DealLawyers.com Blog

Call me a “Luddite” if you want, but I’m uncomfortable with the idea that my toaster may be telling Google or Vladimir Putin about my Pop-Tart preferences.  Despite my reservations, the market for Internet-connected devices – the “Internet of Things” (IoT) – is growing rapidly.  However, the security & privacy risks of these IoT devices are significant, and those risks are beginning to attract significant attention from state & federal lawmakers.

This Shearman & Sterling memo discusses the explosive growth in the IoT market & developments on the legislative front.  It also highlights key considerations & best practices for evaluating the privacy & security risks of IoT investments. Specific issues that an investor should consider when conducting due diligence on a potential acquisition target include:

– Do the target’s devices incorporate “reasonable security features?”
– How much and what types of data are collected by the target’s devices?
– Do the target’s devices provide reasonable notice to the consumer about the data being collected?
– Is the data collected by the target’s devices shared with any third parties?

The memo goes on to detail best practices in dealing with each of these specific issues that should be factored in to a buyer’s due diligence assessment.

– John Jenkins