Although questionnaire-based due diligence has its place in mergers and acquisitions, this traditional approach may overlook important risks associated with a target company’s privacy and security practices. In-house and outside counsel examined the shortcomings of the traditional approach and explained how companies can fine-tune their due diligence to focus on the most relevant risks at a recent Davis Wright Tremaine seminar. This article synthesizes their insights. See “How to Conduct Effective Privacy and Data Security Diligence to Assure Value Realization in Mergers, Acquisitions and Divestitures” (Oct. 27, 2021); and “Privacy and Cyber Due Diligence in M&A Transactions” (Mar. 11, 2020).