Although every due diligence questionnaire now contains standard questions on privacy and data security, the attention provided to data and technology issues in negotiating and executing mergers, acquisitions and divestitures continues to lag behind the more traditional deal-related diligence considerations. As more organizations realize the value and risks associated with their personal information and business data, they will see that these areas require diligence similar to any other transferable asset. In this guest article, Reed Smith attorneys Therese Craparo and Catherine Castaldo discuss the importance of careful negotiation and future planning and provide five steps for effective privacy and security due diligence, including important contract provisions to negotiate and customize. See “Privacy and Cyber Due Diligence in M&A Transactions” (Mar. 11, 2020).