Article
Separating unstructured data in M&A transactions can be a big deal
Unstructured data separation offers several significant challenges, for example: volume and complexity of data, unclear data ownership, data privacy and security rules, regulatory requirements, resource availability, and interconnection with systems and processes. A well-defined strategy and a structured approach embedded in the IT separation programme increase confidence that data is identified and separated appropriately, improve efficiency of the process, and ultimately lead to a greater deal value for both sides of the transaction.
Data and information management systems are one of the core business assets involved in business disposals and carve-outs. Separating data is a necessary step to ensure business continuity of a divested unit, as well as to protect the confidentiality of sensitive information of both retained and divested entities. Product specification drawings, customer feedback, client support calls recorded as audio or video files, product images or sensors data acquired from various production lines are just a few examples of unstructured data that could be involved. In parallel, structured data such as financial data, procurement data and employee records are also subject to separation.
Often the data is not stored within applications or systems, but rather in various collaboration/communication platforms, network drive folders and emails. These are platforms built for ease of use, but not necessarily for ease of data management.
M&A teams often underestimate the challenge of data separation. Ensuring that the divested business has the data required for business continuity from Day 1 (transaction closing) while the retained business retains its intellectual property and that the risk of data leakage is minimised, are major tasks and a complex aspect of IT separation.
Other factors add layers of difficulty to the time-consuming and laborious task of separating unstructured data, although they are usually not seen as critical compared to other priorities in the carve-out:
- There may be uncertainty about the definition and categorisation of ownership of data
- Commercially sensitive and regulatory sensitive data may require appropriate controls, in compliance with applicable regulatory and corporate-specific requirements
- Unstructured data stored in multiple decentralised locations may be difficult to identify, creating a data security risk
- Human error by those who are ultimately responsible for classifying and separating data. While automated workflow, assisted by the latest technology advancements, can provide the data owners with the required data points to assess the final ownership, human judgement is still required for final decision.
How to approach the separation of unstructured data in carve-outs?
A holistic approach that considers the impact of data separation on both the seller and the buyer will help to identify complexities, design solutions and prioritise actions in line with required control and compliance frameworks.
Useful steps to consider are: (1) understanding the business needs of the parties on both sides of the transition and the key data requirements; (2) creating a plan aligned with various phases of other workstreams of the separation programme that considers the use of customised technology; (3) performing and monitoring the planned activities; and (4) obtaining end user validation.
From the start of a carve-out, elements worth to be considered encompass: the data to be included within the transaction perimetre, how much of the data is shared between the parties (i.e. it is not possible to assign a clear ownership between the two organisations), and how data is stored and accessed.
This may typically involve:
- Defining the areas and scope of the data to be separated
- Defining the governance of the work stream for data separation (progress monitoring, escalation, support, etc.)
- Extracting and inventorying data from central sources, and filtering it to obtain data within the scope for separation
- Confirming the source of data and complementing it with data not inventoried centrally
- Categorising the data-by-data usage type and data sensitivity
The aim is to identify the key activities for moving data in a way that is efficient, reliable, compliant, and cost-effective.
Main steps are:
- Selecting practical data separation methodologies and tools, based on the separation proposal and data item type
- Defining the activities, timeline and cost for the data separation
- Ensuring approval of data separation activities (including budget and resources)
- Determining and committing resources to execute the data separation
Acting on plans in accordance with dependencies identified by various workstreams of the separation programme and providing an appropriate governance protocol to identify and mitigate risks and issues.
Usual factors are:
- Implementing the data separation activities
- Monitoring progress and provide escalation procedures for the implementation
The data separation process can be considered completed on collection of end-user validation, in compliance with corporate and government policies.
Key steps encompass:
- Ensuring that all in-scope data items are separated, available and validated by the NewCo-users
- Ensuring all out-of-scope data is removed
- Ensuring that business continuity with protected data and relevant controls are in place
Conclusion
A well-planned and executed strategy, coupled with the right tools and resources, can help tackle the multiple challenges of unstructured data separation and ensure a smooth and efficient IT separation process. This can help minimise risks, maintain the integrity of information, contribute to the overall success of the carve-out, and maximise the deal value for both sides of the transaction.
If you would like to find out more about data separation as part of your M&A strategy, please get in touch with us.
Deloitte has dedicated technology M&A and due diligence teams in a number of locations, with unrivalled experience in deal preparation and execution, as well as in IT assessments. Our M&A Technology practice is a worldwide leader and the largest in Switzerland.
Regarding automated tools that can be helpful in the identification and classification of unstructured data mentioned above Deloitte Forensic in Switzerland offers advanced capabilities for analysing vast amounts of unstructured data in a cost-effective way, compliant with external scrutiny and aimed at establishing a robust, repeatable process. For additional information, please refer to Forensic Technology.
Notes
1 Gartner – “Organizations Will Need to Tackle Three Challenges to Curb Unstructured Data Glut and Neglect”