Workplace Investigations
Contributing Editors
Workplace investigations are growing in number, size and complexity. Employers are under greater scrutiny as of the importance of ESG rises. Regulated industries such as finance, healthcare and legal face additional hurdles, but public scrutiny of businesses and how they treat their people across the board has never been higher. Conducting a fair and thorough workplace investigation is therefore critical to the optimal operation, governance and legal exposure of every business.
IEL’s Guide to Workplace Investigations examines key issues that organisations need to consider as they initiate, conduct and conclude investigations in 29 major jurisdictions around the world.
Learn more about the response taken in specific countries or build your own report to compare approaches taken around the world.
Choose countries
Choose questions
Choose the questions you would like answering, or choose all for the full picture.
09. What additional considerations apply when the investigation involves whistleblowing?
09. What additional considerations apply when the investigation involves whistleblowing?
China
China
- at Jingtian & Gongcheng
- at Jingtian & Gongcheng
- at Jingtian & Gongcheng
- at Jingtian & Gongcheng
In practice, the following factors to be considered will be: (1) verification of the informant's identity; (2) whether the informant has any conflict of interest with the reported employee or whether it will affect the objectivity of their reporting; (3) how to persuade the informant to provide more information or evidence, or to cooperate in court as a witness; (4) how to increase the admissibility of evidence when the informant refuses to cooperate in court as a witness or fails to provide original evidence; (5) how to improve the evidence chain and protect the informant from being attacked or retaliated by the informant, etc.
Italy
Italy
- at BonelliErede
- at BonelliErede
The regulations on whistleblowing in the private sector were originally outlined in article 6 of Italian Legislative Decree No. 231 of 2001 (as amended by Law No. 179 of 2017), which state that the models of organisation must provide for one or more channels that allow persons in positions of representation, administration and management of the entity (and persons subject to their direction or supervision) to report unlawful conduct according to Italian Legislative Decree No. 231 of 2001 and violations of the entity’s organisational and management rules.
Currently, Italy has implemented Directive (EU) No. 1937 of 2019, which provides for the adoption of new standards of protection for whistleblowers, through the Italian Legislative Decree No. 24 of 2023 (WB Decree)[1].
In line with the Directive, the WB Decree states, inter alia, that[2]:
- an internal whistleblowing reporting channel must be put in place by all private legal entities (and legal entities in the public sector) that have employed, during the previous year, an average of 50 employees or, even below this threshold, operate in certain industries[3] or have adopted an organizational model in accordance with Legislative Decree no. 231 of 2001;
- the WB Decree prescriptions apply to reports concerning breaches of certain national/EU[4] legal provisions (varying depending on features such as the private or public nature of the employer and its dimensions), and not to claims or requests linked to interests of a personal nature of the reporting individuals (pertaining to their individual employment contracts or to relations with their superiors)[5];
- whistleblowers’ reporting may take place through:
- the company’s internal reporting channels and internal reporting procedures (with the possibility – for entities employing up to 249 employees, even if not part of the same group – to share whistleblowing reporting channels); or
- external reporting channels and external reporting procedures established by the member states’ competent authorities (in Italy, ANAC, i.e. the National Anticorruption Authority); or
- in certain circumstances, public disclosure;
- whistleblowing systems must provide:
- a duty of confidentiality regarding the whistleblowers’ identity (which generally may not be disclosed to persons other than those competent to receive or investigate on the reports, except in specific case and with the whistleblower’s consent; see also answer to question 12 below); and
- ways of protecting collected data according to the GDPR, as well as tight deadlines for communication with whistleblowers[6]; and
- an integrated system of protection of whistleblowers against any retaliatory action directly or indirectly linked to their reports or declarations, with a reversal of the burden of proof (meaning the employer must give proof of the non-retaliatory nature of measures adopted vis-à-vis whistleblowers); and
- the procedures to be taken in case of anonymous whistleblowing report.
[1] The provisions of the Decree are binding since July 15, 2023, for larger companies, and as of Dec. 17, 2023, for entities employing an average of from 50 to 249 employees.
[2] This is only a brief and non-exhaustive summary of some of the main provisions under the WB Decree.
[3] In particular, companies that fall within the scope of application of EU acts listed in Annex (part I.B and II) of the WB Decree (for instance, financial services, products and markets; money laundering/terrorism prevention; transportation security; etc.)
[4] Listed in art. 2 and in Annex 1 of the WB Decree (for instance, regarding financial services, products and markets sector) or protecting the EU financial interests or internal market.
[5] Listed in art. 2 and in Annex 1 of the WB Decree (for instance, regarding financial services, products and markets sector) or protecting the EU financial interests or internal market.
[6] In greater detail: (i) a notice acknowledging the receipt of the WB report must be released within seven days; (ii) contacts must be kept with the whistleblower for any additions needed (if the identity is known); and (iii) within three months of the notice of receipt of the report, a follow-up notice must be given to the whistleblower (which may also be non-definitive, with a status update on activities in progress).
Switzerland
Switzerland
- at Bär & Karrer
- at Bär & Karrer
If an employee complains to his or her superiors about grievances or misconduct in the workplace and is subsequently dismissed, this may constitute an unlawful termination (article 336, Swiss Code of Obligations). However, the prerequisite for this is that the employee behaves in good faith, which is not the case if he or she is (partly) responsible for the grievance.
27. What legal exposure could the employer face for errors during the investigation?
27. What legal exposure could the employer face for errors during the investigation?
China
China
- at Jingtian & Gongcheng
- at Jingtian & Gongcheng
- at Jingtian & Gongcheng
- at Jingtian & Gongcheng
It is inevitable that the investigation involves the employee's personal information, and once the investigation is mishandled, the employer may face the following legal risks:
Civil liability: Both the Civil Code of the PRC and the Personal Information Protection Law of the PRC, clearly provide the civil liability for infringement of privacy and illegal processing of personal information. Therefore, the investigated employee or relevant organizations such as the people's procuratorate have the right to claim or file a public interest lawsuit on the employer's improper collection of evidence, requiring the employer to bear the liability for infringement. In addition, the evidence obtained by an employer through infringing the employee's privacy and personal information rights and interests, in violation of the law, cannot be used as the valid evidence for the employer's unilateral termination of the employment contract or requiring the employee to compensate for losses.
Administrative liability: Article 66 of the Personal Information Protection Law of the PRC provides that, where personal information is processed in violation of regulations, administrative penalties imposed by the department performing duties of personal information protection may be up to revoking the business license, and the person directly in charge and other directly liable persons may be fined up to one million yuan and prohibited from practicing within a time limit. Meanwhile, Article 67 of the Personal Information Protection Law of the PRC provides that relevant illegal acts shall be recorded in the employer's credit files and disclosed to the public.
Criminal liability: if an employer illegally sells or provides to others the personal information obtained during the internal investigation, and the circumstance is serious enough, the judicial authority has the right to hold the employer, the managers directly in charge and other directly liable persons criminally liable in accordance with the crime of "infringement of citizens' personal information" under Article 253A of the Criminal Law of the PRC.
It should be noted that a compliance investigation may also involve the employer's communication and investigation reporting with overseas authorities, or overseas institutions' direct access to information from the employer's domestic systems. If the employer conducts cross-border transmission of such personal information, it shall also meet one of the conditions set out in Article 38 of the Personal Information Protection Law of the PRC (i.e. passing the security assessment organized by the national cyberspace administration authority, obtaining certification from a professional institution concerning the protection of personal information or entering into a standard contract with an overseas recipient). Violations of the above provisions may result in civil, administrative and even criminal liability.
Italy
Italy
- at BonelliErede
- at BonelliErede
It depends on the kind of error or breach. For example:
- a breach of privacy laws (eg, acquiring data from working instruments in lack of due requirements) would lead to the application of privacy law sanctions (including monetary fines); and
- breach of provisions regarding “remote” control of employees would lead to criminal sanctions and to the inadmissibility, for disciplinary purposes, of the data collected (and thus potentially to the unlawfulness of a dismissal based on such data).
Furthermore, if the employee has suffered damages as a result of the employer’s errors or breaches (and can specifically prove such damages and their amount), the employer may be held liable in court.
Switzerland
Switzerland
- at Bär & Karrer
- at Bär & Karrer
As there are no specific regulations for internal investigations, the usual legal framework within which the employer must act towards the employee derives from general rules such as the employer's duty of care, the employee's duty of loyalty and the employee's data protection rights.
But, for example, unwarranted surveillance could conceivably result in criminal liability (article 179 et seq, Swiss Criminal Code) for violations of the employee's privacy. Furthermore, errors made by the employer could have an impact on any later criminal proceedings (eg, in the form of prohibitions on the use of evidence).[1]
Evidence obtained unlawfully may only be used in civil proceedings if there is an overriding interest in establishing the truth (article 152 paragraph 2, Swiss Civil Procedure Code). Consequently, in each case, a balance must be struck between the individual’s interest in not using the evidence and in establishing the truth.[2] The question of the admissibility of evidence based on an unlawful invasion of privacy is a sensitive one – admissibility in this case is likely to be accepted only with restraint.[3] Since the parties in civil proceedings do not have any means of coercion at their disposal, it is not necessary, in contrast to criminal proceedings, to examine whether the evidence could also have been obtained by legal means.[4]
Unlawful action by the employer may also have consequences on future criminal proceedings: The prohibitions on exploitation (article 140 et seq, Swiss Criminal Procedure Code) apply a priori only to evidence obtained directly from public authorities. Evidence obtained unlawfully by private persons (ie, the employer) may also be used if it could have been lawfully obtained by the authority and if the interest in establishing the truth outweighs the interest of the individual in not using the evidence.[5] Art. 140 paragraph 1 Swiss Criminal Procure Code remains reserved: Evidence obtained in violation of Art. 140 paragraph 1 Swiss Criminal Procure Code is subject to an absolute ban on the use of evidence (e.g. evidence obtained under the use of torture[6]).[7]
[1] Cf. ATF 139 II 7.
[2] ATF 140 III 6 E. 3
[3] Pascal Grolimund in: Adrian Staehelin/Daniel Staehelin/Pascal Grolimund (editors), Zivilprozessrecht, Zurich/Basel/Geneva 2019, 3rd Edition, §18 N 24a.
[4] Pascal Grolimund in: Adrian Staehelin/Daniel Staehelin/Pascal Grolimund (editors), Zivilprozessrecht, Zurich/Basel/Geneva 2019, 3rd Edition, §18 N 24a.
[5] Decision of the Swiss Federal Court 6B_1241/2016 dated 17. July 2017 consid. 1.2.2; Decision of the Swiss Federal Court 1B_22/2012 dated 11 May 2012 consid. 2.4.4.
[6] Jérôme Benedict/Jean Treccani, CR-CPP Art. 140 N. 5 and Art. 141 N. 3.
[7] Yvan Jeanneret/André Kuhn, Précis de procédure pénale, 2nd Edition, Berne 2018, N 9011.