Compliance with data privacy rules and financial regulations can be tricky for companies in an age of collaboration and information sharing. Some information needs to be kept siloed and isn’t meant for sharing companywide.
For example, in a public New Jersey company, you may not want your research and development team sharing information with your sales team because that information has to go through several steps, approvals, and a PR announcement before being made public.
While there are a number of data security strategies that can help protect data from being accessed by unauthorized parties outside your organization, what happens if you have to keep departments within your organization from sharing information?
In the financial industry, conflicts of interest are reviewed by the Financial Industry Regulatory Authority (FINRA) and can result in penalties if conflicts occur. This was one of the main reasons that Microsoft implemented Information Barriers in Office 365 to help restrict internal information sharing.
In 2018, FINRA levied $61 million in fines and suspended 23 firms due to various rules violations.
For example, FINRA Rule 2242(b)(1) requires members to maintain and enforce written policies related to identifying and managing conflicts of interest when it comes to debt research reports. Rule 2242(b)(2)(A) and (B) states that organizational policies and procedures should prohibit review, clearance or approval of debt research by those involved in investment banking, sales, and trading.
Preventing conflicts of interest can be made easier by digital tools that restrict communications automatically, rather than having to rely on humans to police themselves.
We’ll discuss how Information Barriers helps automate the process of keeping information siloed and protected.
How Does Information Barriers Work?
Information Barriers are policies in Office 365 that can be configured to stop individuals or groups from communicating with each other. It puts up barriers to their normal lines of communication, which can be through team chat or calling within Microsoft Teams.
The policies make it impossible for those groups or individuals identified in the configuration to chat or call each other through the software, which helps stop inadvertent communication of information that should not be shared.
Currently, Information Barriers is available in the Microsoft Teams platform, and is in private preview for SharePoint.
Information barriers can be set up both when a team or individual should not share information with anyone outside their group or when teams or individuals should not share information with another specific team or individual.
Where are Policies Applied?
Informational Barrier policies are set up and managed in the Office 365 Security & Compliance Center. Scoped directory search must be enabled in Microsoft Teams first, then administrators should wait 24 hours before setting up their Information Barriers policies.
How Information Barriers Blocks Communication
Once the Information Barriers policies are assigned, when certain activities are initiated in Teams, the system checks those policies before allowing the activity. Information Barriers works both with standard Microsoft Teams members and guest users.
The types of activities that can be prevented by Information Barriers include:
- User search
- Adding a team member
- Beginning an online chat session
- Beginning a group chat session
- Inviting someone to join a Teams meeting
- Screensharing
- Placing a VoIP call over Teams
What is the User Experience Like?
Information Barriers can go into effect immediately once the policy is put into place. So, if someone were in a group chat with a group with whom communication had just been blocked, the system would drop them from that chat and not allow them back in.
Users that are blocked to another user won’t show up on the People tab, People Picker, or Activity tab in Teams.
When accessing organizational charts, instead of seeing a blocked user’s name, an error message will appear. If a user is in a chat and then subsequently blocked, an error message will appear instead of their People card.
For chat and calls contacts, a user will still see a blocked user on the contacts list, but when they click on them, the only action they can take is to delete them. Past chats with the user are still available for viewing.
Upcoming SharePoint Expansion
As mentioned above, the expansion of Information Barriers into SharePoint is currently in private preview. This feature is expected to be rolled out to all users sometime in 2020.
What this will do is also allow file access in SharePoint sites to be restricted per the Information Barrier policies, so that users can only share files with approved teams or individuals.
Licenses Needed
The Information Barriers feature is available in the following subscriptions:
- Office 365 E5
- Office 365 Advanced Compliance
- Microsoft 365 E5
- Microsoft 365 E5 Information Protection and Compliance
Get the Help You Need with Data Privacy & Financial Compliance
Compliance penalties can be both monetary and result in suspensions. Don’t leave your compliance to chance, Technology Visionaries can help you with the data and people security tools you need to make compliance as automated as possible.
Schedule a free compliance consultation today by calling us at 732-587-5960 or using our contact form.
