Practical Tips for Startups: Protecting Confidential Information

Vancouver Startup Week

With Vancouver Startup Week 2019 taking place this week, our Technology Transactions Practice Group is sharing a series of articles with tips and strategies for all of Vancouver’s innovators and disrupters who are looking to grow their tech businesses. Stay tuned for exclusive insights on our website, LinkedIn and Twitter

For startups seeking funding, or investors looking to invest in startup companies, one of the key aspects to consider is the state of the company’s intellectual property (“IP”), including their trade secrets or confidential information. Companies that protect their IP (including confidential information) are more attractive investments, given the importance of IP as a key corporate asset. Here are four practical tips for protecting confidential information:

1. Beware of the Standard Form NDA

Startups will often get pressured to sign standard form Non-Disclosure Agreements (“NDAs”) or Confidentiality Agreements. These documents are frequently heavily weighted in favor of the entity that is asking the startup to sign the document – sometimes to the point that they may only protect that entity’s confidential information. Always take the time to review these standard forms to ensure that your confidential information is adequately protected, including restrictions on the other party only being able to use that information for evaluation purposes. Any type of business transaction involving confidential information should be dealt with under a separate agreement, and only once the two parties have decided to work together.

In addition to reviewing these forms carefully, startups should consider having a lawyer prepare their own standard form NDA that protects each party’s confidential information. Along with being wary of standard forms, using forms from the Internet is also never a good idea as those forms will have been developed with specific circumstances in mind and could end up costing dearly if not appropriately revised to suit your unique needs.

2. Signing NDAs and Due Diligence

Standard practice should be to sign NDAs with any party that is receiving the company’s confidential information – this includes founders and employees. While signing an NDA is good practice, it shouldn’t be a replacement for conducting due diligence research and checks on the party to whom the information is being disclosed. The risks for disclosing the information should always be considered first, as enforcing NDAs can be a difficult process.

3. Employee Training and Policies

When it comes to leaks of confidential information, a company’s employees are generally a big risk. This risk typically stems from a lack of training and proper education. It is essential to train employees and contractors on the value of the company’s confidential information as well as the practical aspects of data protection such as strong passwords and safe destruction of documents.

Another important step is developing firm and clear social media policies so that employees and contractors do not disclose confidential company information on social media channels. While this may seem obvious, I have seen a number of situations where employees have disclosed confidential information on their personal social media channels and, when asked about the inappropriate disclosure, they do not even realize that they have done anything wrong. A social media policy should set clear expectations of employees regarding their social media use and the company’s business, with an emphasis on “if ever in doubt, ask.”

4. Data Security

In the early stages, startups may use free cloud storage and email solutions. These channels are often unprotected and run a very real risk of loss of important confidential information, both of the startup and its customers. As part of the growth process, startups should consider encrypted data solutions for storage and email, as soon as possible. Tech startups that intend to market themselves as experts in the tech space should definitely make data security a key part of their business planning.


In summary, confidential information is often a cornerstone of tech businesses. Ensuring that processes and practices are put in place to protect that information, whether through strong data security or watertight NDA’s, should be a key area of focus for any tech startup.