Protecting Assets and Privacy: Data Security During IT Insolvency

When an IT company faces financial distress, the spotlight usually falls on tangible assets, creditor demands, and restructuring plans. Yet, the most critical and vulnerable resource, data, often becomes an afterthought. Failing to manage data security during IT insolvency is not just a compliance issue; it is a profound reputational and legal risk that can either safeguard or destroy any chance of future recovery.

Imagine a business built on innovation suddenly losing its most valuable asset, its data, because of a financial collapse. This is not a hypothetical scenario. According to a 2024 PwC survey, nearly 68% of distressed IT companies reported data leakage risks during insolvency proceedings. The global average cost of a data breach has soared to over $4.45 million, as per a 2023 IBM report, making data security during IT insolvency a frontline survival strategy. This is a critical issue that business leaders must address proactively, not only to protect their own assets but also to safeguard client and employee information.

The Hidden Business Challenge Data Security During IT Insolvency

IT insolvency creates a unique and complex dilemma. Unlike physical assets, data does not instantly lose value. In fact, sensitive client information, trade secrets, and intellectual property often increase in sensitivity when left unmanaged. The pressure to liquidate assets to repay creditors often clashes directly with the legal and ethical need to protect personal data. This tension is particularly high when dealing with overlapping regulatory regimes such as GDPR compliance, India’s DPDP Act, and the IBC process in India.

The IBC process, designed to maximise asset value, does not explicitly address data as a monetisable asset, creating an ambiguity that complicates data security during IT insolvency. For example, when Jet Airways entered insolvency in 2019, its JetPrivilege database containing personal data of 18 million loyalty members was marketed as a key asset. The resolution professional faced a difficult choice: monetise the data to repay creditors or comply with emerging privacy norms, risking devaluation of the estate. These real-world challenges prove that protecting data security during IT insolvency is about striking a delicate balance.

Key Risks of Data Security During IT Insolvency

Compliance Exposure: Failure to maintain GDPR compliance during insolvency can result in penalties of up to €20 million or 4% of annual global turnover. Similarly, India’s DPDP Act mandates strict obligations on “data fiduciaries,” even when a company ceases operations, with penalties up to ₹250 crore. A 2023 PwC India study found that only 41% of Indian enterprises specify data principal rights, highlighting widespread compliance gaps that are magnified during a financial crisis.

Operational Disruption and Cyberattacks: Unsecured servers, unpaid cloud subscriptions, and abandoned IT infrastructure increase the risk of cyberattacks. A Deloitte report highlights that cyber incidents rise by 35% when companies enter insolvency, primarily due to reduced IT monitoring and loss of key personnel.

Reputation and Client Trust: A data breach during insolvency, like the 2018 Cambridge Analytica scandal, can erode trust. A KPMG case study showed that a fintech startup lost 70% of its restructuring bids after a major breach exposed customer financial data. Protecting data security during IT insolvency is crucial for preserving reputation and maintaining client relationships.

Legal Liabilities for Leadership: Resolution professionals and company directors risk personal liability for non-compliance with privacy laws. In the UK, for instance, insolvency practitioners have faced scrutiny for mishandling data subject access requests, demonstrating the high stakes involved.

Strategic Approaches for Data Security During IT Insolvency

• Prioritise Data Governance Early
  Boards must treat data as a top-tier asset, not an afterthought. Establish a “data security trustee” at the onset of insolvency proceedings to oversee all protection measures. This ensures compliance with GDPR compliance, DPDP Act, and IBC process guidelines. A 2024 analysis by McKinsey suggested that companies that proactively manage data security during IT insolvency can reduce the risk of a breach by up to 40%.
• Secure Infrastructure Immediately
  Shut down dormant systems, enforce data encryption, and renegotiate temporary cloud or vendor contracts. A Statista report showed that 74% of IT insolvency cases in 2023 that invested in emergency cybersecurity controls reduced breach risks by half. Restrict data access and use zero-trust frameworks to mitigate breaches. The EU’s cybersecurity agency ENISA endorsed using synthetic data generation, creating anonymised datasets to mimic real user behaviour, which allows resolution professionals to showcase data value without breaching privacy.
• Collaborate with Regulators and Courts
  Under the IBC process, insolvency professionals are legally responsible for safeguarding data. Proactively coordinating with regulators ensures reduced penalties and enhances the chances of a smoother restructuring or asset sale. For instance, in the UK, Thomas Cook’s 2019 collapse saw GDPR restrictions block the sale of customer data, highlighting the need for clear protocols. The key is to be transparent and communicate your data handling processes to creditors and data subjects to build trust and avoid legal challenges.

Expert Insight: A Frontline Survival Strategy

“Data is no longer just an asset; it is a liability if mishandled during insolvency,” says Priya Sharma, a seasoned data protection consultant. “Resolution professionals must balance creditor demands with privacy laws to avoid catastrophic fallout. Companies that integrate data governance into their insolvency plans not only protect stakeholders but also preserve enterprise value for buyers and creditors.”

Forward-Looking Perspective: Data as a Recoverable Asset

As insolvency frameworks evolve, courts are increasingly recognising data as an intangible but monetisable asset. McKinsey projects that data-driven assets could account for 15–20% of total recoveries in distressed IT companies by 2030. This shift will push insolvency professionals, investors, and regulators to adopt stricter controls around data handling. Emerging trends also include AI-driven compliance tools for data mapping and anonymisation, as well as the potential for licensed “insolvency data trustees” who can ethically manage datasets. This new era demands a focus on responsible data management.

Actionable Recommendations for Business Leaders

• Audit all digital assets at the onset of IT insolvency.
• Assign a data security custodian aligned with GDPR compliance and DPDP Act requirements.
• Use encryption and zero-trust frameworks to mitigate breaches.
• Engage regulators proactively to avoid fines and preserve reputation.
• Treat client trust as a recoverable asset, not just a legal liability.

Ultimately, protecting data security during IT insolvency is a strategic imperative that impacts legal compliance, brand trust, and financial recovery. Companies that act decisively can transform risk into resilience, safeguarding both creditors’ interests and long-term enterprise value. The future belongs to those who see data not just as an asset but as a responsibility, one that, when handled wisely, can turn a crisis into an opportunity.

Conclusion

A New Era of Responsible Data ManagementThe intersection of data security during IT insolvency, GDPR compliance, DPDP Act requirements, and the IBC process demands a delicate balance. As data becomes a cornerstone of corporate value, businesses must prioritise ethical management to protect stakeholders and maintain trust. The future belongs to companies that see data not just as an asset but as a responsibility one that, when handled wisely, can turn a crisis into an opportunity.

About LawCrust

LawCrust Global Consulting Ltd. delivers cutting-edge Hybrid Consulting Solutions in Management, Finance, Technology, and Legal Consulting to ambitious businesses worldwide. Recognised for our cross-functional expertise and hybrid consulting approach, we empower startups, SMEs, and enterprises to scale efficiently, innovate boldly, and navigate complexity with confidence. Our services span key areas such as Investment Banking, Fundraising, Mergers & Acquisitions, Private Placement, and Debt Restructuring & Transformation, positioning us as a strategic partner for growth and resilience. With an integrated consulting model, fixed-cost engagements, and a virtual delivery framework, we make business transformation accessible, agile, and impactful.

For expert legal help, please contact us:

• Email: inquiry@lawcrustbusiness.com