Workplace Investigations

Several legal and case-law principles may be relevant depending on the kind of investigation, including the following:

• gathering evidence through employee “physical inspections and inspections on the employee’s belongings”: according to article 6 of the Workers’ Statute, these inspections are generally prohibited. They are permitted only where necessary to protect company assets (in such cases, corporal inspections may be carried out, subject to trade union agreement or National Labour Inspectorate authorisation, provided that, for example, they are carried out outside the workplace, that employees are selected with an automatic selection tool, and that the dignity and confidentiality of employees are protected);
• gathering evidence through “audiovisual equipment and other instruments from which the possibility of remote control of employees’ activities arises”: according to article 4 of the Workers’ Statute, remote systems cannot be directly aimed at controlling employees’ activity, but can only be put in place for organisational, production, work safety or asset-protection needs (which may result in an indirect control over employees’ activity), and may be installed before a trade union agreement or with previous authorisation from the National Labour Inspectorate; however, these rules do not apply to working tools in an employee’s possession (see question 8) and, in any case, employees must be informed of the possibility of remote control;
• gathering physical evidence through so-called defensive controls: according to the most recent case law, “defensive controls” can be defined as investigations carried out by the company where it has a suspicion of unlawful conduct by its employees. These controls can be carried out within certain limits and restrictions provided by case law – even in the absence of the guarantees provided for in article 4 of the Workers’ Statute.

In addition, when gathering physical evidence, there may be other provisions of law not strictly related to employment law that must be followed, for example, regarding privacy regulations (eg, minimisation of the use of personal data, collection of data only for specific purposes, and adoption of safety measures).

The Swiss Federal Act on Data Protection applies to the gathering of evidence, in particular such collection must be lawful, transparent, reasonable and in good faith, and data security must be preserved.[1]

It can be derived from the duty to disclose and hand over benefits received and work produced (article 321b, Swiss Code of Obligations) as they belong to the employer.[2] The employer is, therefore, generally entitled to collect and process data connected with the end product of any work completely by an employee and associated with their business. However, it is prohibited by the Swiss Criminal Code to open a sealed document or consignment to gain knowledge of its contents without being authorised to do so (article 179 et seq, Swiss Criminal Code). Anyone who disseminates or makes use of information of which he or she has obtained knowledge by opening a sealed document or mailing not intended for him or her may become criminally liable (article 179 paragraph 1, Swiss Criminal Code).

It is advisable to state in internal regulations that the workplace might be searched as part of an internal investigation and in compliance with all applicable data protection rules if this is necessary as part of the investigation.

The regulations on whistleblowing in the private sector were originally outlined in article 6 of Italian Legislative Decree No. 231 of 2001 (as amended by Law No. 179 of 2017), which state that the models of organisation must provide for one or more channels that allow persons in positions of representation, administration and management of the entity (and persons subject to their direction or supervision) to report unlawful conduct according to Italian Legislative Decree No. 231 of 2001 and violations of the entity’s organisational and management rules.

Currently, Italy has implemented Directive (EU) No. 1937 of 2019, which provides for the adoption of new standards of protection for whistleblowers, through the Italian Legislative Decree No. 24 of 2023 (WB Decree)[1].

In line with the Directive, the WB Decree states, inter alia, that[2]:

• an internal whistleblowing reporting channel must be put in place by all private legal entities (and legal entities in the public sector) that have employed, during the previous year, an average of 50 employees or, even below this threshold, operate in certain industries[3] or have adopted an organizational model in accordance with Legislative Decree no. 231 of 2001;
• the WB Decree prescriptions apply to reports concerning breaches of certain national/EU[4] legal provisions (varying depending on features such as the private or public nature of the employer and its dimensions), and not to claims or requests linked to interests of a personal nature of the reporting individuals (pertaining to their individual employment contracts or to relations with their superiors)[5];
• whistleblowers’ reporting may take place through:
  • the company’s internal reporting channels and internal reporting procedures (with the possibility – for entities employing up to 249 employees, even if not part of the same group – to share whistleblowing reporting channels); or
  • external reporting channels and external reporting procedures established by the member states’ competent authorities (in Italy, ANAC, i.e. the National Anticorruption Authority); or
  • in certain circumstances, public disclosure;
• whistleblowing systems must provide:
  • a duty of confidentiality regarding the whistleblowers’ identity (which generally may not be disclosed to persons other than those competent to receive or investigate on the reports, except in specific case and with the whistleblower’s consent; see also answer to question 12 below); and
  • ways of protecting collected data according to the GDPR, as well as tight deadlines for communication with whistleblowers[6]; and
  • an integrated system of protection of whistleblowers against any retaliatory action directly or indirectly linked to their reports or declarations, with a reversal of the burden of proof (meaning the employer must give proof of the non-retaliatory nature of measures adopted vis-à-vis whistleblowers); and
  • the procedures to be taken in case of anonymous whistleblowing report.

If an employee complains to his or her superiors about grievances or misconduct in the workplace and is subsequently dismissed, this may constitute an unlawful termination (article 336, Swiss Code of Obligations). However, the prerequisite for this is that the employee behaves in good faith, which is not the case if he or she is (partly) responsible for the grievance.