It’s inevitable that you will have to share some confidential information with potential buyers during the course of a sale process. Anyone thinking about buying your business will want to do at least some level of diligence before transferring a large sum to your bank account. The following are some easy tips you can follow to protect against misuse or theft of your company’s confidential information when letting potential buyers take a look:
- Make sure a good Non-Disclosure Agreement (NDA) is in place with each potential buyer before you begin discussions with them (and especially before giving them access to thousands of confidential documents in a data room). (For example, see our Cooley GO Docs Mutual NDA and NDA
- A good NDA will cover lots of stuff: some topics that are often covered in an NDA between a potential buyer and seller include who has access to information, what information is protected, with whom information may be shared, what happens if you want your information back, what happens if the recipient is legally required to disclose your information, what happens if a party (or their representatives) breach the NDA, what representations you are making about the information (none), what effect the NDA has on any agreement between the parties, considerations about the process and other legal language to protect you. For more information on NDAs generally, please see this article
- Protect your people. Particularly if a potential buyer is a competitor, be smart about who on your team you’re making available for the buyer, at what stage, and consider adding non-solicitation provisions to your NDA.
- These days, most due diligence is conducted through online virtual data rooms where the target company will post thousands of documents that contain confidential information. This is your private information, so pick a data room that is secure and limits access to appropriate parties.
- Do not post everything to a data room. While you are sure to receive a 20 page diligence request list from a potential buyer or your investment banker, keep in mind that not everything should be posted. For example, if you have a trade secret or government classified information, do not post this. And remember that it is possible to breach a contract just by disclosing its existence. If the information is crucial, there are other even more secure means available to share.
- Use internal resources, investment bankers or your lawyers to review information before it is posted to a data room. This can help prevent sharing something that is highly secretive by accident as well as uncover any issues that your team may need to deal with or address with potential buyers. If you are sharing information with strategic buyers who are competitors, you will need to carefully consider what information is disclosed to avoid raising any anti-competition issues.
- Redact highly sensitive information. It should be acceptable to redact customer names to some extent. Also, while you may need to post all of your board meeting minutes, redacting discussions about other buyers and the sales process should be acceptable.
- Consider timing and access to information. Many data rooms can limit access to certain information to specified parties or you can selectively grant access to certain folders. If you are running an “auction” process (meaning, talking to multiple potential buyers) consider waiting to disclose your more sensitive information to a smaller group of potential buyers later in the process or only giving strategic buyers who are competitors access to a subset of the information.
- Take advantage of other restrictions that the data room may offer such as not allowing files to be downloaded or printed or marking all printed pages with a “Confidential” watermark.
- Be careful with e-mail. Unless you are password protecting or encrypting files, almost anything you send by e-mail can easily be forwarded to other parties.
Last reviewed: July 18, 2023