Although every due diligence questionnaire now contains standard questions on privacy and data security, the attention provided to data and technology issues when negotiating and executing mergers, acquisitions and divestitures continues to lag behind the more traditional deal-related diligence considerations. As more PE sponsors realize the value and risks associated with their personal information and business data, they will see that those areas require diligence similar to any other transferable asset. In a guest article, Reed Smith attorneys Therese Craparo and Catherine Castaldo discuss the importance of careful negotiation and future planning and provide five steps for effective privacy and security due diligence, including important contractual provisions to negotiate and customize. See our two part series “Evaluating Privacy and Cybersecurity Risks in Emerging Technology Transactions”: Artificial Intelligence and Education Technology (Sep. 28, 2021); and Biometrics, Financial Technology and Cryptocurrency (Oct. 5, 2021).