In today’s fast-paced, information-driven society, the economic value of personal information and data has soared and is driving the need for the enhanced protection of personal information.
Over the past several years, many countries and jurisdictions have responded to this by enacting data protection regulations, either comprehensive or industry-specific, and stricter regulations to protect personal information have become the global trend. Along with these stricter regulations have come more punitive penalties and the increased risk of reputational damage for violations of these regulations and data breach incidents causing companies in Japan to focus on, and even change, the ways they handle personal information.
Changes in the handling of personal information are very relevant to M&A transactions. Although it used to be an afterthought, compliance with privacy regulations has become one of the key focus areas in the due diligence phase of an M&A transaction, especially in the case of an acquisition of a company that processes large amounts of customer information or sensitive information or a company providing services with online payment capabilities. It has become increasingly important to have a good understanding of data privacy regulations applicable to a target company, to conduct efficient data privacy due diligence to discover material issues and to appropriately address any such issues.
This article aims to provide an overview of the primary law affecting the handling of personal information in Japan, the Act on Protection of Personal Information of Japan (APPI) and discusses the key points in data privacy due diligence and how to address issues found during due diligence through negotiation and the documentation process.
Click here to read more.