Workplace Investigations

It may be difficult for a company to search and collect physical items that personally belong to the employee.

While the company may search and gather electronic data, such as emails or files stored in work laptops or company servers, there are requirements and restrictions under the Criminal Code, the Personal Information Protection Act (PIPA), and the Act on Promotion of Information and Communications Network Utilisation and Information Protection, etc (Network Act), among other laws. 

Article 316(2) of the Criminal Code states that accessing the contents of another person’s documents, pictures, special media records, etc, that are sealed or designated as secret using technical means may constitute the crime of accessing electronic records.

Under the PIPA, consent must be obtained from the information owner to collect or use personal information, or to provide such information to a third party. Consent must be separately obtained for sensitive information or unique identification information. There are strict requirements as to the format and contents of the consent forms under the PIPA.

The Network Act prohibits accessing an information and communications network without rightful authority or any intrusion that goes beyond the permitted authority for access. Although this may not be an issue if a company directly manages the email accounts at issue, if an employee’s email account is protected by a password or through other means, accessing emails from that account without obtaining the employee’s consent could constitute unlawful intrusion under the Network Act as well as under the Criminal Code as discussed above.

The Swiss Federal Act on Data Protection applies to the gathering of evidence, in particular such collection must be lawful, transparent, reasonable and in good faith, and data security must be preserved.[1]

It can be derived from the duty to disclose and hand over benefits received and work produced (article 321b, Swiss Code of Obligations) as they belong to the employer.[2] The employer is, therefore, generally entitled to collect and process data connected with the end product of any work completely by an employee and associated with their business. However, it is prohibited by the Swiss Criminal Code to open a sealed document or consignment to gain knowledge of its contents without being authorised to do so (article 179 et seq, Swiss Criminal Code). Anyone who disseminates or makes use of information of which he or she has obtained knowledge by opening a sealed document or mailing not intended for him or her may become criminally liable (article 179 paragraph 1, Swiss Criminal Code).

It is advisable to state in internal regulations that the workplace might be searched as part of an internal investigation and in compliance with all applicable data protection rules if this is necessary as part of the investigation.

Documents and instruments that set out a company’s policies (eg, employee handbooks, code of conduct or other written guidelines) often contain provisions regarding employee data and document collection, workplace searches, communication monitoring, privacy, and confidentiality. As discussed below, state and federal constitutional, statutory and common law – and in some cases foreign data privacy regimes – may provide additional protections to protect employees from an unwarranted or unreasonable invasion of privacy during an internal investigation.

There is no obligation to stay the workplace investigation while the parallel criminal or regulatory investigation is being conducted. In practice, companies often proceed with, or even accelerate, the workplace investigation to find out the facts and defend themselves against the parallel criminal or regulatory investigation being conducted. The company should be careful not to engage in activities that may raise suspicions as to whether the company is impeding the government investigation or concealing or destroying evidence.

While the investigation report would typically not be privileged, the company may consider explaining to the authorities that the investigation findings are not conclusive, should the police or regulator request the internal investigation report.

The actions of the employer may carry through to a subsequent state proceeding. First and foremost, any prohibitions on the use of evidence must be considered. Whereas in civil proceedings the interest in establishing the truth must merely prevail for exploitation (article 152 paragraph 2, Swiss Civil Procedure Code), in criminal proceedings, depending on the nature of the unlawful act, there is a risk that the evidence may not be used (see question 27 and article 140 et seq, Swiss Civil Procedure Code).

Employers have obligations to conduct a thorough and unbiased internal investigation and take prompt remedial action to prevent further workplace violations. As such, absent a criminal or regulatory investigation where the investigators ask the employer to pause an internal investigation, employers should be prepared to continue their internal investigation in parallel with the criminal or regulatory investigation while cooperating with police or regulatory investigators.

The police and the regulator can often compel the employer to share certain information gathered from its internal investigation. In some cases, the employer should analyse whether the non-disclosure of information evidencing criminal conduct within the company itself constitutes an independent crime or whether an applicable statute or regulation imposes an independent duty to disclose. Alternatively, the employer should consider whether, even absent an affirmative duty to disclose, disclosure of information gathered during an internal investigation may still benefit the employer.