Meeting Security & Compliance Requirements in Workstream Collaboration Platforms
In certain industry verticals, law mandates regulation in communication between two departments or user groups. Let’s consider following requirements for a moment;
- A broker in financial firm must not recommend clients to buy shares of a company whose IPO is managed by his or her colleague from the investment banking department. This results into an illegal form of insider trading
- Similarly, in a news and broadcasting company an advertisement professional must not influence journalism.
- There is a strict guideline on how transmission of health-related data of a patient should happen in health industry.
- CXOs don’t want to share their presence details with certain group of employees.
- Your internal IT wants to disable video conferencing during certain time window as a townhall is planned by the CEO.
Quite evident that the requirement to regulate communication between departments or user groups is common across above scenarios. Commonly used term to regulate such information sharing is called either an Ethical Wall or a Chinese Wall. It is achieved through a comprehensive policy; HR, Finance, Technology etc. This article talks about a very specific subset of that policy to design and implement such information barrier or ethical wall in unified communications infrastructure. Goal of a unified communication platform is to enable efficient communication across an organization but it needs to be compliant too so that it is not abused by insiders (or outsiders).
Information barrier can be configured at multiple levels;
A) Content: Mask certain text (profanity or keywords) or digits (for example, Credit cards).
B) Session: For example, audio could be allowed while chat would be blocked.
C) Presence: Block presence between two groups or departments.
D) Policy Disclaimer: Share disclaimer when a session is established.
E) Archival: Archive the content (messages and files) for future reference.
You can apply above blockades at domain, department of any two user groups, internal to internal or internal to external.
A traditional way of dealing with ethical compliance is to archive the communication content and use a search algorithm to find out if any compliance has been broken by an end user. Disadvantage of this reactive method is that a rule would have been already broken by the time the organization finds about it. For example, a search on archived data reveals that patient details were shared by an end user against the compliance policy.
Compare this with a proactive approach where an information barrier is already designed and implemented to block such communication. Thus, saving the organization and individual(s) from backlash and penalty. A proactive and preventive implementation of such ethical walls would be a paradigm shift in terms of meeting compliance beforehand rather than repenting after an issue has already occurred.
Today’s communication infrastructure is empowered by team collaboration apps. These platforms have pretty rich eco system to let enterprises develop and implement intelligent bots. These bots can be further empowered by powerful NLP platforms like LUIS, Dialog Flow or Watson for an interactive experience of an end user. The ecosystem can be leveraged to feed regulation practices and train bots to take preventive actions proactively. These bots can be trained to warn and educate end users too.
As the experts say that there is a need of ethics in AI. What about an ethical wall empowered by AI? :) Various use cases are being envisioned to help institutions meet their ethical wall requirements proactively. For example, an intelligent bot warning a banker to not transact banking details over a chat or call. The bot could draft a training schedule for a banker if frequent effort against regulations detected. Similarly, A bot could be trained to find out if any violation is intentional or unintentional based on user behaviour.
Workstream Collaboration platforms like Microsoft Teams, WebEx Teams, Slack & Workplace by Facebook support archiving and retention of content (messages and files) natively. Very few of them for example allow you to configure information barrier to allow proactive blockade of unwanted content natively. However, all of the major ones offer APIs for enterprises or third parties to configure granular level of content control to enforce ethical wall effectively.
Microsoft Teams is the only such platform which allows enterprises to let a team be prevented from communicating or sharing data with a specific other team or a team be prevented to not communicate or share data with anyone outside of the team at more granular level natively. Although, I doubt if it is still enough to meet regulatory requirements.
In a nutshell, there are multiple third-party solutions to help enterprises meet regulatory requirements. These third parties offer further customization to meet requirements of an enterprise. Decision makers within IT or business must understand the applicable laws while evaluating these solutions. As they say, the Chinese Wall don’t get build in one day. A consistent and patient effort required from IT to ensure that it’s built and maintained comprehensively to support the organization’s endeavour of maintaining regulatory laws.