Data Protection issues on the transfer of a business

The sale of any business will almost certainly involve the sharing or accessing of personal information relating to employees. The protection of such personal data needs to be factored in at the beginning of any set of discussions concerning the sale of any business.

The following constitutes a brief set of guidelines that have been issued by the Office of the Data Protection Commissioner:

• Access to and processing of employee information in the target entity should be covered by a suitable confidentiality agreement.
• Ensure as far as is practicable that any information that is handed over to the proposed acquiring party is anonymised.
• Do not disclose individual sickness records. Aggregate the data relating to absence levels.
• Prior to completion personal data should not be handed over without a binding agreement that this information will only be used to evaluate the assets and liabilities of the target entity, that it will be treated in confidence and that it will be kept safe and returned after use.
• Tell the employees that employment records are to be disclosed prior to completion of the merger or the acquisition and on completion the extent to which their employment records have transferred to the purchasing entity.
• Sensitive personal data cannot be disclosed unless one of the permitting circumstances provided for in the legislation applies.
• Remember that if it proposed to transfer personal information about employee outside of the EEA there must be a proper basis for making such a transfer.

For further information please contact:
Patrick Ryan at pryan@kilroys.ie

© Kilroys Solicitors March 2006