Data rooms are used to conveniently group together bundles of documents relevant to the sale of a business. Because data rooms often contain commercially sensitive information, it’s important to have a protocol governing the terms on which the purchaser receives access. Having a protocol can also save you time, money and ensures that the relationship between vendor and purchaser is transparent. The following are key concepts to address in a data room protocol.

The Purpose of the Protocol

Much like setting out recitals at the start of a contract or the ‘scope of work’ for services, clearly outlining the purpose of the protocol ensures both vendor and purchaser are ‘on the same page’. Both parties know that the protocol is designed to ensure they know and clearly understand the terms on which access will be provided so that there is no misunderstanding.

Specify What are the Due Diligence Materials

What are due diligence materials? Are they just documents contained within a physical or virtual space? Does the definition of materials also include any responses to questions? What about any presentations from the vendor to the purchaser, or email and verbal communications?

You should clearly set out an expansive definition of due diligence materials so that any confidentiality clause drafted into the protocol covers the materials. This is so the purchaser understands that breach of due diligence materials (with a broad definition) is a breach of confidentiality and therefore leaves them open to liability.


Successful businesses have winning formulas. Whether literal (in the case of Kentucky Fried Chicken’s 11 herbs & spices) or figurative, a winning formula is what makes a business an attractive potential target. If you provide commercially sensitive information to a purchaser in a data room, at the very least outline confidentiality clauses in your data room protocol. Preferably, you should have your lawyer draft a specific mutual non-disclosure agreement that both the vendor and purchaser sign to supplement the data room protocols.

Access to the Data Room

If you have a physical data room, it’s important to set out access times, and if you have a virtual data room, the security of the access links you send is paramount.

Setting out access times ensures a purchaser doesn’t harbour unrealistic expectations of 24/7 access to a physical data room. You can also set out that requests for access outside the specified access times may be refused.

It’s also important to specify what activities are permitted in the data room. It’s market practice to allow the purchaser to take notes and use their own laptops or phones. You should make it clear that the purchaser can’t remove, mark, modify, damage or destroy any of the due diligence materials. You don’t want to be in a situation where an unscrupulous purchaser marks or removes materials, then accuses you later of tinkering with your financials.

Key Takeaways

Setting out a protocol for your data room puts you and the purchaser on the same page, creating a transparent relationship. Ensuring that the purchaser understands the terms on which you will permit access to the data room is likely to make the business purchase process smoother and easier to handle, causing you less stress and using up less of your time. It’s prudent to first speak with your lawyer about what concepts you should include and ensure the protocol is relevant to your business purchase. Questions? Get in touch with our IT lawyers on 1300 544 755.

Chloe Sevil
If you would like further information on any of the topics mentioned in this article, please get in touch using the form on this page.
Would you like to get in touch with Chloe about this topic, or ask us any other question? Please fill out the form below to send Chloe a message!