October 29, 2020
3 Data Room Security Capabilities Every Legal Advisor Should Mandate
BY STEVE J. TIE SHUE, SENIOR DIRECTOR - PRODUCT MARKETING
There’s been seeming inertia among some M&A legal advisors to simply accept whichever data room another advisor on a deal, or their client, selects – particularly on mid-size or smaller deals. Surprising since the law firms on a transaction often stand to lose the most in the event of a data breach or cyber-attack. Look no further than recent headlines to identify the reputational risk at stake in similar situations. Here are three bedrock security requirements all lawyers should mandate for any platform used to manage financial transactions.
1. It’s not a data room if it wasn’t built for transaction management
There’s a reason pre-VDR data rooms were kept under actual lock & key – requiring detailed access logs of those who entered. With research finding more than 25% of law firms have experienced some kind of data breach, legal advisors would do well to avoid accepting “good enough” file-sharing programs to function as quasi-deal rooms. Sure – the platform may allow you to share files “securely” but how secure is it? Was its architecture actually designed for regulatory compliance – ahem GDPR / CCPA – and transmission of highly sensitive financial and human capital information?
VDRs should be closely vetted to confirm compliance with international security standards (Is it ISO certified? Has there been SOC 2 Type 2 auditing?). Similarly, vulnerability and penetration testing cadence, backup and encryption protocols, and confirmation of the cloud computing service on which the solution runs should all be validated before signing any SOW or end-user license agreement.
"more than 25% of law firms have experienced some kind of data breach"
2. Managing authorized VDR users at the content and feature levels is a non-negotiable
Legal advisors on both the buy-side and sell-side report typically working with more than fifteen stakeholders during due diligence. That’s a lot of people accessing files and communicating about open issues and key findings. Complicating things further is the fact that not everyone should have access to the exact same files or capabilities.
Data rooms should allow administrators to customize the experience of every user – granting access ranging from a single file or folder to every document uploaded and indexed. Similarly, it should be simple to restrict core permissions like printing and downloading files as well as enhanced capabilities like data analytics and redaction.
"data rooms should allow administrators to customize the experience of every user"
3. VDR security is only as good as the support team behind it
Dealmaking exists within a truly global community – cross border deals approach a third of all transactions in some years. This means the fabled 2 AM fire drills – often becoming war stories traded by M&A lawyers during social hours – may actually occur at 2 PM for other members of the deal team across the world and require immediate human intervention.
Having 24/7 client support – not just an online form or email address that may at best get answered within a day or two – makes all the difference in staying regulatory compliant or safeguarding confidential information. Ditto for multi-lingual support for assisting on escalations of this nature.
Pro tip: Consider data rooms offering single sign-on (SSO) authentication – it significantly improves security while reducing login credential fatigue. Plus, your technology office will be happy you’ve identified a preferred vendor to help reduce the reputational risk of your law firm.
More than nine thousand financial transactions are securely managed within Datasite Diligence each year. Click here to request a demo or to speak with a local consultant to learn more about our ironclad security and 24/7/365 client services team – fluent in eighteen languages.
Ready to Get Started?
You may also like:
Movers and Makers: Industrial M&A Opportunities in 2021 and Beyond
In partnership with Mergermarket, Datasite convened a panel of leading industry figures to discuss what the growth and disruption trends from 2021 mean for M&A in the manufacturing, logistics and transportation sectors. The resulting conversation and Q&A, provide an exciting look at the prospects for the year ahead.
Corporate Development Outlook: Growth and Challenges Driving New M&A Approaches
As the third quarter of 2021 draws to a close, the M&A market remains red-hot despite - or maybe because of - the ongoing transformation of the broader business world. In the Enterprise Edition, the third roundtable in Datasite’s Corporate Development Outlook series, leaders from several of today’s fastest-growing industries gathered to share their insights.
Innovation and Opportunity in Canada’s M&A Market
With a clearer picture of Canada’s post-Covid business landscape beginning to emerge, both buyers and sellers in the M&A world are working out new approaches to dealmaking. Together with Mergermarket, Datasite brought together several industry insiders to share their perspectives on the future of M&A in Canada.
