Introduction to Information Barriers in Microsoft Teams for Compliance
Ensuring compliance with both data privacy and conflict of interest rules can be challenging. These guidelines often include restrictions on the sharing of information both inside and outside your organisation.
For example, conflict of interest is a key concern when it comes to financial firms. The Australian Securities & Investments Commission (ASIC) has directives related to information sharing. One is a requirement for directors of public companies with material personal interests to be excluded from certain meetings and communications.
Other concerns when it comes to communications between departments include unintended information sharing.
For example, if someone from records department is screen sharing with the sales department and inadvertently shows a confidential client document on their screen.
In an age where online communication and collaboration are a goal, putting targeted communication barriers up can be a challenge. That is, unless you have a tool that can help you do that.
Microsoft Teams & Information Barriers
Microsoft Teams in Office 365 is a popular way for companies to communicate. It enables team chat, voice calls, file sharing, and video conferences. Statistics show that a connected team is more productive and effective.
80% of businesses use team collaboration tools to enhance their business processes.
A great feature in Microsoft Teams when it comes to compliance is called “information barriers.” This feature allows companies to put automatic restrictions on users and groups when it comes to their communication with each other and with guest users.
How Information Barriers in MS Teams Works
The primary driver for the creation of information barriers by Microsoft was U.S. financial regulations put in place by the Financial Industry Regulatory Authority (FINRA). These included similar conflict of interest concerns to those of ASIC.
However, once information barriers was released, multiple other industry uses began emerging. This includes reducing data privacy compliance violations in the health care industry, for legal firms, in education, government, and more.
As an example, a day trader could be prevented from calling someone in your marketing department through Teams. An R&D team could be barred from screen sharing with anyone outside their group.
Anytime you need to control how information is shared between one group in your company and another through the Teams interface, information barriers can come into play.
Here are the basics of what information barriers does.
Information barriers allows Office 365 administrators to set policies for how users communicate. These policies can include restrictions on activities such as:
- Being able to search and find another user in Teams
- Ability to add a member to a team
- Starting a chat session with a user or group
- Inviting a person to join a meeting
- Sharing your screen
- Placing a VoIP voice call
- Accessing connected SharePoint sites for a team
These polices can be put in place for individuals, groups, and guest users.
What Happens When Groups/Individuals are Blocked?
If you’ve put an information barrier policy in place to restrict two groups, say the R&D group and the sales group, here are some of the ways it impacts their Teams experience.
- They won’t be able to see members of the other group in the People tab
- They won’t see blocked users in the People Picker
- None of the blocked users’ posts will appear in the Activity tab
- On the org chart, blocked users will appear as an error message
- Blocked users will be visible on chat/call contact lists, but can only be deleted
- Past conversations, prior to being blocked, will still be visible
How Do SharePoint Sites Work?
When a team is created in Microsoft Teams, a SharePoint site for their files is also provisioned. This site is specifically associated with that team.
If you’ve set up information barriers to prevent that team from connecting with another group or individual, that restriction is also carried over to the SharePoint site. So, blocked users can’t access the team site files.
How to Use Information Barriers
To access information barriers for Teams, you need to have the appropriate subscription and role.
Information barriers is included with:
- Office 365 E5
- Microsoft 365 E5
- Office 365 Advanced Compliance
- Microsoft 365 E5 Information Protection and Compliance
To have the ability to edit or define information barriers policies, you need to be one of the following:
- Office 365 or Microsoft 365 global administrator
- Compliance administrator
- IB Compliance Manager (a new role)
This how-to article offers information on how to define information barrier policies.
Examples of How to Use Information Barriers
There are a number of reasons to implement communication barriers to improve your compliance with a variety of rules and regulations.
Here are a few examples:
- Require team members to use a guest account when video conferencing with those outside your organisation. You could then put barriers up on guest user accounts that don’t allow them to access everyone in your organisation.
- Restrict your accounting team from using screen sharing with anyone outside their group to prevent confidential financial information from being disclosed.
- Only allow phone or video calls between your patient records department and other groups to prevent inadvertent sharing through chat of confidential patient information.
Get Help with Customised Cloud Solutions
Office 365 is a powerful platform, and even more so when you implement customisations like information barriers. Working with GKM2 can help you get the most out of your cloud solutions.
Contact us today for a free consultation. Call +61 2 9161 7171 or reach out online.