In 2005, when the private, Indianapolis-based company was considering options that included potential buyers, guarding that asset took on a whole new dimension. Andara Life Sciences, still less than a year old, did not want to reveal any trade secrets to would-be buyers who might walk away from the deal.

"There were times we thought this would just not happen," says Kimi Iguchi, vice president of finance at Foxborough, Massachusetts-based Cyberkinetics Neurotechnology Systems, which eventually bought Andara. "That is their jewel, and they wanted to protect it until we were very close." (Cyberkinetics recently made front-page news with its trial of brain implants that allow paralyzed patients to control computer cursors with their thoughts.)

A Touch of 007
Holding critical business information close to the vest is part of the merger game for a seller. "It's a cat-and-mouse process of the prospective company not wanting to disclose too much because it is concerned [that a deal] might not be consummated," says David Stowell, associate professor of finance at Northwestern University's Kellogg School of Management. The "cat" is usually the buyer, which may try to pry information loose as early as possible, most often for reasons of valuation. But buyers may have some of their proprietary data at risk, too, when the target does its own due diligence. In each case, across a variety of industries, companies handle the challenges of keeping secrets differently.

The types of information to be protected also vary widely. In the intellectual-property realm, it could be a software firm's code. In other cases, pricing methods, customer databases, or a range of nonpublic financial results are often among the most proprietary elements in a company's files.

"You always hold back customer lists and pricing information and wait until the acquiring party is fully entrenched in the process," and thus committed to the deal, says Mark Beucler, CFO of Lifeline Systems, acquired by Amsterdam-based Philips Electronics in March 2006.

Despite the case-by-case variances, some general techniques are helpful for both selling and buying companies in protecting proprietary information during M&A negotiations.

When drawing up confidentiality agreements, it helps to recognize that the nature of the material to be protected changes as a deal progresses. "There are multiple levels of confidential information that are dealt with differently — before talking, before a deal is consummated, in due diligence, and in closing," notes Marc Schoenfeld, a former finance chief for the American Express International unit of American Express Inc.

In some cases, companies include breakup-fee provisions, underscoring the importance of secrecy by adding the penalty of a hefty payment if the deal is called off due to proprietary information getting out. "Breakup fees say to the suitor, 'You can do real damage to me, and I want to know you are serious,'" says Randy MacDonald, CFO of TD Ameritrade, the Omaha-based company formed when Ameritrade acquired TD Waterhouse in January.

Some companies require the employees who are to be engaged in the deal to sign confidentiality agreements as well. When designing them, advises Schoenfeld, care should be taken to ensure that the agreements "have teeth and are respected."

Adding a James Bond touch, acquirers often test their imaginations by inventing code names for targets to prevent rumors within the company, and leakage without. Bill Kolb, partner with the Boston-based law firm Foley Hoag, tells of an acquisitive client that chose Greek deities as code names. "Some of the gods weren't nice gods," he says, and a few targets wondered if they were being insulted. TD Ameritrade won't discuss codes it has used, but says its technique involves choosing something associated with the target's name or headquarters. "For example, if we are dealing with a company in Louisville we might call it Project Slugger," says a spokesperson.

Two Types of Clean Rooms
Other common arrangements to keep proprietary information from being prematurely revealed include the use of third parties to hold information as negotiations advance, and the creation of restricted-access data rooms, often called clean rooms. In recent years, electronic "virtual" clean rooms, which provide online access to multiple suitors simultaneously via secure Websites, now often complement or supplant actual physical data rooms.

"Virtual data rooms are exploding in popularity," says Kolb. Executives who have used electronic clean rooms note that they can reduce travel-related costs and shorten the time needed for examining tax returns, budgets, and other financial and nonfinancial information.

Still, clean rooms — whether actual or virtual — should not replace face-to-face reviews, says Robert Holthausen, chair of the accounting department at the University of Pennsylvania's Wharton School. "I think these clean rooms are a mixed bag for both buyer and seller," he adds. In providing electronic access, companies setting up virtual clean rooms are allowing companies to retrieve data permanently, "not just look at it." And in general, he says, "anyone who conducted due diligence entirely from a clean room would be out of his or her mind."

Lifeline's Beucler agrees. The acquisition of his company by Philips was greatly accelerated by the use of a virtual clean room, which reduced the need for crossing time zones between his Framingham, Massachusetts, offices and Amsterdam. But while a Website can house important information securely, "nothing can replace the value of actually meeting the executive team and understanding the culture of that company and how they drive value," he says.

While lawsuits and monetary damages may deter the misuse of proprietary information, confidentiality agreements work mainly because employees know that "if they do leak the information, it may cause the deal to collapse," says Foley Hoag's Kolb. Companies, meanwhile, can suffer a reputational penalty because "people will be less likely to deal with you in the first place."

Cyberkinetics Proves Itself
Andara Life Sciences's effort to keep information secret last year was complicated by the layered structure of its private ownership, which included Purdue and Indiana universities and four founding scientists/professors. The company's sale arrangements had to "keep a number of different constituents happy," says Carney. For example, the professors who developed the technology wanted to make certain that after any sale they would have a continuing role in plans the new owner made for the technology.

"Even at the end of the talks, they didn't want to share that [patent information] with us," recalls Cyberkinetics's Iguchi. Cyberkinetics's use of an online clean room was one technique that helped assure Andara that its proprietary information was secure. It also reduced the number of trips that Cyberkinetics people had to make to Indiana. "It is hard to quantify the savings," says Iguchi, but it allowed the physical meetings that were held to be "more efficient and productive."

While the companies had signed nondisclosure agreements, Andara insisted on restricting access to its patent information until after it conducted its own due diligence on Cyberkinetics to assure it was a serious potential partner. That was about three-quarters of the way through the merger talks. The transaction, for $4.6 million in Cyberkinetics stock, closed in February.

"As time goes on and you make the decision that you will go in this direction, it is OK to go ahead and disclose," says Carney. Andara could see that "if you were in their shoes, you would not buy it otherwise."

Uncle Sam's View
The federal government, too, of course, has an interest in ensuring that companies don't share certain information, at least before a merger is approved by regulators. Department of Justice rules prohibiting collusion among rivals bar discussion of such key information as proprietary pricing data, although suitors generally can access a target's basic pricing levels.

Sometimes a middleman can help. Through the acquisition of TD Waterhouse, says TD Ameritrade's MacDonald, he learned that "in the arena of pricing it is difficult to [follow] DoJ rules." To meet the challenges of those rules — especially customer-protection statutes — Ameritrade and TD Waterhouse used a third-party research firm, which embargoed key data and helped the two companies make premerger decisions about how to design the combined company.

The third party, which MacDonald won't name, received sensitive data on pricing and customers from the two companies, then did not share the information with either company until after the deal closed. The third-party arrangement helped TD Waterhouse and Ameritrade prepare pricing revisions once the two combined into one company, he says.

The complications of complying with government guidelines during a merger led to one other development at Ameritrade. To help employees, says MacDonald, "we created a document in layman's terms about what you can and can't do under DoJ rules."

Helen Shaw is a staff writer at CFO.com