The FTC can hold an acquirer responsible for the bad data security and privacy practices of a company that they acquire.  Evaluating a potential target’s data privacy and security practices, however, can be daunting and complicated by the fact that many “data” issues arise months, or years, after a transaction has closed.  For example, the FTC has investigated data security breaches and unlawful data collection practices that occurred years before the company was acquired, and were discovered months after the transaction closed….

duediligence