October 29, 2020

3 Data Room Security Capabilities Every Legal Advisor Should Mandate

BY STEVE J. TIE SHUE, SENIOR DIRECTOR - PRODUCT MARKETING

There’s been seeming inertia among some M&A legal advisors to simply accept whichever data room another advisor on a deal, or their client, selects – particularly on mid-size or smaller deals. Surprising since the law firms on a transaction often stand to lose the most in the event of a data breach or cyber-attack. Look no further than recent headlines to identify the reputational risk at stake in similar situations. Here are three bedrock security requirements all lawyers should mandate for any platform used to manage financial transactions.

1.     It’s not a data room if it wasn’t built for transaction management

There’s a reason pre-VDR data rooms were kept under actual lock & key – requiring detailed access logs of those who entered. With research finding more than 25% of law firms have experienced some kind of data breach, legal advisors would do well to avoid accepting “good enough” file-sharing programs to function as quasi-deal rooms. Sure – the platform may allow you to share files “securely” but how secure is it? Was its architecture actually designed for regulatory compliance – ahem GDPR / CCPA – and transmission of highly sensitive financial and human capital information?

VDRs should be closely vetted to confirm compliance with international security standards (Is it ISO certified? Has there been SOC 2 Type 2 auditing?). Similarly, vulnerability and penetration testing cadence, backup and encryption protocols, and confirmation of the cloud computing service on which the solution runs should all be validated before signing any SOW or end-user license agreement.

"more than 25% of law firms have experienced some kind of data breach"

2.     Managing authorized VDR users at the content and feature levels is a non-negotiable  

Legal advisors on both the buy-side and sell-side report typically working with more than fifteen stakeholders during due diligence. That’s a lot of people accessing files and communicating about open issues and key findings. Complicating things further is the fact that not everyone should have access to the exact same files or capabilities.

Data rooms should allow administrators to customize the experience of every user – granting access ranging from a single file or folder to every document uploaded and indexed. Similarly, it should be simple to restrict core permissions like printing and downloading files as well as enhanced capabilities like data analytics and redaction.

"data rooms should allow administrators to customize the experience of every user"

3.     VDR security is only as good as the support team behind it

Dealmaking exists within a truly global community – cross border deals approach a third of all transactions in some years. This means the fabled 2 AM fire drills – often becoming war stories traded by M&A lawyers during social hours – may actually occur at 2 PM for other members of the deal team across the world and require immediate human intervention.

Having 24/7 client support – not just an online form or email address that may at best get answered within a day or two – makes all the difference in staying regulatory compliant or safeguarding confidential information. Ditto for multi-lingual support for assisting on escalations of this nature.

Pro tip: Consider data rooms offering single sign-on (SSO) authentication – it significantly improves security while reducing login credential fatigue. Plus, your technology office will be happy you’ve identified a preferred vendor to help reduce the reputational risk of your law firm.

More than nine thousand financial transactions are securely managed within Datasite Diligence each year. Click here to request a demo or to speak with a local consultant to learn more about our ironclad security and 24/7/365 client services team – fluent in eighteen languages.

Driving Client Experience

Best practices for optimizing legal advisor-client engagement to win more mandates

Download infographic

Datasite for Law Firms

Speed up due diligence. Reduce costs. Share information securely.

Learn more

Ready to Get Started?

Contact Us

You may also like:

Keep the deal moving - even on the move

With the Datasite mobile app, you always know where the deal’s at – wherever you are.

M&A Professional reviewing documents via data room
The ABCs of SPACs and de-SPAC’ed Entities

With the change in market conditions over the last year (increased inflation, interest rates etc.), there is concern that companies who went public via a SPAC in 2020 and 2021 will not be able to continue their business operations due to a lack of free cash flow or will face de-listing because their stock is not in compliance with the NYSE or NASDAQ requirements. These companies may need to explore alternative options, such as rescue capital raises, full company sale to a strategic, bankruptcy, and PE take-private options, etc.

M&A Professionals work on a data room
M&A and digital transformation: Opportunities and challenges in APAC

The pandemic saw a growth spurt in digital platforms. Will the tech sector be able to sustain investor interest in the face of challenging macroeconomic dynamics? Learn more about emerging digital transformation stories from APAC in our expert spotlight blog.

City Skyline

© 2023 Datasite All rights reserved

Datasite provides secure software solutions for managing the full spectrum of financial transactions — including M&A, restructuring & administration, and capital raising. Our intuitive platform offers ironclad security enabling file sharing and collaboration within and across organizations. More than a virtual data room (VDR), Datasite supports advisors and their clients across the entire deal lifecycle with secure collaborative software that shortens timelines for buy-side and sell-side teams from deal sourcing and deal preparation to post-merger integration (PMI) while meeting regulatory compliance — including GDPR and CCPA requirements. As the premiere virtual data room for M&A due diligence globally, Datasite is consistently recognized for breakthrough technologies like our AI/ML-enabled capabilities and automated redaction tools. Beyond due diligence, Datasite provides transaction and document management solutions for investment banks, corporate development, private equity, and law firms across industries.