Data rooms are used to conveniently group together bundles of documents relevant to the sale of a business. Because data rooms often contain commercially sensitive information, it’s important to have a protocol governing the terms on which the purchaser receives access. Having a protocol can also save you time, money and ensures that the relationship between vendor and purchaser is transparent. The following are key concepts to address in a data room protocol.

The Purpose of the Protocol

Much like setting out recitals at the start of a contract or the ‘scope of work’ for services, clearly outlining the purpose of the protocol ensures both vendor and purchaser are ‘on the same page’. Both parties know that the protocol is designed to ensure they know and clearly understand the terms on which access will be provided so that there is no misunderstanding.

Specify What are the Due Diligence Materials

What are due diligence materials? Are they just documents contained within a physical or virtual space? Does the definition of materials also include any responses to questions? What about any presentations from the vendor to the purchaser, or email and verbal communications?

You should clearly set out an expansive definition of due diligence materials so that any confidentiality clause drafted into the protocol covers the materials. This is so the purchaser understands that breach of due diligence materials (with a broad definition) is a breach of confidentiality and therefore leaves them open to liability.


Successful businesses have winning formulas. Whether literal (in the case of Kentucky Fried Chicken’s 11 herbs & spices) or figurative, a winning formula is what makes a business an attractive potential target. If you provide commercially sensitive information to a purchaser in a data room, at the very least outline confidentiality clauses in your data room protocol. Preferably, you should have your lawyer draft a specific mutual non-disclosure agreement that both the vendor and purchaser sign to supplement the data room protocols.

Access to the Data Room

If you have a physical data room, it’s important to set out access times, and if you have a virtual data room, the security of the access links you send is paramount.

Setting out access times ensures a purchaser doesn’t harbour unrealistic expectations of 24/7 access to a physical data room. You can also set out that requests for access outside the specified access times may be refused.

It’s also important to specify what activities are permitted in the data room. It’s market practice to allow the purchaser to take notes and use their own laptops or phones. You should make it clear that the purchaser can’t remove, mark, modify, damage or destroy any of the due diligence materials. You don’t want to be in a situation where an unscrupulous purchaser marks or removes materials, then accuses you later of tinkering with your financials.

Key Takeaways

Setting out a protocol for your data room puts you and the purchaser on the same page, creating a transparent relationship. Ensuring that the purchaser understands the terms on which you will permit access to the data room is likely to make the business purchase process smoother and easier to handle, causing you less stress and using up less of your time. It’s prudent to first speak with your lawyer about what concepts you should include and ensure the protocol is relevant to your business purchase. Questions? Get in touch with our IT lawyers on 1300 544 755.

About LegalVision: LegalVision is a tech-driven, full-service commercial law firm that uses technology to deliver a faster, better quality and more cost-effective client experience.
Chloe Sevil

Get a Free Quote Now

If you would like to receive a free fixed-fee quote or get in touch with our team, fill out the form below.

  • We will be in touch shortly with a quote. By submitting this form, you agree to receive emails from LegalVision and can unsubscribe at any time. See our full Privacy Policy.
  • This field is for validation purposes and should be left unchanged.

Privacy Policy Snapshot

We collect and store information about you. Let us explain why we do this.

What information do you collect?

We collect a range of data about you, including your contact details, legal issues and data on how you use our website.

How do you collect information?

We collect information over the phone, by email and through our website.

What do you do with this information?

We store and use your information to deliver you better legal services. This mostly involves communicating with you, marketing to you and occasionally sharing your information with our partners.

How do I contact you?

You can always see what data you’ve stored with us.

Questions, comments or complaints? Reach out on 1300 544 755 or email us at

View Privacy Policy