Workplace Investigations
Contributing Editors
Workplace investigations are growing in number, size and complexity. Employers are under greater scrutiny as of the importance of ESG rises. Regulated industries such as finance, healthcare and legal face additional hurdles, but public scrutiny of businesses and how they treat their people across the board has never been higher. Conducting a fair and thorough workplace investigation is therefore critical to the optimal operation, governance and legal exposure of every business.
IEL’s Guide to Workplace Investigations examines key issues that organisations need to consider as they initiate, conduct and conclude investigations in 29 major jurisdictions around the world.
Learn more about the response taken in specific countries or build your own report to compare approaches taken around the world.
Choose countries
Choose questions
Choose the questions you would like answering, or choose all for the full picture.
08. Can the employer search employees’ possessions or files as part of an investigation?
08. Can the employer search employees’ possessions or files as part of an investigation?
Italy
Italy
- at BonelliErede
- at BonelliErede
In light of the legal and case-law principles as outlined above:
- see question 7 regarding employee “physical inspections and inspections on the employee’s belongings”;
- regarding “audiovisual equipment and other instruments from which the possibility of remote control of employees’ activities also arises”, article 4 of the Workers’ Statute provides for:
- the prohibition of the use of audiovisual equipment and instruments of “direct” remote control (ie, whose sole purpose is to verify the manner, quality and quantity of working performance (eg, a camera installed in an office to film employees’ working activities, without any other purpose));
- the possibility of carrying out controls through audiovisual equipment and “indirect” remote instruments (ie, instruments that serve different needs (organisational, production, work safety or company assets’ protection), but which indirectly monitor working activities (eg, a camera installed in a warehouse to prevent theft, but which indirectly monitors the activity of warehouse workers), which may only be installed with a trade union agreement (or National Labour Inspectorate authorisation);
- the possibility of carrying out checks using working tools in the employee’s possession (e.g., PCs, tablets, mobile phones, e-mail), which may be carried out even in the absence of any trade union agreement, provided that the employee is given adequate information on how to use the tools and how checks may be carried out on their use (according to privacy law strictly related to the employment relationship).
Furthermore, based on case law, the employer can carry out so-called defensive controls (ie, actions carried out in the absence of the guarantees provided for in article 4, to protect the company and its assets from any unlawful conduct by employees). These “defensive controls” can be carried out if:
- they are intended to determine unlawful behaviour by the employee (ie, not simply to verify his or her working performance);
- there is a “well-founded suspicion” that an offence has been committed;
- they take place after the conduct complained of has been committed; and
- adequate precautions are nevertheless put in place to guarantee a proper balancing between the need to protect company assets and safeguarding the dignity and privacy of the employee.
Switzerland
Switzerland
- at Bär & Karrer
- at Bär & Karrer
The basic rule is that the employer may not search private data during internal investigations.
If there is a strong suspicion of criminal conduct on the part of the employee and a sufficiently strong justification exists, a search of private data may be justified.[1] The factual connection with the employment relationship is given, for example, in the case of a criminal act committed during working hours or using workplace infrastructure.[2]
[1] Claudia Fritsche, Interne Untersuchungen in der Schweiz: Ein Handbuch für regulierte Finanzinstitute und andere Unternehmen, Zürich/St. Gallen 2013, p. 168.
[2] Claudia Fritsche, Interne Untersuchungen in der Schweiz: Ein Handbuch für regulierte Finanzinstitute und andere Unternehmen, Zürich/St. Gallen 2013, p. 168 et seq.
United States
United States
- at Cravath, Swaine & Moore
- at Cravath, Swaine & Moore
- at Cravath, Swaine & Moore
As there is no unified data protection regime, privacy protections stem from a patchwork of federal and state privacy laws which impose limits on the extent to which an employer can collect information from its employees in connection with an internal investigation. Whether specific conduct violates an employee’s rights is a very fact-specific inquiry requiring the application of relevant state laws and a regulatory regime.
In most circumstances, an employer is free to conduct searches of its workplace and computer systems in the course of investigating potential wrongdoing. Such searches are generally not protected by personal privacy laws because workspaces, computer systems and company-issued electronic devices are often considered company property. Many companies explicitly address this in written corporate policies and employment agreements. Employees who use their own electronic devices for work should be aware that work-related data stored on those devices is generally considered to belong to the employer (as a matter of best practice, employers should generally prohibit or at least advise employees against using personal devices for work and to maintain separate work devices, where possible).
These broad investigatory powers notwithstanding, the ability of an employer to conduct searches in furtherance of an internal investigation is not unlimited. For example, if an employer seeks to obtain or review work-related data from an employee’s personal device, the employer must be careful to exclude any personal data. Certain states also prohibit an employer from requiring an employee to disclose passwords or other credentials to his or her personal email and social networking accounts, but permit an employer to require employees to share the content of personal online accounts as necessary during an interview while investigating employee misconduct.
27. What legal exposure could the employer face for errors during the investigation?
27. What legal exposure could the employer face for errors during the investigation?
Italy
Italy
- at BonelliErede
- at BonelliErede
It depends on the kind of error or breach. For example:
- a breach of privacy laws (eg, acquiring data from working instruments in lack of due requirements) would lead to the application of privacy law sanctions (including monetary fines); and
- breach of provisions regarding “remote” control of employees would lead to criminal sanctions and to the inadmissibility, for disciplinary purposes, of the data collected (and thus potentially to the unlawfulness of a dismissal based on such data).
Furthermore, if the employee has suffered damages as a result of the employer’s errors or breaches (and can specifically prove such damages and their amount), the employer may be held liable in court.
Switzerland
Switzerland
- at Bär & Karrer
- at Bär & Karrer
As there are no specific regulations for internal investigations, the usual legal framework within which the employer must act towards the employee derives from general rules such as the employer's duty of care, the employee's duty of loyalty and the employee's data protection rights.
But, for example, unwarranted surveillance could conceivably result in criminal liability (article 179 et seq, Swiss Criminal Code) for violations of the employee's privacy. Furthermore, errors made by the employer could have an impact on any later criminal proceedings (eg, in the form of prohibitions on the use of evidence).[1]
Evidence obtained unlawfully may only be used in civil proceedings if there is an overriding interest in establishing the truth (article 152 paragraph 2, Swiss Civil Procedure Code). Consequently, in each case, a balance must be struck between the individual’s interest in not using the evidence and in establishing the truth.[2] The question of the admissibility of evidence based on an unlawful invasion of privacy is a sensitive one – admissibility in this case is likely to be accepted only with restraint.[3] Since the parties in civil proceedings do not have any means of coercion at their disposal, it is not necessary, in contrast to criminal proceedings, to examine whether the evidence could also have been obtained by legal means.[4]
Unlawful action by the employer may also have consequences on future criminal proceedings: The prohibitions on exploitation (article 140 et seq, Swiss Criminal Procedure Code) apply a priori only to evidence obtained directly from public authorities. Evidence obtained unlawfully by private persons (ie, the employer) may also be used if it could have been lawfully obtained by the authority and if the interest in establishing the truth outweighs the interest of the individual in not using the evidence.[5] Art. 140 paragraph 1 Swiss Criminal Procure Code remains reserved: Evidence obtained in violation of Art. 140 paragraph 1 Swiss Criminal Procure Code is subject to an absolute ban on the use of evidence (e.g. evidence obtained under the use of torture[6]).[7]
[1] Cf. ATF 139 II 7.
[2] ATF 140 III 6 E. 3
[3] Pascal Grolimund in: Adrian Staehelin/Daniel Staehelin/Pascal Grolimund (editors), Zivilprozessrecht, Zurich/Basel/Geneva 2019, 3rd Edition, §18 N 24a.
[4] Pascal Grolimund in: Adrian Staehelin/Daniel Staehelin/Pascal Grolimund (editors), Zivilprozessrecht, Zurich/Basel/Geneva 2019, 3rd Edition, §18 N 24a.
[5] Decision of the Swiss Federal Court 6B_1241/2016 dated 17. July 2017 consid. 1.2.2; Decision of the Swiss Federal Court 1B_22/2012 dated 11 May 2012 consid. 2.4.4.
[6] Jérôme Benedict/Jean Treccani, CR-CPP Art. 140 N. 5 and Art. 141 N. 3.
[7] Yvan Jeanneret/André Kuhn, Précis de procédure pénale, 2nd Edition, Berne 2018, N 9011.
United States
United States
- at Cravath, Swaine & Moore
- at Cravath, Swaine & Moore
- at Cravath, Swaine & Moore
The subject of the investigation, the complainant, or a government agency investigating the same alleged misconduct could subject the employer to legal exposure. It is, therefore, helpful for a company to prepare a contemporaneous report of the investigation that summarises: the incident or issues investigated, including dates; the parties involved; key factual and credibility findings; employer policies or guidelines and their applicability to the investigation; specific conclusions; the party (or parties) responsible for making the final determination; issues that could not be resolved through the internal investigation; and employer actions taken.
The employer should also maintain a clear record of the steps taken to investigate the alleged misconduct and any findings, as well as all evidence gathered during the investigation, including documents collected and reviewed, any work done to identify systemic issues or patterns of behaviour, and notes from all interviews, which should be limited to the facts gathered, dated and should indicate the duration and location of the interview.