Workplace Investigations

Contributing Editors


Workplace investigations are growing in number, size and complexity. Employers are under greater scrutiny as of the importance of ESG rises. Regulated industries such as finance, healthcare and legal face additional hurdles, but public scrutiny of businesses and how they treat their people across the board has never been higher. Conducting a fair and thorough workplace investigation is therefore critical to the optimal operation, governance and legal exposure of every business.

IEL’s Guide to Workplace Investigations examines key issues that organisations need to consider as they initiate, conduct and conclude investigations in 29 major jurisdictions around the world.  

Learn more about the response taken in specific countries or build your own report to compare approaches taken around the world.

Choose countries

 

Choose questions

Choose the questions you would like answering, or choose all for the full picture.

07. What data protection or other regulations apply when gathering physical evidence?

07. What data protection or other regulations apply when gathering physical evidence?

Flag / Icon

Austria

  • at GERLACH
  • at GERLACH Rechtsanwälte

All data processing must comply with the principles of article 5 GDPR (lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation and integrity). Personal data may only be collected and processed for specific, lawful purposes.

The admissibility of data processing depends on whether the suspicion relates to a criminal offence or another violation of the law. If the data processing is relevant to criminal law, article 10 GDPR or section 4(3) of the Austrian Data Protection Act (DSG) applies. If the investigations are exclusively to clarify violations under civil or labour law, such as an assertion of claims for damages or if they are general investigations to establish a criminal offence, the permissibility of data processing is based on article 6 or, for data covered by article 9 GDPR, on this provision.

Last updated on 29/09/2023

Flag / Icon

Switzerland

  • at Bär & Karrer
  • at Bär & Karrer

The Swiss Federal Act on Data Protection applies to the gathering of evidence, in particular such collection must be lawful, transparent, reasonable and in good faith, and data security must be preserved.[1]

It can be derived from the duty to disclose and hand over benefits received and work produced (article 321b, Swiss Code of Obligations) as they belong to the employer.[2] The employer is, therefore, generally entitled to collect and process data connected with the end product of any work completely by an employee and associated with their business. However, it is prohibited by the Swiss Criminal Code to open a sealed document or consignment to gain knowledge of its contents without being authorised to do so (article 179 et seq, Swiss Criminal Code). Anyone who disseminates or makes use of information of which he or she has obtained knowledge by opening a sealed document or mailing not intended for him or her may become criminally liable (article 179 paragraph 1, Swiss Criminal Code).

It is advisable to state in internal regulations that the workplace might be searched as part of an internal investigation and in compliance with all applicable data protection rules if this is necessary as part of the investigation.

 

[1] Simona Wantz/Sara Licci, Arbeitsvertragliche Rechte und Pflichten bei internen Untersuchungen, in: Jusletter 18 February 2019, N 52.

[2] Claudia Fritsche, Interne Untersuchungen in der Schweiz, Ein Handbuch für Unternehmen mit besonderem Fokus auf Finanzinstitute, p. 148.

Last updated on 15/09/2022

13. Can non-disclosure agreements (NDAs) be used to keep the fact and substance of an investigation confidential?

13. Can non-disclosure agreements (NDAs) be used to keep the fact and substance of an investigation confidential?

Flag / Icon

Austria

  • at GERLACH
  • at GERLACH Rechtsanwälte

According to section 6(1) of the DSG, employees who have access to personal data in the course of their professional activities must maintain data confidentiality and continue to do so even after termination of their employment.

Non-disclosure agreements can generally be used to achieve this but are subject to certain restrictions. They may not be used to conceal criminal activity, violate the privacy rights of individuals, circumvent legal disclosure obligations, prevent the exercise of legal rights or contain clauses that violate existing laws, in particular data protection regulations.

Last updated on 29/09/2023

Flag / Icon

Switzerland

  • at Bär & Karrer
  • at Bär & Karrer

In addition to the above-mentioned statutory confidentiality obligations, separate non-disclosure agreements can be signed. In an internal investigation, the employee should be expressly instructed to maintain confidentiality.

Last updated on 15/09/2022

26. How long should the outcome of the investigation remain on the employee’s record?

26. How long should the outcome of the investigation remain on the employee’s record?

Flag / Icon

Austria

  • at GERLACH
  • at GERLACH Rechtsanwälte

Data protection law requires that personal data should not be kept longer than necessary for the purpose it was collected. Once the purpose of the internal investigation is fulfilled and the data is no longer needed, it should be deleted or anonymised. Regulations regarding this matter may also be subject to WCAs or internal policies. In any case, it is advisable to keep the results for as long as they may be needed in possible subsequent administrative or judicial proceedings.

Last updated on 29/09/2023

Flag / Icon

Switzerland

  • at Bär & Karrer
  • at Bär & Karrer

From an employment law point of view, there is no statute of limitations on the employee's violations. Based on the specific circumstances (eg, damage incurred, type of violation, basis of trust or the position of the employee), a decision must be made as to the extent to which the outcome should remain on the record.

From a data protection point of view, only data that is in the interest of the employee (eg, to issue a reference letter) may be retained during the employment relationship. In principle, stored data must be deleted after the termination of the employment relationship. Longer retention may be justified if rights are still to be safeguarded or obligations are to be fulfilled in the future (eg, data needed regarding foreseeable legal proceedings, data required to issue a reference letter or data in relation to a non-competition clause).[1]

 

[1] Wolfgang Portmann/Isabelle Wildhaber, Schweizerisches Arbeitsrecht, 4. Edition, Zurich/St. Gallen 2020, N 473.

Last updated on 15/09/2022