Many financial regulations have to do with protecting information and preventing disclosure to unauthorized parties. While this is generally thought of as controlling disclosure from those outside an organization, it can also include prohibiting data leakage within a company.
For example, the inadvertent sharing of client financial information with the customer support department in a team chat which was supposed to be confidential to the accounting department.
A study of compliance violations found that 53% of data breaches were due to employee error.
In an age when communication is key and is enabled by cloud platforms like Teams in Office 365, oversharing of information causing compliance problems can get complicated. This is especially true for financial firms and accountants in the Treasure Valley area that are entrusted with strict data security.
One mechanism that Microsoft has put into place specifically for compliance is “Information Barriers,” which allows policies that restrict contact within an organization to be enacted.
How Does Information Barriers Work?
Let’s start with how Microsoft Teams works, because that is going to help clarify exactly what information barriers can do to help with data handling security.
Microsoft Teams enables team communications in several ways:
- Real-time chat
- File sharing
- Audio calls
- Video conferences
If no restrictions are added, everyone in your organization can typically communicate with everyone else through the Teams platform as well as any guest users you’ve added (i.e. clients or vendors).
In certain instances, this communication capability can cause problems with compliance with data privacy and conflict of interest rules, especially when it comes to the Financial Industry Regulatory Authority (FINRA).
For example, FINRA 2241 Debt Research Regulatory Notice 15-31 sets standards for prohibited communications between debt research analysts and principal trading and sales and trading personnel in the same firm. The goal is to prevent a conflict of interest that may harm a financial client’s best interest.
What information barriers does is put restrictions in place in Microsoft Teams so certain individuals or groups can’t freely connect through the platform.
What Information Barriers Can Be Used For
You may ask, “Why do I need to keep people within my organization from connecting on Teams?”
Here’s one scenario:
Your auditing department is working on a customer’s accounting files and is invited into a group video meeting by the marketing department to ask input on a number they’re using in a sales presentation.
Without thinking much about it, the auditing professional connects and through the course of the video conference, they share their screen to show marketing a graph they can use. But they inadvertently also display the client’s confidential record on their screen that they had been working on.
In this particular case, a restriction on screensharing between the audit and marketing departments would’ve kept that inadvertent data privacy compliance issue from happening.
Here are some examples that Microsoft gives on other areas/industries where information barriers can be helpful:
- Maintaining confidentiality of data held by one lawyer of a firm from being accessed by another lawyer at the same firm with a conflicting client interest.
- Keeping a student at one school from looking up contact details for students of other schools.
- Only allowing a group chat to be done with a client through a guest access feature.
Restrictions You Can Add with Information Barriers
Information barriers can be used to restrict several different types of communication activities in Microsoft Teams.
Here are the types of activities you can restrict for users and groups:
- Ability to search for another user
- Adding a member to a team
- Starting a chat session with another user
- Starting a group chat
- Inviting someone to a meeting
- Sharing a screen
- Placing a call
How Information Barriers are Triggered
Once you have information barriers set up and attached to a user, group, or guest user, they’ll trigger when certain activities are initiated. These include:
- When a new member is added to a team
- When a chat is requested
- When a user is invited to join a meeting
- When screensharing is activated
- When a user tries to call via VoIP in Teams
SharePoint Sites Integration
When a new team is created in MS Teams, a SharePoint site is provisioned for files associated with that team.
If you have a restriction on your R&D team from communicating with your Sales team through information barriers, then neither will be able to access each other’s SharePoint site.
What License Do I Need to Use Information Barriers?
To access information barriers for your account, you need to have one of the following Microsoft subscriptions:
- Office 365 E5
- Microsoft 365 E5
- Office 365 Advanced Compliance
- Microsoft 365 E5 Information Protection and Compliance
Do You Have the Compliance Tools in Place That You Need?
Data privacy compliance can either be burdensome or fluid, depending upon the tools you have in place to automate the process. Connect2Geek can help you with PCI, HIPAA, FINRA, and other compliance needs, taking the burden off your shoulders.
Schedule a free compliance consultation today! Call 208-468-4323 or reach out online.