Startups frequently have their employees and key contractors, suppliers, and/or partners sign confidentiality agreements to protect the confidential information and trade secrets that the startup may share with those parties. However, courts have consistently held that confidentiality agreements are unenforceable — not really worth the paper they are printed on — when the company seeking the benefit of the agreement has taken no steps to protect their confidential information and trade secrets. The law is clear that a confidentiality agreement itself is not enough to protect confidential information. In order to benefit from a confidentiality agreement, a company must take additional proactive steps to protect the information from disclosure. Such steps must include, at a minimum, ensuring that all persons and entities to whom the information is disclosed are subject to confidentiality or similar agreements themselves, and marking protected information as confidential. Other steps courts have looked for in determining whether a company has actively protected its confidential information include: – Restricting access to confidential information, whether it be locking paper files in a cabinet, or password-protecting/encrypting electronic files – Granting access to confidential information on a need-to-know basis – Monitoring/logging who accesses confidential information The extent to which confidential information must be protected in order to constitute “reasonable steps” depends on the particular facts of the situation. A Fortune 500 company may be expected to have in place more sophisticated encryption and monitoring systems for its confidential information, as compared to a much smaller startup. However, even a small startup will be expected to take some steps to protect its confidential information when it seeks the benefit of a confidentiality agreement. Again, at the very least a startup should make sure that every party which is made privy to confidential information is subject to some sort of confidentiality agreement, and that all documents or information that is confidential is marked as so. Finally, confidential or trade secret documents should be secured behind some sort of password. Some cloud-storage/file-sharing services may even record when a document is viewed and by whom.