Workplace Investigations

When the employer becomes aware of possible misconduct, the employer must commence an investigation immediately, in practice within about two weeks. The information may come to the employer's knowledge via, for example, the employer's own observations, from the complainant or their colleagues or an employee representative.

Typical triggers for a workplace investigation may be internal hints (eg, from employees), internal audits, compliance or the legal department. However, investigations by the public prosecutor or other authorities can also lead to a workplace investigation.

There are no strict guidelines for the course of the investigation. The measures to be taken and the sequence in which they will be carried out to clarify the facts must be decided on a case-by-case basis. However, the first step should be to secure evidence. All relevant documents and records (eg, e-mails, hard disks, text messages, data carriers, copies) should be collected and employees may be interviewed. The second step should be to evaluate the evidence and the third step is to decide how to deal with the results (eg, whether any disciplinary measures should be taken or the intended procedures should be adjusted).

Irrespective of how a workplace investigation is commenced, when it comes to severe breaches of duty by an employee, a two-week exclusion period for issuing a termination for cause must be observed at all stages. This two-week period starts when the employer becomes aware of the relevant facts but is suspended as long as the employer is still investigating and collecting information, provided that the investigation is carried out swiftly.

Internal investigations are usually initiated after reports about possible violations of the employer's code of conduct, applicable laws or regulations have been submitted by employees to their superiors, the human resources department or designated internal reporting systems such as hotlines (including whistleblowing hotlines).

For an internal investigation to be initiated, there must be a reasonable suspicion (grounds).[1] If no such grounds exist, the employer must ask the informant for further or more specific information. If no grounds for reasonable suspicion exists, the case must be closed. If grounds for reasonable suspicion exist, the appropriate investigative steps can be initiated by a formal investigation request from the company management.[2]

Generally, the basic principles set out by the GDPR and the Finnish Data Protection Act apply to data processing in connection with investigations, including evidence gathering: there must be a legal basis for processing, personal data may only be processed and stored when and for as long as necessary considering the purposes of processing, etc.

Additionally, if physical evidence concerns the electronic communications (such as emails and online chats) of an employee, gathering evidence is subject to certain restrictions based on Finnish ePrivacy and employee privacy laws. As a general rule, an employee’s electronic communications accounts, including those provided by the employer for work purposes, may not be accessed and electronic communications may not be searched or reviewed by the employer. In practice, the employer may access such electronic correspondence only in limited situations stipulated in the Act on Protection of Privacy in Working Life (759/2004), or by obtaining case-specific consent from the employee, which is typically not possible in internal investigations, particularly concerning the employee suspected of wrongdoing.

However, monitoring data flow strictly between the employee and the employer's information systems (eg, the employee saving data to USB sticks, using printers) is allowed under Finnish legislation, provided that employee emails, chats, etc, are not accessed and monitored. If documentation is unrelated to electronic communications, it also may be reviewed by the employer. Laptops, paper archives and other similar company documentation considered "physical evidence" may be investigated while gathering evidence on the condition that any private documentation, communications, pictures or other content of an employee are not accessed.

When collecting data (in physical or digital form), the employer must ensure compliance with the data protection principles according to the General Data Protection Regulation (DSGVO) and the German Data Protection Act (BDSG). These principles include, among other things, that data collection must be carried out lawfully (principle of legality) and transparently (transparency principle) and must be comprehensively documented – specifically concerning the purpose of the workplace investigation – to be able to prove compliance with data protection.

The principle of legality states that data may only be collected on a legal basis (ie, there must either be a law authorising this or the employee must have consented to the collection of his data).

The transparency principle may constitute a special challenge during workplace investigations. Under the transparency principle, the employee must be generally informed about the collection of his data. This includes information on who processes the data, the purposes for which it is processed and whether the data is made available to third parties. However, there may be a risk of collusion, particularly when electronic data has to be reviewed, and thus the success of the investigation may be jeopardised if the relevant employee is comprehensively informed in advance. Accordingly, the employer should check, with the assistance of the data protection officer, whether the obligation to provide information may be dispensed with. This may be the case if providing the information would impair the assertion, exercise or defence of legal claims and the interests of the employer in not providing the information outweigh the interests of the employee. The respective circumstances and employer's considerations should be well documented in each case.

Regardless of whether the employee is informed about the investigation, to prevent data loss, the employee should be sent a so-called hold notice (ie, a prohibition to delete data). Additionally, to prevent automatic deletion, blocking mechanisms should also be implemented.

When gathering evidence by searching the employee's possessions or files, the employee's privacy rights also need to be observed (see question 8).

The Swiss Federal Act on Data Protection applies to the gathering of evidence, in particular such collection must be lawful, transparent, reasonable and in good faith, and data security must be preserved.[1]

It can be derived from the duty to disclose and hand over benefits received and work produced (article 321b, Swiss Code of Obligations) as they belong to the employer.[2] The employer is, therefore, generally entitled to collect and process data connected with the end product of any work completely by an employee and associated with their business. However, it is prohibited by the Swiss Criminal Code to open a sealed document or consignment to gain knowledge of its contents without being authorised to do so (article 179 et seq, Swiss Criminal Code). Anyone who disseminates or makes use of information of which he or she has obtained knowledge by opening a sealed document or mailing not intended for him or her may become criminally liable (article 179 paragraph 1, Swiss Criminal Code).

It is advisable to state in internal regulations that the workplace might be searched as part of an internal investigation and in compliance with all applicable data protection rules if this is necessary as part of the investigation.