You are correct, this is a problem that is faced quite often. At Bain, it is especially an issue in multi-bidders with private equity clients (i.e. multiple funds considering the acquisition of the same target).
There are several ways companies deal with these issues:
- Teams working for competitors may not be allowed to be in physical proximity: In travel cases in the same city, this might mean that the two teams may have to stay at different hotels, or take different flights. When projects are operated out of the company's home office, it is also not uncommon for one team to have to work out of a rented space and be temporarily have access to their own office removed (I have only seen this in highly sensitive Private equity deals)
- Staffing out of different offices: Related to above, but teams may be staffed out of different offices in order to further limit interactions between the teams
- Monitoring/tracking team emails: I have heard of particularly sensitive situations with clients that demand access to the consulting team's inboxes, and can monitor what gets sent out (especially their own files). If the person was to send any of the client's files, the client would immediately be notified and can see where it has been sent.
- Password protecting all documents: Many clients do this anyways, but this adds an extra layer of security that, even if files accidentally got into the wrong hands, they wouldn't be readable without the password
- Cleaning up all files at the end of a case: At the end of cases we generally have a ~4 week window to sanitise all case related files - including emails, presentations, data, etc. You are only allowed to keep sanitised/non-confidential information on your computer. This is mainly important if the consultancy has working for a competitor of a firm they previously worked with (e.g. if they previously worked with Vodafone and are now working with T-Mobile