You, the business owners, have just signed a “Letter of Intent” to sell your business for $10,000,000, “subject to buyer’s due diligence”. Before you start making retirement plans, let’s determine what that means.
The buyer will require copies of all your accounting and financial records, as well as all agreements and written contracts with your vendors, customers, employees and others with whom you do business. The buyer will forward you a rather lengthy list of items they require. Then, if something does not meet with their satisfaction, they may either terminate the potential transaction, or demand a reduction in the purchase price.
How can you, as the seller, prepare the business so that there are no “surprises”?
Many business owners may come to the point where they feel it is time to sell their business and “take it easy”. Having built and operated a successful business for decades, most owners are very knowledgeable about all aspects of their business. However, most owners have never before acquired or sold a business.
Selling a business is a process. Prior to finding a buyer, the seller should conduct its own due diligence. The seller, together with its legal, accounting, and other advisers, considers the following:
• Whether all organization documents are up to date, such as Articles of Organization, Bylaws (or operating agreement), minutes, and ownership records;
• Whether “key employees” are bound by appropriate confidentiality and non-compete agreements;
• What agreements are in place with key suppliers and key customers;
• Whether employee records are up to date;
• Whether there is a union;
• Whether there are any existing or potential claims against the business;
• Whether the lease for the business premises is satisfactory, and the condition of the business premises;
• Whether there are any environmental issues;
• What obligations the business will have after it is sold;
• Whether there are any issues with accounts receivable or accounts payable; and
• Whether there are any licensing or permit issues.
The foregoing items are just examples of some of the things a seller should be examining before entertaining offers to purchase a business. It is better that the seller recognizes any issues affecting the business before a buyer points them out (and asks for a reduction in the price).
Levin Ginsburg regularly represents both sellers and buyers of businesses. We have developed detailed “due diligence” checklists to help sellers and buyers navigate the sale process. If you would like to discuss a sale or purchase of a business, please contact Morris Saunders or any of our partners in our mergers and acquisitions practice.
While most businesses are aware, a surprisingly small number report that they will be ready to comply with the California Consumer Privacy Act (“CCPA”), when it officially takes effect on January 1, 2020.
The CCPA was first signed into law in September 2018. Often touted as “GDPR Lite” or “GDPR 2.0” because of its similarity to the European regulation, CCPA’s key provisions are summarized as follows:
- Right To Be Forgotten: Upon a consumer’s request, a business subject to CCPA will be required to delete a consumer’s personal information.
- Right To Be Informed: Upon a consumer’s request, a business subject to CCPA that sells consumer personal information will be required to disclose the categories of information it collects and identify third parties to whom the information was disclosed or sold.
- Right To Opt Out: Upon a consumer’s request, a business subject to CCPA will be required to provide the consumer with the ability to prevent the business from selling the consumer’s personal information.
- Right of Non-Discrimination: If a consumer requests that a business not sell his/her personal information, the business is precluded from charging the consumer a higher price for goods or services, or providing the consumer a lower quality good or service, except if the difference is reasonably related to the value provided by the consumer’s data.
Since the CCPA was passed, it has already undergone changes, in September, 2018, and again on February 25, 2019, with the introduction of California Senate Bill 561 (“561”). While some changes were merely cosmetic, fixing errors, etc., the substantive changes aimed to clarify and strengthen the law. For example, 561’s amendments:
- Expand the consumer’s right to bring an action for damages: Previously, the CCPA allowed a consumer to bring suit for damages against the business if the business failed to maintain reasonable security protocols for non-encrypted, non-redacted personal information that resulted in unauthorized access, identity theft, or other disclosure. Now, instead of just the narrow, breach situation, consumers may bring a private right of action against a business by merely claiming that his/her rights under the CCPA were violated, in presumably any manner. Damages in these types of suits are statutory and a Plaintiff may recover up to $750 per incident. Additionally, since claims may be pursued on a class-action basis, this change is of critical importance.
- Delete a business’s ability to seek guidance from the Attorney General as to how to comply with the CCPA. In its place, the amendment adds language that the “Attorney General may publish materials” that may assist a business in compliance.
561, while a start, does not clarify all ambiguities in the CCPA. For example, language such as “households” remains vague as to whether it means consumers, or a combination thereof. Also, while the language of “consumers” and “businesses”, and other evidence seem to suggest that the CCPA was not intended to include “employers” vis-à-vis their “employees”, nowhere in the text does it clarify the same. If an amendment did indicate that the CCPA applied to employers and their employees, businesses in California would have to implement stringent security safeguards, as data breaches often involve divulgence of employees’ personal information. Therefore, while 561 provides the initial amendments, the CCPA likely will see further amendments prior to its January 1, 2020 launch
In conclusion, businesses subject to CCPA should begin to take steps toward compliance now. Data mapping, updating policies, developing teams, increasing security measures and other activities that will be required for compliance take time to implement. Businesses with questions as to whether it is subject to CCPA, or what steps to take, should contact a privacy attorney.
For further information regarding this topic, please contact:
Natalie A. Remien at firstname.lastname@example.org or 312-368-0100.