Data rooms are secure physical and virtual locations for the storage of important documents and materials used to conduct due diligence in the purchase of a business. As due diligence involves the inspection of commercially sensitive material, you should have a data room protocol setting out rules and how purchasers can access your data room. Setting out a protocol can reduce risk when providing access to commercially sensitive documents, reduce cost and save you time. We’ll look at why it might be important to have rules and briefly revisit what types of rules you should consider.

Physical Data Rooms

Physical data rooms are rooms in the vendor’s offices where documents relevant to due diligence are categorically stored so that the purchaser or purchaser’s professional advisers can access them.

Should you have the room open 24/7? Only if you want to, and you’re willing to pay the cost of having it open! If not, set out clear rules about when the data room will be open. Stating your data room’s opening times means reducing the number of repetitive queries and allows you to organise a staff member or guard to supervise access, and prevent theft or copying of documents. 

It’s also prudent to have someone monitor the room as theft, copying or marking up documents could expose you to liability. For example, an unscrupulous purchaser could mark up financial documents to, after settlement, allege that you’ve interfered with the numbers and must pay compensation. Not a pretty picture and one which highlights the importance of having the data room supervised.

Supervision is also important for following OH&S requirements – you don’t want to be suddenly liable for the purchaser’s staff getting paper cuts!

Virtual Data Rooms

Virtual data rooms (VDR) intrinsically don’t have the same issues with opening and closing times although access remains an issue. For example, you need to ensure that your VDR provider allows the material’s secure storage. Also, you need to set out a clear protocol that only people specified on an ‘access list’ can be admitted. Your protocol should also state that only people on this list can access links.

Questions Asked 

Have you ever sold a business? If you have, you have likely had to answer a barrage of questions such as how old are the tables and chairs? How much is electricity per month? When does the licence expire?

The purchaser is legitimately permitted to ask questions during due diligence, but it can be taxing fielding them all, and there are ways to ensure that the questions asked are relevant and get to the point. You can specify in your protocol that purchaser should specify whether the question has a high or low priority so you can choose whether to take time out of the working day to answer.

Key Takeaways

Setting out a protocol for access to your data room can minimise costs as you don’t have to pay for a supervisor to be present at all times for a physical data room. It can address liability if a purchaser marks up or copies a document in the data room without your permission. You can also reduce the number of questions you deal with, by setting out that questions should be relevant and specified with a high or low priority level. Finally, you should also speak with a commercial lawyer about have a disclaimer or protocol drafted to protect your data room. Questions? Get in touch on 1300 544 755. 

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.
Chloe Sevil

Get a Free Quote Now

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

  • We will be in touch shortly with a quote. By submitting this form, you agree to receive emails from LegalVision and can unsubscribe at any time. See our full Privacy Policy.
  • This field is for validation purposes and should be left unchanged.

Privacy Policy Snapshot

We collect and store information about you. Let us explain why we do this.

What information do you collect?

We collect a range of data about you, including your contact details, legal issues and data on how you use our website.

How do you collect information?

We collect information over the phone, by email and through our website.

What do you do with this information?

We store and use your information to deliver you better legal services. This mostly involves communicating with you, marketing to you and occasionally sharing your information with our partners.

How do I contact you?

You can always see what data you’ve stored with us.

Questions, comments or complaints? Reach out on 1300 544 755 or email us at

View Privacy Policy