Workplace Investigations

While there are no specific laws that regulate a workplace investigation, there are several laws that companies should consider when conducting a workplace investigation concerning alleged employee misconduct.

One key example is the Whistleblower Protection Act (WPA). The WPA provides legal protection to a whistleblower if their allegations are raised in good faith and are in the public interest as specified under the WPA. If the WPA applies, certain obligations apply to the company, including but not limited to the following:

• the obligation to protect the confidentiality of the whistleblower’s identity;
• protecting the whistleblower if the whistleblower suffers or is likely to suffer serious harm to life or health as a result of whistleblowing and the whistleblower requests protection; and
• refraining from taking retaliatory action on the whistleblower.

Therefore, if an employee raises allegations of another employee’s misconduct, the company should review whether the allegations fall under the WPA.

There are also special laws that impose obligations on the company if there are certain types of allegations (eg, sexual harassment, workplace harassment).

In addition, when collecting and reviewing employees’ electronic data, such as emails or files stored in work laptops or company servers, which may contain personal information, the company should comply with data privacy laws discussed in more detail in questions 7 and 8.

Companies may also have internal policies (eg, whistleblower protection policies, Code of Conduct) that may apply to workplace investigations, aside from the requirements under Korean law.

Workplace investigations in Sweden are governed by several rules and regulations. Listed below are the central legislation and regulations that govern a workplace investigation related to alleged employee misconduct.

• The Swedish Discrimination Act (2008:567).
• The Swedish Work Environment Act (1977:1160), which is complemented by the Swedish Work Environment Authority’s other statutes.[1]
• The Swedish Whistleblowing Act (2021:890).

If a workplace investigation has been initiated after the receipt of a report filed through a reporting channel established under the Swedish Whistleblowing Act, that law applies provided that the report has been filed by a person who may report under the Act and provided that the subject of the report falls under the material scope of the Act. The Swedish Whistleblowing Act implements Directive (EU) 2019/1937 on the protection of persons who report breaches of Union law and has been given a wide material scope in Sweden. The Swedish Whistleblowing Act may apply if the reported irregularity concerns breaches of certain EU laws or if the reported irregularity is of public interest.

In addition to the regulations mentioned above, certain data protection legislation may affect workplace investigations by restricting what personal data may be processed. Such data protection legislation includes the following:

• Regulation (EU) 2016/679 on the protection of natural persons concerning the processing of personal data and the free movement of such data (the GDPR);
• the Swedish Supplementary Data Protection Act (2018:218);
• the Swedish Supplementary Data Protection Regulation (2018:219);

• Regulation DIFS:2018:2 on the processing of personal data relating to criminal convictions or offences. This regulation governs the processing of personal data relating to criminal convictions or suspected criminal offences in internal workplace investigations that are not governed by the Swedish Whistleblowing Act.[2]

The above-mentioned legislation and regulations may overlap in many aspects and it is therefore important before starting an investigation, as well as during an investigation, to assess which rules and regulations apply to the situation at hand. Another aspect of this is that many issues that can arise during an investigation are not regulated by law or other legislation. If the investigation is a non-whistleblowing investigation there are limited rules on exactly how and by whom the investigation should be carried out.

A Swedish law firm that undertakes a workplace investigation also has to adhere to the Swedish Bar Association’s Code of Conduct. The Code of Conduct includes additional considerations, mainly ethical, which will not be addressed in this submission. Furthermore, this submission will not focus on investigations following an employee’s possible misappropriation of proprietary information or breach of the Swedish Trade Secrets Act (2018:558). Investigations into such irregularities are often conducted to gather evidence and these investigations include the same or similar investigative measures used in other investigations, such as interviews with employees and IT-forensic searches, but also infringement investigations carried out by the authorities or other measures by the police.

There is no specific legal regulation for internal investigations in Switzerland. The legal framework is derived from general rules such as the employer's duty of care, the employee's duty of loyalty and the employee's data protection rights. Depending on the context of the investigation, additional legal provisions may apply; for instance, additional provisions of the Swiss Federal Act on Data Protection or the Swiss Criminal Code.

No law recognises the common law concept of “attorney-client privilege” in Korea. However, communication with an attorney is protected to some extent under certain laws, such as the Constitution, the Attorney Act, the Criminal Procedure Act, and the Civil Procedure Act. This protection is based on the attorney’s confidentiality obligation, which prohibits an attorney from divulging confidential matters acquired in the course of representing clients, unless otherwise prescribed by law. This confidentiality obligation generally allows an attorney to refuse to testify or comply with document production orders for information or materials the attorney obtained in the course of his or her duties that relate to the confidential information of clients.

In addition, there could be instances where materials from an investigation conducted in Korea may become subject to discovery outside of Korea. It is, therefore, important to ensure investigation materials are privileged under the relevant non-Korean laws in the jurisdictions where attorney-client privilege is recognised (eg, the US).

Attorney-client privilege will apply to all communication and investigative material between a client and its law firm. Attorney-client privilege is, however, not without limitations. Regarding investigations into alleged employee misconduct, a law firm may have to report suspected money laundering to the authorities and under certain circumstances disclose information to the financial police.

Written material covered by attorney-client privilege generally may not be seized.

As outlined above, all employees generally have the right to know whether and what personal data is being or has been processed about them (article 8 paragraph 1, Swiss Federal Act on Data Protection; article 328b, Swiss Code of Obligations).

The employer may refuse, restrict or postpone the disclosure or inspection of internal investigation documents if a legal statute so provides, if such action is necessary because of overriding third-party interests (article 9 paragraph 1, Swiss Federal Act on Data Protection) or if the request for information is manifestly unfounded or malicious. Furthermore, a restriction is possible if overriding the self-interests of the responsible company requires such a measure and it also does not disclose the personal data to third parties. The employer or responsible party must justify its decision (article 9 paragraph 5, Swiss Federal Act on Data Protection).[1]

The scope of the disclosure of information must, therefore, be determined by carefully weighing the interests of all parties involved in the internal investigation.