In order to prevent the uncontrolled dissemination of confidential information and documents, among other things, due diligence involves data rooms (virtual data room), for which access is only available to a strictly limited group of people.

A distinction is made between physical and virtual data spaces, whereby in the course of digitization the virtual ones have replaced the physical data spaces in most cases.

What restrictions are the published information subject to?

For the seller in particular, it is important that the information that has been set, be it in a physical or in a virtual data room, is kept confidential and not removed. If the documents are only viewed and not copied, it must be ensured that the documents are treated accordingly.

For a physical data room this should be governed by opening hours. Should the information be subject to certain restrictions, it makes sense that a person monitors and coordinates the analysis work.

Copy requests are to be entered in a list in order to log the requests in the sense of preserving evidence.

If the buyer requires additional information than was provided to date, he should apply for it in writing by means of a checklist.

In the case of an electronic data room, the vendor’s salesperson or advisor is an administrator to monitor access to the room and to have an overview of the documents and the type of clearances. The access rights are granted electronically and are only possible with individualized access.

As with a physical data room, the user should first be informed about the rules. The accesses to the data room itself should be logged in an electronic logbook.

The advantage in a virtual data room is that the access and the rights in the document inspection are very individually adjustable, so that only visible documents, for example, can be blocked electronically when printed out.

The software initiative Germany e.V. (SID) warns the German economy not to deal with confidential documents carelessly. Particularly with business-critical transactions such as Mergers & Acquisitions (M & A) the danger is particularly great to neglect the data protection, criticizes the federation.

Especially financial data, board contracts, technical documentation, environmental reports and price lists with major customers are not always treated with the necessary care and secrecy. Especially in business-critical transactions such as Mergers & Acquisitions (M & A), the risk, according to Jan Hoffmeister, SID working group leader “virtual data room”, particularly large: “In M & A transactions give companies voluntary access to critical documents to third parties, such as competitors. Of course, these have very different interests. “

A study by the Fraunhofer Institute for Secure Information Technology (SIT) (SIT Technical reports: On The Security of Cloud Storage Services) shows how readily many companies provide their data to service providers based in the USA. In most cases, the lax handling of business-critical material is a consequence of great ignorance of the data protection guidelines. Accordingly, the Fraunhofer Institute points to the fact that no globally uniform data protection regulations have yet been established. This is particularly problematic for US providers of storage services in the cloud because all US Infrastructure services are subject to the local homeland security laws. On the basis of the Patriot Act, US authorities will be granted access to all data stored there at any time upon request. The possible access by third parties to business-critical data is thus virtually regulated by US law.

The real estate warns of potentially serious legal consequences that may arise from access by third parties to business-critical data. The range of possible consequences extends from claims for damages to the ineffectiveness of the purchase contract. In order not to jeopardize planned transactions, as well as the software initiative to commission providers for virtual data rooms with servers in Germany or at least within the EU. According to the software association, the use of virtual data rooms offers security and confidentiality for online viewing of business-critical data through a strictly controlled environment – such as a sophisticated authorization concept.

SID expert Hoffmeister describes the virtual data room as an internet-based platform that enables the different parties on the buyer and seller side parallel secure online access to confidential documents. As part of the due diligence, prospective purchasers in the virtual data room analyze confidential, transaction-relevant documents such as contracts, statements and authorizations that reflect the economic, legal and tax circumstances of the sales object. Security and confidentiality are guaranteed by a sophisticated authorization concept. This regulates which users are allowed to view, print or save which documents at what time.