Data rooms are used to conveniently group together bundles of documents relevant to the sale of a business. Because data rooms often contain commercially sensitive information, it’s important to have a protocol governing the terms on which the purchaser receives access. Having a protocol can also save you time and money and ensure the relationship between vendor and purchaser is transparent. This article outlines the key concepts to address in a data room protocol.
What is a Data Room Protocol?
A data room protocol sets out the rules by which a party gains access to a data room. The protocol should set out:
- what information is being shared;
- why it is being shared; and
- how it is being shared.
The Purpose of the Protocol
Much like setting out recitals at the start of a contract or the ‘scope of work’ for services, the protocol should clearly outline the data room’s purpose and the protocol. This ensures both vendor and purchaser are ‘on the same page’. Furthermore, both parties know what to expect when they begin the discovery process.
Continue reading this article below the formAccess to the Data Room
Consider whether your data room will be physical or virtual. If you have a physical data room, it is important to set out access times. Similarly, the security of the access links you send is paramount if you have a virtual data room.
Setting out access times ensures a purchaser doesn’t harbour unrealistic expectations of 24/7 access to a physical data room. You can also set out that you may refuse requests for access outside the specified access times. Having set times will also enable you to organise security for the data room if needed.
It is also important to specify what activities are permitted in the data room. It is market practice to allow the purchaser to take notes and use their laptops or phones. You should make it clear that the purchaser cannot remove, mark, modify, damage or destroy any due diligence materials. For example, you do not want to be in a situation where an unscrupulous purchaser marks or removes materials, and then later accuses you of tinkering with your financials.
If you have a virtual data room, whilst you do not need to specify the times it will be open, you may still want to set parameters around access. For example, your protocol should limit access to specific people as agreed between the parties. It should also state what obligations these users have to secure the data room. If there are any passwords or other keys you require to enter the virtual data room, these should be provided in the protocol as well.
Specify the Due Diligence Materials
Your protocol should clearly set out what documents you are making available in the due diligence materials. This will ensure that both parties understand exactly what they have access to. Moreover, neither party has expectations of receiving anything beyond the agreed documents. More importantly, it will make it easier to ensure that any confidentiality clause drafted into the protocol covers all the material being shared.

When you are ready to sell your business and begin the next chapter, it is important to understand the moving parts that will impact a successful sale.
This How to Sell Your Business Guide covers all the essential topics you need to know about selling your business.
Confidentiality
Successful businesses have winning formulas. This may be literal as in the case of Kentucky Fried Chicken’s ’11 herbs & spices’. Alternatively, it may be figurative. A winning formula is what makes a business an attractive potential target. Suppose you provide commercially sensitive information to a purchaser in a data room. At the very least, you should outline confidentiality clauses in your data room protocol. Preferably, you should have your lawyer draft a mutual non-disclosure agreement that both the vendor and purchaser sign to supplement the data room protocols. Whichever option you choose, your protocol needs to include a broad definition of confidential information to capture all information shared as part of the due diligence materials. It also needs to set out what confidentiality obligations the other party must observe. Furthermore, it should specify to who the other party can disclose this confidential information if anybody.
You should also consider whether the confidentiality obligations extend to any communications outside the data room. For example, any responses to questions provided to the other party, or any presentations, whether via email, verbal or otherwise.
Key Takeaways
Setting out a protocol for your data room puts you and the purchaser on the same page, creating a transparent relationship. Ensuring that the purchaser understands the terms on which you will permit access to the data room is likely to make the business purchase process smoother and easier to handle, causing you less stress and using up less time. It’s prudent to first speak with your lawyer about what concepts you should include and ensure the protocol is relevant to your business purchase.
If you need help with non-disclosure agreements, our experienced sale of business lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 1300 544 755 or visit our membership page.
Frequently Asked Questions
A data room protocol sets out the rules for a potential purchaser accessing your data room. It lets them know what information they can expect to receive, how they can expect to receive it and what they can and can’t do with that information.
A data room helps you give access to your commercially sensitive information to a potential purchaser in a secure and succinct manner. Having a data room protocol assists with this process by clearly setting expectations for both parties. It can also assist with minimising cost, reducing liability and streamlining the access process.
We appreciate your feedback – your submission has been successfully received.