Due diligence on cybersecurity and privacy has become much more important in merger and acquisition (M&A) negotiations over the last 10 years. The days of presuming that only businesses involved in technology and innovation are affected by privacy and cybersecurity legislation are long gone. These days, data privacy and security laws in the US and other countries may apply to any firm that gathers personal data about its consumers, clients, workers, business representatives, and users even if that data is as basic as name, login, age, and password. In some M&A deals, a seller's adherence to existing data privacy and security standards can be crucial, and in some cases, a deal-breaker. This is particularly true when the seller's gathered personal data is one of the primary assets being sought after by a possible purchase.