Commission (FTC) guidelines on the collec-
tion of sensitive personal information, which are applicable to any
company retaining such data. SectionV covers the FTC guidelines
for the collection of information relating to children, website privacy
policies, and California privacy law. California law is highlighted
because any media company conducting business in California must
comply with California’s Online Privacy Protection Act (CalOPPA).
II. Technology Assets and Infrastructure
The due diligence process for any transaction involving a target
company that holds intellectual property assets should include
a review of the technology assets and information technology
Technology Asset s and Infrastructure 357
infrastructure used to host and store those assets. Today, many
due diligence teams tend to overlook information technology
due diligence during transactions, and many senior corporate
and private equity executives claim that this oversight tends to
lead to value erosion and missed value creation opportunities.1 A
thorough understanding of the systems used by both the target
and buyer can help avoid unknown risks and costs and uncover
synergies and potential cost savings that may result from the
elimination of posttransaction redundancies.
The IT due diligence process should begin with the identica-
tion of key personnel at the target organization who have knowl-
edge of the broad framework of IT systems employed within the
organization. The practitioner should seek out a chief informa-
tion ofcer (CIO); chief technology ofcer (CTO); any outside IT,
IP, technology, or privacy counsel; and/or any outside technical
experts.2 After identifying key personnel, the practitioner should
seek to gather all relevant information and documents regarding
the use, maintenance, ownership, security, and ownership status
of these systems.
Ownership of Assets. One of the rst steps in the informa-
tion technology due diligence process is to survey the IT systems
(including both software and hardware) used by the target com-
pany. The buyer/practitioner should request disclosure sched-
ules from the target/seller to identify and locate these systems.
The practitioner should also speak to employees within the tar-
get organization to understand the importance of each system to
the operations of the business. It is crucial to understand not only
which systems the business relies on to manage its intellectual
1. Half of All Businesses Overlook IT Due Diligence in Mergers and Acquisi-
tions,
coMPuterweekly.coM
(12 Mar. 2012, 13:43), http://www.computerweekly.com/
news/2240146667/IT-too-often-overlooked-in-MAs (citing an Ernst & Young survey of
220 senior corporate and private equity executives in Europe that found that only half
conducted separate IT due diligence, and that nearly half of respondents said that
“more detailed IT due diligence could have prevented value erosion”).
2. Jason Haislmaier, Deciphering Due Diligence: Tackling Software and IT Issues
that Can Cripple M&A and Other Corporate Transactions, 57
Prac. law
. no. 1, 2011,
at 19, 21.
To continue reading
Request your trial