Protecting Value In Mergers & Acqusitions – Data Disposition

An Interview with John Monk, Data Disposition Expert at Anubian Consulting, Feb 2021

Hi John, I often get asked what exactly is “data disposition”?

The legal definition of disposition is the act of disposing, transferring to the care or possession of another.

Data is one of many things that is disposed of or transferred into the care or possession of another during Merger & Acquisition/ Divestment activities (MA&D). Nearly all companies have their own approach to data management, from those that allow data to be kept indefinitely (a reducing number, but certainly still out there), to those that manage data by design and want to ensure that they keep, or ingest, data for only as long as is relevant for business, fiscal, legal or regulatory purposes.

Why should I be bothered about it?

Success in mergers, acquisitions and divestments works best with few surprises arising around the transfer of assets – which inevitably means the data around those assets needs to be understood and managed effectively. Consider the data involved — intellectual property; product or service specifications; financial, sales and usage history; contracts; marketing campaigns, branding; trials data; data in IT systems/archives; HR records. The list goes on.

It’s an area often not taken seriously enough – and thus often the reason why surprises happen, and why M&A business cases fail.

So data actually becomes highly valuable, a key asset then?

For sure! The value of data is a core part of the MA&D world. Without a clear understanding of the data behind the deal it would be impossible to value the deal and the future benefits of the transaction would be impossible to quantify for either party to the deal. For the seller, understanding how much effort and time it will take to separate data and minimise the risk of IP loss is key: any increase in time takes resource away from the future business, increases costs and reduces the deal benefits.

There must be horror stories then? What do we need to watch out for?

Yep, loads of examples where this isn’t thought about early enough or taken seriously. One I recall was where DD specialists were not engaged at all in due diligence and it turned out that some 40% of the data in the acquisition already existed in the purchaser’s domain – meaning the buyer paid way over the top. Another messy one was where nobody had realised the extent of the mismatch between data dictionaries, and the volume of legacy data there was on non-transferable systems: that was a £2m 2 year surprise, needed to unify data dictionary and data sets. The delay to the integration had a massive negative financial and reputational impact on that one.

Are there different types of data that may be involved and that need treating differently?

Yes — there are 3 major types of data, with multiple subgroups

  • Structured data – this is typically resident on enterprise systems and forming the core of primary information used across all functions in the business. This can be as straightforward as the core finance, manufacturing and distribution systems, through fully customised forecasting systems and fundamental data that forms the value of business itself.
  • Unstructured data includes various data sources including text files, documents, video, audio files, social media, email – the list goes on, and this can be challenging to manage as typically it cannot easily be processed using standard tools and methods. It’s also a crucial area of risk to both the buyer and seller, and where attention needs to be focused and principles clearly agreed.
  • Physical Archives – Describes itself. In a large company this can be thousands of boxes of documents that contain the history of the company and its corporate knowledge, probably housed in multiple sites, and with legal and regulatory requirements governing the duration that it needs to be kept for. This also encompasses sample materials, which might sound a relatively simple area to manage – that is unless you are in a research environment or where hazardous materials are involved. I have even come across environments where precious metals, antiques and items of national heritage have needed to be managed as part of the disposition process.

So what are some of the key steps in managing data disposition projects?

Hmm, big topic! In brief:

  • Scope out data disposition. Understand what data is there, where, how would you move/ extract/ ingest it. Think about data that can be actively deleted before the process starts and also whether there is duplicate data.
  • Then make decisions – what are we going to do with the data, is it yours/mine/shared/ public, can it be separated, are there any special requirements for long term access agreements? The Deal Agreement should be the rulebook in deciding this.
  • Then, thinking about the 3 key types of data covered above:
    • Identification – the first step in any disposition process needs to uncover areas where there are commercially sensitive areas, personal data repositories, any regulatory and legal concerns
    • Set out the principles around data and agree these between the parties of the transaction
    • Ensure that there is a complete understanding of how the processes will work for transfer

That sounds a lot of work. What are some of the key considerations/ pitfalls during the process?

There are many and every deal will have its own considerations. The main aim is to start with a clear view of what you want to get out of the end result and then work with the other party to reach an agreement in detail. Here are some of the areas that you might need to deal with:

  • The mindset that data storage is cheap these days — just keep it all, it’s too hard to sort to out.
    This is not as good an answer as it may appear as it can leave risk, and cause cost and confusion
  • Compliance with data management standards (both parties, local/ national/ international)
  • Not having right data or sharing the wrong data — try to avoid this!
  • Managing all types of unstructured electronic data — e‑mail (attachments), SharePoint data, spreadsheets, to name a few. These can conceal all sorts of interesting surprises and are a primary source of inadvertent loss of IP.
  • Paper records, c: drives, USB devices, PDFs, mobile devices all bring risks and require special attention
  • Confidentiality, Privacy/ personally identifiable information
  • Information Access agreements can be difficult and time consuming to agree and implement. Once they are agreed, managing these beyond the life of the programme requires time and effort.
  • Pre-closing data transfer requests for business continuity – e.g. staff records for payroll
  • Co-mingled data treatment (where data to be transferred is shared with multiple other data sets)
  • Transition Services Agreements and duration of support impacting the timing of data delivery and costs
  • Legacy applications and data – no licences, unreadable data issues
  • Legal retention requirements



I guess buyers and sellers will see things differently?

The key question for the buyer is how can this data be ingested into the organisation and whether the necessary infrastructure in place to manage the data on arrival with the correct level of resource to manage the process. Not having a clear understanding, or not being able to apply the resources to manage this process, increases the deal costs and delays the start of benefit delivery.

The seller will clearly want to complete the process as quickly as possible and move on, but they will want to control their intellectual property and ensure they are compliant with good data management practices. This will require work to analyse the data to be transferred, quarantined/controlled/redacted.

For both parties it can mean an extended period where a business relationship is required when both want to move on and neither party really wants the overhead to exist any longer.

Okay, who should be involved and when?

The business has the people who understand their data, are aware of the technology, and know how to manage the extract/transform/load process. However, they are not usually the right people to lead the overall process and likewise the business data owners, whilst they own the data and can provide insight into the content, do not tend to have the knowledge to lead this type of activity. Given the sensitivity and the investment that any deal included, I would always recommend that there is a dedicated Data Disposition team who can work across the organisation to build the picture, define and develop the approach and plan that works for the organisation & facilitates the creation of firm principles around the treatment and transfer of data to minimise cost, maximise the effectiveness of the transfer and to ensure that this part of the deal is completed successfully.

What are your key recommendations for success?

A lot of my recommendations are really standard good project management practices, applied to data disposition:

  • Have a clear picture of the stages that need to be completed
  • Align principles to the deal agreement
  • Set up governance and clear management
  • Engage stakeholders and appoint functional leads across the business on both sides to reach agreement where there is conflict
  • Have DD engaged with both business and technology teams to act as the conduit and referee between the two
  • Have a very clear DD pathway and communications approach and adhere to this – there will be enough stress across an organisation without adding data questions to the list of problems that need to be resolved
  • A dedicated Data Disposition function adds immediate value, providing clarity and focus around all aspects of data from discovery, through preparation to transfer, understanding how it can be accessed at each stage of the transaction and how it needs to be dispositioned – whether merging data sets, dispositioning out or dispositioning in.
  • Work with IT, IT security, financial, HR, privacy, data management, legal

Lastly — any top tips?

Let me suggest a top five:

  1. Start early and take it seriously. Without a clear understanding of the data, its accessibility and the complexities surrounding the dispositioning it is all too easy to underestimate its value, the costs associated with dispositioning and the length of time it may take to complete all the necessary activities.
  2. Get people who understand data. Sadly it’s one of those unpopular areas in a lot of deals and people want to be involved in more glamourous parts of the deal.
  3. Don’t underestimate the importance of the Discovery phase. It is more detailed than the deal due diligence process. Look everywhere across your organisation because data tends to move over time and appear in unexpected places. DD is an area that people often underestimate: it’s far reaching, it touches all parts of an organisation and it needs sensitivity, strong communications, clear thinking and competence. The impact of getting it wrong is huge — in terms of compliance and in terms of failing to get the value intended.
  4. Agree the data principles jointly with the other party. That does not mean that there will be a win/win in all areas, just that both teams understand what will and will not transfer.
  5. DD is a specialist area and needs to be treated as such if you want to get the deal completed with a clean landing