‘Information barriers’ refer to the separation between different departments or individuals within an organization. An information barrier is essentially designed to block the exchange of confidential information and prevent conflicts of interest.
This article will explain how information barriers work, why they are needed, and how you can enforce them within your organization.
‘Ethical walls,’ formerly known as ‘Chinese walls’
Previously, information barriers were also referred to as ‘Chinese walls.’ This term was coined in the 1930s after the stock market crash of 1929 resulted in new requirements from the U.S. government to enforce information separation between investment bankers and brokerage firms. The purpose of this was to limit the conflict of interest between objective company analysis and the desire for successful initial public offerings
However, the use of ‘Chinese walls’ is slowly being phased out as part of a broader effort to foster diversity in the financial services sector. Today, they are most commonly referred to as ‘information barriers’, although you will still sometimes see them referred to as ‘ethical walls’, with the terms used interchangeably. In fact, the UK’s Financial Conduct Authority (FCA) ended the use of ‘Chinese walls’ in its communications in 2021.
Why information barriers are needed
Information barriers are designed to protect investors, clients, and other key stakeholders by preventing the leakage of confidential information that might lead to ethical or legal violations.
For some organizations, particularly those within the finance and legal sectors, even receiving the information without legally sufficient information barriers can cause non-compliance with regulations.
In addition to this, breaching information barriers can have a number of further implications for firms:
- Reputational damage. Regulatory non-compliance can lead to negative press coverage and significant reputational damage.
- Increased client churn. Clients may leave the firm if they believe it cannot preserve their confidentiality.
- Financial losses. Regulatory penalties, reputational damage, and the loss of clients will also result in financial losses for the firm. If the firm loses enough clients, it may even be forced to cease operations altogether, resulting in further losses.
How information barriers work
Information barriers are essentially two-way access restrictions that define which sets of users can communicate with each other.
There are many different potential use cases for information barriers. For instance, a financial firm may use an information barrier to prevent insider trading between departments and individuals who are privy to private information that will affect the company’s valuation and employees on the trading floor.
Alternatively, a legal firm may also use information barriers to prevent two lawyers who are representing different clients in a related case from communicating. This can help to make sure that they do not end up discussing confidential information with one another, giving one client an unfair advantage within the case.
To ensure that this sensitive information is not accidentally leaked, firms may restrict collaboration and communication capabilities between internal teams to prevent users from searching or emailing one another, chatting with or calling each other, and accessing files using sharing links.
How to enforce information barriers
Some ways firms can implement information barriers include: physically separating departments, monitoring conversations between employees and clients, splitting up record-keeping systems, and setting up access controls.
Before the COVID-19 pandemic, many firms required employees to be physically present in an office to access files, folders, and other sensitive information. However, the sudden shift to home working and an increased reliance on email for communication has forced firms to rethink how to implement information barriers quickly.
Email is the most common way that data is lost or misdirected and Egress research shows that 86% of email data loss incidents result in disciplinary action against the employee responsible. This is typically a result of accidental sharing, deliberate risky behavior, exfiltration, phishing, or even ‘fat fingers’ – the process of accidentally pressing the wrong thing on a small phone screen.
Many organizations try to circumvent this issue by enforcing information barriers within email using the static, rules-based email data loss prevention (DLP) offered by Microsoft 365 and secure email gateways (SEGs). However, this is unable to scale to meet modern enterprise needs. Instead, organizations should aim to achieve this through intelligent email DLP.
Enforce information barriers with intelligent email DLP
Intelligent email DLP solutions such as Egress Prevent can scan emails to determine whether there is sensitive or identifiable data in the message content. It then interrogates both the recipient and their domain to spot any potential breach or conflict of interest and determine whether they should access this type of information. If a risk is identified, a clear prompt explains the risk so that the user can avoid a potentially costly security risk.