Mr Chris, some weeks ago, acquired an artificial intelligence company in Nigeria through his company Chritechs Ltd. Chris is proud of his recent acquisition and plans to merge the operations with the mother company.
But, before Chris made the purchase, the Chief Privacy Officer at Chritechs Ltd., in a board meeting, suggested a thorough privacy audit. Chris was too excited about the prospects of buying another company and promised his CPO that the privacy audit would come after the purchase.
The CPO carried out his research. He found out that the company has a reputation for creating products that violate data privacy rights and regulations. Plus, the company has a CEO whose pastime is in using personal information in a willy-nilly manner.
Chris brushes these claims aside. He can’t allow this opportunity to pass. The CPO calls the Chief Financial Officer and paints a picture of lawsuits, reputational damage and financial burden this will place on the company. The CFO supports Chris and argues that a company that can’t be flexible in these present times will only fail.
The CPO resigns. He wants nothing to do with a company that can’t pay attention to the protection of the data of Nigerian citizens or a company that pays little attention to due diligence.
Just after the acquisition, there was a customer complaint about AI Inc. on social media. A customer receives an invitation for a diabetes drug trial. She’s livid. Goes live on Facebook and trashes the company. She only did a onetime online assessment through an app called Xen online Medical. Only that the owner of that medical company is AI Inc. After this first complain, another complaint followed, and another criticism followed, and AI Inc begins to trend on Twitter.
Mr Chris calls for a board meeting. Why is the company getting all this negative attention? He calls the former owner of AI Inc to start asking about the management of personal information. The former owner says he is away on holiday and would answer to their questions when he gets back from holiday and ends the call.
Chris is flummoxed. Every time he checks his Twitter feed, he sees abuses levied against the mother company and the newly acquired company. Because of this new acquisition, people are beginning to question the integrity of his old company. The words of his CPO begin to replay in his head. If he had listened to him, he wouldn’t have been in this mess.
It is often the case of many companies acquiring other companies. They think that financial audit is the most critical audit. In the contemporary business world, privacy plays its role in acquisitions, mergers and divestitures.
The onus is on the acquiring company to ensure there are no existing data privacy risks. Quite often, this would help the acquiring company understand what they are buying and how to mitigate the dangers after the acquisition. Attention must turn to policies that represent the principles of the local data protection regulation. This technology stack provides an organisational and technical measure to protect personal information and, of course, the existing procedures in place to align with the company’s policies.
Chris overlooked these crucial data privacy features before acquisition and paid for his carefree attitude. Entrepreneurs and companies alike need to understand the critical role of data privacy and what features they play in the definition of a business.
