Profile cover photo
Profile photo
Safelink Data Rooms
Faster, easier, more secure Virtual Data Rooms
Faster, easier, more secure Virtual Data Rooms


The Changing Role of Virtual Data Rooms

A virtual data room (VDR) is a highly specialised online service that can be used to share documents while keeping them under tight control.  Data rooms have conventionally been used by teams involved in corporate transactions, loan syndications and intellectual property licensing, to securely house confidential information and manage and track access to it.

Before the advent of virtual data rooms, there were physical data rooms.  Documents were disclosed to invited parties, who would visit one at a time and risk being frisked on the way out. The introduction of online VDRs allowed multiple parties to inspect documents at once and improved security, speed, fairness, efficiency and accessibility.  The step change from paper to electronic has already happened, so how has the concept of data rooms developed from there?


The next stage in the evolution of VDRs is already under way.  Platforms such as Safelink are bringing together the security benefits of VDRs and more contemporary ideas from social networking, file sharing, team coordination and knowledge management.   As the expense of running a data room decreases and the feature set expands, more small companies are realising the benefits of using VDRs. In the legal sphere, data rooms are spreading beyond the corporate teams to include more uses where there is a need for secure document sharing, such as property transactions, private client matters and ongoing client relationships. Other functions available from modern VDRs are also proving invaluable as today’s small businesses increase their awareness of data security. Ideas from other fields are being mixed with the core of what a data room is, eg. activity feeds, workflows, annotating documents and collaborative working.  Similarly much of the technology developed for VDRs can be used for collaboration which brings the higher standard of security sought after as workers are increasingly accessing documents outside the office, maybe on trains or in coffee shops. Secure instant messaging is an important development, and could replace conventional email in many companies as the primary method of digital communication. Secure file sharing has also become an indispensable feature of the modern law firm, as VDRs are well placed to handle huge volumes of documents and make them easily accessible. This feature is particularly beneficial when used as a system for dealing with internal document preparation,  and file transfer between law firms and external litigation support agencies. 


Alongside these ongoing developments, VDR technology is also becoming more widely accessible.  In the early days, VDRs were quite expensive and their use was only justified on large transactions.  Now that the VDR market has opened up and costs are coming down, it is now possible to apply this technology more broadly, such as to smaller and more price-sensitive transactions, and to other matter types entirely.

As the legal industry’s move towards the paperless era gathers pace, the benefits of using VDRs in the modern tech savvy workplace are clear. The time saved by using fast, efficient, feature rich and secure data rooms will prove to be invaluable. A fixed pricing model, now affordable to the smaller business rather than the previous large corporate market makes the VDR option the most attractive solution for more and more legal firms.

Safelink offers a transparently priced virtual data room service, with firm-wide pricing options that allow the benefits VDRs to apply to matters across your firm.  Visit to see our price list, sign up for a free trial, or email us at
Add a comment...

8 Reasons To Use A Virtual Data Room

Sisyphus’ punishment was to roll a boulder up a hill interminably.  In modern times his plight might instead have been to host a due diligence exercise without the aid of a virtual data room.

With no virtual data room, what would Sisyphus have to use?  A physical data room may be his best option as it pushes much of the inconvenience to the end-users, who need to make an appointment and venture on-site to peruse the paperwork.  Using email to send documents would be fittingly tedious, with the ordeal of tracking of multiple versions, restrictions on attachments and duplicated effort as new parties join in.  A consumer-grade file sharing service would seem to be a good answer, until Zeus finds out that his secret documents have escaped all control, at which point Sisyphus could expect another inventive rebuke.

Time is precious and expectations are high.  Anyone hosting a due diligence exercise should aspire to provide the highest standard of service, and an excellent virtual data room provider can help them do just that.  Here’s how.

1. Security

It is your organisation’s responsibility keep its data secure, especially so when it belongs to your clients.  Using a virtual data room, you can decide exactly who can see each document and prevent copies being taken.  By contrast, paper files can be misplaced, stolen or simply seen by the wrong people, and emails are now even less secure than postcards, given that they are routinely recorded by third parties. Safelink’s solution goes further than any other by encrypting the data with client-specific keys, providing an exceptional degree of privacy for highly sensitive information. Even the Safelink team can’t read your documents.

2. Accessibilty

Filing paper copies of all your documents on site can be a time consuming and costly method of storing information. File storage can take up a huge amount of space, and mistakes will happen, such as misfiled and lost documents. Also staff physically filing and retrieving documents can take up valuable time which could be better spent on other projects. Using a virtual data room, file location and retrieval is instant. We offer a simple system of nested folders that enables you to quickly access what you need. Safelink’s unique Surface feature lets you access documents as if they were laid out in front of you.

3. Compliance

If your company handles confidential information from customers, vendors or other outside parties, it is the responsibility of your company to keep that data secure.  In addition to any contractual obligations you have with your clients and insurers, businesses operating within the UK must comply with the UK Data Protection Act (1998), and indirectly the European Data Protection Directive. Breaches in data security can result in fines and prosecution. Most businesses that experience a significant data breach are unlikely to recover from the financial repercussions, loss of customer trust and loss of outside party support. Using a virtual data room system to share information is a good way to ensure you have adequate protection.

4. Control

Having your documents stored in a  data room gives you a high level of control over who accesses your data. You can manage user permissions to give individuals different levels of access and control who can see each document.  You can also use an audit trail to see all activity within your data rooms, which documents have been uploaded, accessed, edited and even opened by whom. 

5. Customer Service

Using a virtual data room provider means that there is the option to build your company’s branding and colour scheme within the software, making it very much part of your company’s tools. Although already packed with intuitive features, Safelink can also build you features specific to your needs, to make the software work for you in the way that you would like. We also offer a 24 hours customer support line should you need us, and where possible, can send a member of the Safelink team along to assist you. 

6. Ease Of Use

Although on the cutting edge of security technology, VDRs are very simple to use. Our controls are intuitive and are packed with clever features to ensure a fast and direct result. No training is required, although we are happy to provide training sessions and live demonstrations if requested. Safelink is an instant online service, requiring no download or installation. Special features include ‘drag and drop’ for quickly uploading documents, a ‘timeline’ feature to clearly show all activity within your account and our new ‘surface’ facility, as described above.

7. Saving Time And Money

Time pressures are a very real problem in the modern day office and technology must rise to meet this challenge of efficiency with simplicity. We are providing a highly powerful data room tool, which works with your broadband online, switching instantly between documents, between files, between rooms, logging every move as it does so. You no longer have to wait for paper files to be identified and located, Safelink can store your data for you, and provides instant access at your fingertips. Time saved equates to reduced stress for employees and reduced costs for your business. We offer monthly fixed prices, transparent plans with no hidden extras, and we show details of our plans on our website.  Customers that opt for a firm-wide licences achieve substantial discounts and according to the feedback, excellent value.

8. Intelligence

Virtual data rooms offer the unique ability to show detailed reports of who has been looking at each page in a data room and for how long.  In a corporate transaction, it can be very useful to review activity to see which prospective buyers are serious and which are wasting your time, and the right virtual data room can help you to gauge this and much more.

Safelink’s interactive audit report allows you to visualise document-level and page-level usage statistics, both in aggregate and over time, and drill down into specific teams and users.
Add a comment...

Post has attachment
Safelink Update June 2014 - New features, hints and tips and recent articles from the Safelink team.
Add a comment...

Data gone AWOL?  Get your troops in line! 

Significant data breaches affecting well known organisations are reported in the media on almost a daily basis. We know that no organisation is immune to experiencing a data loss, the critical issue is how that loss is dealt with. So what is the best approach to dealing with such an event and its aftermath?

Data loss can occur at any time, you will be unlikely to have any advanced warning before it happens and the level of severity can depend on the type. There are different ways this can happen. Unintended disclosure, when data has been mishandled, accidentally published on a website or sent to the wrong destination via email or fax. Data theft, by hacking, spyware and malware via electronic entry from an outside party. Insider, when an employee with legitimate access intentionally volunteers data and physical loss of portable devices such as stolen laptops, smartphones, USB sticks or CDs. You may not be able to predict an imminent attack, but you should have a contingency plan ready to deal with one if you need to. A well developed breach response plan will limit the damage to the reputation of your organisation, and ultimately save you money.

Take control: As soon as data loss is detected or even suspected, notify your pre-determined response team and establish good channels of communication between its members. Depending on your organisation, a good response team should involve people from management, IT, communications, compliance, finance and legal departments. 

Confirm your priorities: Assign a team leader with the authority to make fast decisions and with access to funds, there will be expenditure associated with proper management of a data breach and any delay in releasing funds will result in increased costs later.  

Prevent further damage: Lock down and secure the affected systems to contain the breach. Identify where it has occurred and exactly what type of data has been accessed or potentially accessed.  Consider turning systems off if you think an attacker may have installed a backdoor that would allow ongoing access.

Set some rules: Document everything from the outset, you may well be required to provide evidence of the steps you took in a later investigation.  Preserve any digital evidence, such as audit logs, as these may be requested later on.

Don’t drop your guard even during your response. Be extra vigilant with security across all systems, even if you think they remain unaffected. In 2011 Sony suffered a DDOS attack, assigned all their IT staff to deal with it, then didn’t notice hackers sneakily stealing 101 million customer records through a backdoor.

Be proactive and honest, expect media interest and do not attempt to cover-up. Draft a clear communication plan to notify your organisation’s stakeholders, which includes shareholders, customers, vendors and regulators. Secure the support of your external contacts and seek advice from your legal and insurance advisors. 

Inform affected individuals as a matter of urgency if their personal data has been accessed. Ebay are currently being criticised over their delay in informing the public of hackers accessing personal accounts back in March of this year. Admit to the mistake, apologise unreservedly, explain exactly how the breach has occurred and what you are doing to fix it. Look forward and suggest how you can improve your practices to minimise the risk of such incidents in the future.  You may also need to draft a response to any media interest. Inform the public of the nature of the breach, that it has been contained, and that steps are being taken to limit whatever damage has resulted. If the situation has become newsworthy, set up a support centre to handle inquiries from the public.

Who is to blame? Determine if there is any culpability on the part of your organisation and take legal advice. What support can you offer affected customers to regain their trust? Consider offering available protection services such as identity theft and credit monitoring. Careful handling of public relations in the wake of a data breach can considerably reduce damage to your organisation’s reputation and limit costs.

Avoid further costs and regulatory fines: submit a report to the necessary authorities and prepare your organisation for any further investigations that may follow. Be open and honest, document all steps that have been taken throughout the breach’s life cycle and submit to the authorities if requested. Learn from the incident and think about what you can do to improve your service, such as investing in a high level secure online data storage.

Avoid the problem in the first place:  Are you storing information that you don’t need?  Can you outsource data storage or credit card handling to specialised providers who can provide better security for that data through economies of scale?  Do your staff have access to information that they don’t need? Do any of your staff have external access to confidential data and weak passwords?  Be prepared, think about all of this before it happens so you know what to do.  Put your plans in place and run a fire drill.
Add a comment...

Microsoft moves to force a result on European data ambiguity.

Under current law, US courts can compel any US company to turn over any of its confidential data. So what happens if that data belongs to a foreign company and is stored outside the US?

Microsoft, for whom the obligation to hand over private European data will curtail their ambitions to supply cloud services for European customers, hopes to close this loophole. They have committed to appealing a test case up to the US federal courts. The latest ruling in this series by US Judge James Francis states that Microsoft "must release" the email correspondence of an individual under investigation by the US authorities. This leaves European customers who use US providers vulnerable to compulsory data disclosure and therefore potential liability where they were required to protect that data.

Microsoft is an American company and operates under US law. The data that the US authorities want is stored on a Microsoft-controlled server in Dublin. Microsoft dispute the validity of a US search warrant being deployed in any jurisdiction outside the US, a view supported by the European Commission. But while this US threat for access to data exists, Microsoft’s expansion in European markets is hampered. They stand to lose business to European providers who can protect clients’ data with no interference from US authorities. The problem is extensive, affecting other US firms such as Google and Amazon, who provide the hardware on which many online services operate. So US providers are powerless to stop European data being handed over to US authorities. This is a massive threat to Microsoft’s plans to offer online services in Europe, hence this campaign for their right to refuse.

Judge Francis points out that given the increasingly international nature of online data, traditional search warrants can no longer apply and cites instead the federal Stored Communications Act. Under this ruling Microsoft would then have no choice but to retrieve the data from Dublin and deliver it. The SCA protects Microsoft from litigation from within America resulting from any disclosure, but Microsoft and their customers remain vulnerable to litigation in Europe where the SCA does not apply [US Code Title 18, Ch. 1, Pt. 121, 2703, (e), 1986].

The EU Data Protection Act is clear on not surrendering data to countries outside their Member States where that country ‘does not ensure an adequate level of protection’ [EU Directive 95/46/EC, Ch. IV, Art. 25, (4), 1995]. Following the revelations of mass online surveillance of its citizens by the US government, this may well be the case. 
So Microsoft are fighting, but what would it mean for international security if they lose? Will data storage businesses in Europe be culpable for turning over their clients’ information to the US authorities? Will customers then sue such organisations as banks and law firms who use third party data firms to store information? Where does this leave service providers who can no longer uphold previous guarantees of security? UK firms are becoming increasingly wary of using services which are hosted on US platforms, as the US authorities are able to capture confidential information without UK judicial oversight, or even notice being given. At Safelink, we host all our data in Europe and ensure that no US firm controls any part of the hosting infrastructure we use. The EU Data Protection Act is soon to be overhauled, which will make US providers an even less favourable choice for European customers than they are now.

Could you explain to a client that their personal data is now in the hands of a US district attorney due to an IT infrastructure decision? Can this liability realistically be limited when the European Data Protection laws so clearly state that data must be secured?
Add a comment...
Wait while more posts are being loaded