Managing Confidentiality Obligations When Using a Virtual Data Room

The traditional beginning of a transaction or confidential project is the signing of a Nondisclosure Agreement (NDA).  No one wants to start a promising transaction or relationship with an acrimonious negotiation of a NDA, but most people accept that a NDA is necessary and want to get through the process quickly and move on to the opportunity.   While legal review is always recommended, it may not happen for some transactions and projects.    And in those situations, the enthusiasm at the beginning of the transaction or project may mean that a proposed NDA will  get the same level of attention as Google’s Terms of Use.   After all, “standard” is the usual prefix for “NDA.”

Rarely are two NDAs the same.  Yet in some situations at least some, if not all, of the transaction participants are bound by more than one NDA.   Especially problematic is the NDA that is imposed as a condition to virtual data room  access.   (VDR is a common abbreviation for virtual data room, and we’ll complement the NDA abbreviation with the VDR abbreviation.)  Even if there is a carefully thought out “negotiated” NDA, the chance of that NDA matching the terms of the VDR’s “standard” NDA is virtually zero.   But the format of many VDRs require that the mandatory “standard” NDA is agreed to as a condition to access the information in the VDR.  That includes access by the seller’s employees, the buyer’s employees, the seller’s lawyers, the buyer’s lawyers, the seller’s investment banker or business broker, commercial lenders, and the list goes on. . .  The chance of the VDR NDA being appropriate for all (or maybe any) of these people is close to zero.

Now that you are aware of the issue, what do you do?

  1. Refuse to accept the VDR’s “standard” NDA. Of course, in the frenzy of early due diligence, this sounds like an excuse for not getting your due diligence job done and may give you a reputation as a trouble-maker.
  2. Before accepting the VDR’s “standard” NDA, tell your lawyer that you are required to sign it to get access and ask her to be sure it is not an issue. If your lawyer knew this VDR’s NDA was coming, the primary negotiated NDA between the parties might have been developed to clearly control the situation.  Your lawyer might have included language something like this:

This agreement governs the use and disclosure by recipient and its agents and representatives of information disclosed by or made available by disclosing party, its agents or representatives through a virtual data room or otherwise and none of the terms imposed upon recipient or its agents or representatives as a condition to accessing a virtual data room to review information covered by this agreement will have any effect.

  1. Accept the VDR’s “standard” NDA, and tell your lawyer later (and hope they can fix any conflicting terms).
  2. Accept the VDR’s “standard” NDA, don’t be a trouble-maker and raise the issue, and hope that nothing ever comes of it.   After all, everyone else in your company was in the same boat.   Even your lawyer probably had to sign the VDR’s NDA to get access.

For your next transaction or confidential project, address this dueling NDA issue upfront or insist on using a VDR that does not impose its own NDA.

We recognize there is an opportunity for a more sophisticated solution to the frequent NDA issues involved with using a VDR – one that recognizes that different NDAs are appropriate for different data room users and the importance of ensuring the right NDA is signed by each transaction participant.  Transaction Commons is working on this solution.

In all cases, we urge everyone in a transaction or project to spend some time thinking about the NDA aspect of their  process.   Remember, that in many situations, that NDA will be the only agreement you enter into with the other party, the deal or project will not get done, and there is a real potential for a squabble (hopefully minor) over future compliance with the NDA.