Don’t acquire a “Data Lemon”. A “Data Lemon” in short is when the buyer doesn’t know the state or quality of a database (or company) when purchasing.
A great example of this was when Marriott International acquired Starwood in 2016 for $13.6 billion, neither company was aware of a cyber-attack on Starwood’s reservation system that dated back to 2014. The breach, which exposed the sensitive personal data of nearly 500 million Starwood customers.
Marriott isn’t the only company in this situation. In 2017, Verizon discounted its original $4.8 billion purchase price of Yahoo by $350 million after it learned — post-acquisition — of the latter’s data breach exposures.
As a purchaser, if you don’t protect yourself against acquiring a data lemon and make sure you check on your targets data privacy and security compliance, you are putting yourself at risk and increasing the opportunity of a breach. Not only does this result in a loss of trust and toll on your brand but you will also get all the government penalties that go along with it.
So what should you do about data lemons?
The best path is always to try and identify any potential data breaches and cybersecurity risks before you acquire the company.