So you’re thinking about selling your company because you’ve finally received an offer you think is reflective of all the hard work you and your partners and employees invested over all those years. It’s inevitable that you will have to share some confidential information about your company with the potential buyers during the course of a sale process. Anyone thinking about buying your business will want to do at least some amount of due diligence before transferring a large sum of money to your company’s bank account. It only makes sense from the buyer’s perspective. But from your perspective, the buyer’s interest, while seemingly genuine, could be nothing more than an attempt to peer into your company’s confidential information to learn how you do what you do so successfully.
The following points are some easy tips you can follow to protect against misuse or theft of your company’s confidential information when letting potential buyers take a look at what they’re buying:
1. Make sure a good Non-Disclosure Agreement (NDA) is in place with each potential buyer before you begin discussions with them, and especially before giving them access to confidential documents in a data or due diligence disclosure room.
2. A good NDA should cover lots of stuff, including:
- who has access to information
- what information is protected
- with whom the information may be shared
- what happens if you want your information back
- what happens to the information if the transaction is never consummated
- what happens if information is legally required to be disclosed
- what happens if a party or its representatives breach the NDA
- what representations you are making about the information
- what effect the NDA has on any agreement between the parties
- rules governing the due diligence process
- and other legal language to protect your company.
3. Protect your people. Particularly if a potential buyer is a competitor, be smart about who on your team you’re making available for the buyer, at what stage, and consider adding non-solicitation provisions to your NDA.
4. Make sure your online data room is secure. These days most due diligence is conducted through online virtual data rooms where the target company posts thousands of documents that contain confidential information, and authorized representatives of the acquiring company have access to that information. This is your company’s private information, so make sure you pick and equip a data room that is secure and limits access to your information to appropriate parties.
5. Do not post everything to a data room. While you are sure to receive a lengthy due diligence request from a potential buyer or the investment banker, keep in mind that not everything should be posted. For example, if you have trade secrets or government classified information do not post this information. Remember that it’s possible to breach a contract just by disclosing the existence of certain information. If the information is crucial, there are other even more secure means available to share it with a potential buyers.
6. Rely on a team of trusted advisors. Use your key employees, your attorneys and possibly your investment bankers to review information before it’s posted to a data room. This will help you prevent the accidental sharing of highly secretive information and uncover any business or legal issues that your team may need to deal with or address with potential buyers.
7. Redact highly sensitive information. It should be acceptable to redact customer names, and, to some extent, important customer information. Also, while you may need to post all of your board meeting minutes, redacting discussions about other buyers and the sales process should be acceptable and completed before disclosing the information.
8. Consider timing and access to information. Many data rooms can limit access to certain information to specified parties or you can selectively grant access to certain folders. If you are running an “auction” process – by talking to multiple potential buyers – consider waiting to disclose your more sensitive information to a smaller group of potential buyers later in the process. Alternatively, you may want to give strategic buyers with whom your company competes access to only a subset of the information.
9. Clearly mark confidential information and don’t allow copies or downloads. You should take advantage of the information restrictions that a good data room may offer such as not allowing files to be downloaded or printed or marking all printed pages with a “Confidential” watermark.
10. Be careful with e-mail. Unless you are password protecting or encrypting files, almost anything you send by e-mail can easily be forwarded to other parties. So try not to use e-mail when exchanging sensitive business information in the course of due diligence because it may come back to bite you.