Information barriers block the exchange of confidential information and prevent conflicts of interest between different departments within a firm. They protect investors, clients, and other key stakeholders and help law firms to avoid ethical or legal violations.
This article covers how and why law firms use information barriers to stay compliant and how to enforce them.
Why information barriers are used in law firms
Depending on their size, law firms maintain multiple client relationships. Sometimes, clients within their existing portfolio end up on opposing sides of a lawsuits, requiring representation from the same firm. Similarly, when attorneys leave law firms and move to another firm, many take their clients with them. This can also lead to potential conflicts of interest. For instance, if a lawyer joins a new firm and plans to bring an existing client, a conflict exists if the new firm is handling a litigation matter against the existing client on behalf of another client.
If such a conflict of interest is found, then an information barrier should be enforced to strictly prohibit employees from discussing confidential matters with colleagues on the other side of the information barrier. They also should not be assigned to work with or supervise them. Information barriers can also prevent staff from accessing records related to a particular client or cases involving them.
In addition to enforcing information barriers, maintaining good records and using an effective client intake system are key to managing these conflicts of interest within law firms. If they are not managed correctly, these conflicts of interest could lead to disqualification from representation or malpractice.
‘Information barriers,’ ‘Ethical walls,’ ‘Chinese walls’ - what’s the difference?
Information barriers are sometimes known as ethical walls, and the terms are used interchangeably. However, they were initially known as ‘Chinese walls.’ This term was first popularized in the United States following 1929’s stock market crash when the US government legislated information separation between investment bankers and brokerage firms.
Their purpose was to “limit the conflict of interest between objective company analysis and the desire for successful initial public offerings.”
More recently, use of the term was perpetuated following a journal article published by The University of Pennsylvania Law Review in 1980. However, the term is starting to be phased out as part of a broader effort to foster diversity in the legal sector.
When do law firms need information barriers?
Some scenarios in which law firms may be required to implement information barriers include:
- A single law firm is acting for multiple clients in a related matter. If different lawyers within a firm act on behalf of multiple opposing clients in a related matter, there is a conflict of interest. An information barrier must be built between them to prevent the flow of sensitive information.
- A law firm is acting against a former client. Even after a case has finished, the lawyer involved still has an ongoing duty to keep information confidential. Therefore, they should not be involved in a case where the firm is acting against a former client’s interests.
Enforcing information barriers in these scenarios can help firms to manage risks regarding potential conflicts of interest successfully. However, the existence of an information barrier does not release a lawyer from their overriding duty to ensure the lawful, proper, and efficient administration of justice.
How to enforce information barriers
Email has become one of the most common ways that sensitive data is lost or misdirected, and employees are falling victim to phishing attacks. Many law firms still rely on static data loss prevention (DLP) software to enforce information barriers. However, this is not enough.
Traditional static DLP tools take a yes/no, right/wrong approach to protecting data. They typically work by scanning emails in search of keywords and triggering different actions based on whether these keywords are present. However, one key limitation of static DLP tools is that they cannot understand the relationships and interactions taking place between those sending and receiving the message.
Instead, firms should look to intelligent email DLP to reduce data misdirection resulting from human error, such as a breach of information barriers.
Enforcing information barriers with intelligent DLP
Intelligent email DLP solutions such as Egress Prevent scan emails to determine whether there is sensitive or identifiable data in the message content. It then interrogates both the recipient and their domain to spot any potential breach or conflict of interest and determine whether they should access this type of information. If a risk is identified, a clear prompt explains the risk so that the user can avoid a potentially costly security risk.