Using NDAs and data rooms to protect confidentiality during distressed sales

In the current climate, we are seeing increasing levels of distressed business sales. A distressed sale happens when a company facing financial difficulties resorts to selling off part or all of its assets, to continue trading or as a part of a restructuring process. Safeguarding measures such as non-disclosure agreements (NDAs) and data rooms can be easy to overlook during a distressed sale, but are an essential part of preserving the value of the business and ensuring a seamless start to the transaction.

In any sale, the seller will seek to enforce the strictest possible obligations on the buyer to protect their information. A seller could, for example require the buyer to keep the information confidential and not to disclose it to third parties, except as expressly permitted by the agreement. A seller will also seek to protect its information for as long as possible – commonly for a 1-3 year period although some information, such as price sensitive contracts and employee details, may need to be kept confidential for a longer period. At the same time, the buyer will often want to minimise their exposure to the obligations, which can be achieved by reviewing the terms carefully and negotiating appropriate exclusions.

Non-disclosure agreements

The concept of NDA is widely recognised in commercial transactions. NDAs are legally binding agreements that create a confidential relationship between parties. In this context, they are used to regulate how information is to be stored, shared, used and handled during and after a sale or acquisition process.

During distressed sales, NDAs are usually negotiated at pace. A company’s value is often predicated on its confidential information and data, whether that is exclusive trade secrets or information on its customers and suppliers. Information creates value and an NDA is an effective tool to protect that value. NDAs can minimise the risk of future disputes and can address industry specific provisions or additional issues that are indirectly related to confidentiality, such as the treatment of intellectual property rights and non-solicitation of employees and customers.

NDAs often contain standard industry provisions; however, it is important that the seller and the buyer review an NDA closely for the following common, but not exhaustive, terms.

Clearly identify the parties

Who owns the information or assets in question? Who in the buyer’s organisation and which advisers will need access to the information?

Provide a definitive purpose for granting access to the information

Is the buyer evaluating the business for marketing, due diligence or bidding purposes? Is the purpose too restrictive that it can unfairly restrict the buyer’s future activities?

Ensure clear parameters around the confidential information shared

Does the NDA capture all types of information that may become available prior to, during and after the transaction? Would it cover information that is central to the business such as plans and strategies, financial information, commercial contracts, pricing and sale information? Does information that is already publicly available fall outside of the scope of the NDA?

Apply appropriate security protections

Certain information – for example, employee information – requires a higher level of confidentiality due to data protection regulations.

What NDAs should not include

NDAs should not contain terms that prevent parties from reporting to regulatory bodies or law enforcement, or from making legally protected disclosures. Using an NDA to hinder parties from cooperating with investigations, reporting crimes or making required disclosures is improper. Any attempt to block this kind of reporting or disclosure can lead to breaches of regulatory obligations, and resulting disciplinary action.

Data rooms

Once an NDA has been agreed upon, the seller will proceed to sharing its confidential information to the buyer to assist in the buyer’s due diligence process. This is often done through a data room.

Data rooms are cloud repositories for storing and sharing information. It is the modern equivalent of a physical room where hard copies of documents would be stored for the parties’ laborious review during the due diligence phrase of a transaction.

The technology behind data rooms ensures sensitive documents and information are held securely, and access is strictly controlled and monitored. Data rooms are typically set up with standard privacy and confidential terms and conditions in place. In an emergency, these will provide a minimal level of data protection coverage for the seller, even though a properly drafted NDA is always preferrable.

The process of opening and managing a data room is usually dictated by the seller, and in the selection process of the data room provider from an extensive market, the seller should consider the following:

• the number of participants it envisages needing access to the data room;
• the time period it anticipates the information needing to be available;
• the amount of data that will need to be uploaded and stored;
• the types of information will be made available in the data room and the level of security and access needed for each type of information;
• the security and accessibility requirements of the data room; and
• the party who will be responsible for the cost and day-to-day management of the data room.

During a distressed sale process, there may not be sufficient time or information to warrant setting up a data room. The seller can explore other options such as sending documents via encrypted emails or other cloud sharing services.

The information made available to the buyer should always tie in with the terms of the NDA. The buyer will also need to be conscious of its contractual obligations under the NDA and handle the shared information accordingly.