Extract from Epiq’s article “How to Remain Data Defensible During Divestitures”
Create a divesture strategy, monitor the portfolio, find a buyer, prepare to separate a portion of the business, close the sale, and oversee the transitionary period. This is the usual flow of events during a divestiture, but one key component cannot be discounted during this process – defensible data segregation. Before getting into why this is a key element of divestitures, let’s break down what it is and why an organization may decide to divest.
A divestiture is when a company sells, exchanges, closes down, or otherwise disposes of part of their operations. This is generally a strategic decision to maintain profits when a certain business unit is not performing as well, is no longer relevant to their core competencies, or becomes redundant due to M&A activity. However, divestitures may also result from bankruptcy proceedings as a way to meet outstanding debts and reorganize the company.
When divesting assets, it is crucial not to forget what information is contained in the data being sold to avoid any legal, regulatory, or contractual violations. Here are two steps organizations should add to their divestiture checklist that can help identify and segregate confidential data defensibly and remain compliant during the process.
1. Don’t Forget the Information Governance Component
When going through a divestiture, the sale will include company data but this does not mean that all the data from that business line should migrate over to the buyer. It is critical to identify and review information prior to migration to avoid disclosure of data that could open the divesting organization up to liability. Advancing defensible information governance processes to identify and segregate data is key and an important part of risk management efforts.