- 3 Guidelines to Maximize Value of Data
- November 15, 2016 | Author: Cynthia J. Larose
- Law Firm: Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. - Boston Office
Imagine you are the CEO of company sitting across from an interviewer. The interviewer asks you the age old question, “So tell me about your company’s strengths and weaknesses?” You start thinking about your competitive advantages that distinguish you from competitors. You decide to talk about how you know your customers better than the competition, including who they are, what they need, and how your products and services fit their needs and desires. The interviewer, being somewhat cynical, asks “Aren’t you worried about the liabilities involved with collecting all that data?”
In honor of National Cyber Security Awareness Month, we at Mintz Levin wanted to take the chance to remind our readers of data’s value as an asset and the associated liabilities that stem from its collection and use, as well as provide guidelines for maximizing its value and minimizing its liabilities.
Data’s Value as an Asset
More than ever before, data is now recognized as an asset in corporate transactions. This year, Unilever PLC was widely reported to have paid $1 billion in cash for Dollar Shave Club, a mail-order service that ships customers disposable razors. While four year old Dollar Shave Club is not profitable, Kees Kruythoff, president of Unilever North America, credit the purchase with providing Unilever “unique consumer and data insights.” According to some, the transaction “would represent the largest multiple for a e-commerce startup in history.”
However, don’t think that data is only a value driver for stratospheric M&A valuations. It can also form a significant portion of the remaining value of a company during the bankruptcy process. During its bankruptcy proceeding, RadioShack sold its brand name and customer data for about $26 million, with the winning bidder receiving names and addresses for 67 million former customers. Similarly, in the Sports Authority bankruptcy proceeding, Dick’s Sporting Goods paid $15 million for “intellectual property, including the Sports Authority name, its e-commerce site and about 114 million customers’ files and 25 million email addresses.”
Data Collection and Use Can Create Avoidable Liabilities
Unfortunately, the collection, storage, and use of data will in most cases create liabilities as well. Consider the flip side of the M&A context, where we have just seen data can be a key driver of value. Verizon had agreed to buy Yahoo for $4.8 billion; however after a serious data breach affecting at least 500 million uses was disclosed by Yahoo, it is now reportedly seeking a $1 billion reduction in the purchase price.
Numerous other potential liabilities exist as well. For example, California requires that businesses that “own or license” personal information concerning a California resident are required to “implement and maintain reasonable security procedures and practices . . . to protect the personal information from unauthorized access, destruction, use modification, or disclosure.” Massachusetts has its own data security requirements for those who “who own or license personal information about a resident of the Commonwealth of Massachusetts.” There are numerous other contract issues, as well state and federal regulations, that can come into play based on the specific situation.
Three Guidelines to Maximize the Value of your Data
While every company’s situation is different, this section provides three basic guidelines companies can use to maximize the value of the data collected by the company. It’s useful to keep in mind that companies should approach maximizing the value of their data by both taking steps to increase its value as an asset as well as reduce the liabilities that its collection, use, and transfer may create. Implementation of these strategies will often require complicated legal analysis, so companies may find it helpful to contact a qualified professional.
- Understand what data is coming into the company and from where
- Discuss with senior stakeholders the intended purpose(s) of the data and ensure that the purpose(s) are supported by appropriate legal agreements and permissible under applicable laws
- Ensure that appropriate security measures are in place based on business risk to the organization taking into account applicable legal requirements