The Headline on 12 June 2020 was that the UK economy shrank by 20.4% over the month of April and by 25% between February and April. Over those three months, some businesses have sadly failed and others have had, almost overnight, to adapt to an entirely new way of working. When the threat of the virus is gone and the lockdown is lifted, we will not return to how we were before: customer bases and supply chains will have to be rebuilt and home working will increase. But whilst ways of working may change, the legal and regulatory environment in which businesses operate will not and the authorities’ long term priorities have not changed. What will that mean for internal investigations?
However they are run, they will need to cover the same three key areas: gathering in documents; learning what witnesses have to say; and ensuring that the investigation is carried out in such a way as to place the company in the best possible position with the authorities.
The document-gathering exercise remains the essential first step to any credible investigation. The gold standard for the authorities is an exercise which is prompt, covert, co-ordinated and simultaneous. At the same time, they will expect rolling data destruction processes to be stopped. Hard copies tend to be office-based and, at present, may be difficult to access. Where they are temporarily beyond reach, companies will need to ensure they are held securely until they can safely be processed: seized, scanned and uploaded onto a document review platform.
Soft copy data present different practical issues. Most are backed up onto a server from which they can be accessed. The rest will be stored locally, on company laptops or other storage devices, to which digital forensic professionals will need access. That may not be a problem where all the company’s employees are office-based but this is not what is happening now and, once the pandemic has passed, we can expect more home working. Quite how to access this data (and any hard copy the employees may have at home) is a matter of judgement depending on the facts of the case: do investigators need to require the immediate handing-over of the data or can they rely on the employee to simply send it to them? In such cases, remote access software is part of the solution. In the longer term, companies will no doubt have to update their data handling and security policies to accommodate a greater degree of home working, and to ensure control over their data is maintained.
Once the data has been retrieved, it will need to be prepared for review. This is an act of data processing and, if personal data is involved, the legal requirements for processing such data apply. Particular care needs to be given to cases where personal data is transmitted from one country to another. Blocking statutes also need to be identified and complied with.
We then come to the review process. Before the pandemic, reviewers would typically work in the same office environment where informal communication was easy and a consistent approach to the review exercise could be achieved through dialogue. The pandemic has shown that, with a robust review platform, this work can be done remotely. That work will only be effective if it is properly co-ordinated and each reviewer has a clear understanding of the review’s parameters. In practical terms this places an increased emphasis on the clarity and level of detail provided in the written instructions prepared for reviewers and on properly-structured remote team meetings.
Companies will need to take an early decision about their witness strategy, particularly where the matter they are investigating has the potential to interest the law enforcement authorities, or indeed the civil courts, in more than one jurisdiction. In such cases they need to manage conflicting expectations from prosecutors about how to deal with witnesses and, if and when they do speak to them, the consequences for the company of different approaches to privilege in the various countries in which they may face legal action. Indeed, for a range of reasons it can be sensible not to speak to witnesses, or to keep such interviews to a minimum.
But where witnesses are to be spoken to, practices will inevitably change. Whilst for some witnesses, typically those at the heart of the investigation, there will always be a preference for a live interview, for others there may be an increasing move towards the use of video communications platforms. They are efficient and so help keep costs under control. Interestingly, only some UK law enforcement bodies have been prepared to use them during the pandemic-induced lockdown, whilst others have deferred any witness of suspect interviews for the time being.
Where remote interviews are conducted, it is important that proper controls are put in place. Witnesses need to be in an environment where no-one can listen in so as not to compromise the investigation’s security and, with it, the company’s data protection duties and privilege rights. Security is also an issue when it comes to providing witnesses with any pre-interview disclosure: remote-access and password-protected platforms can be used for this. Rules or best practice of non-contamination of witnesses knowledge remain whatever the forum. Where a witness is legally represented, confidential access to that representation will need to be factored in. Irrespective of how the interview is conducted, it is important that the investigator retains control of how a record is made of the witness’ account: witnesses should not be pressing the record button.
Finally, all the active enforcement authorities have made clear that they would expect any company that seeks credit for co-operation to engage with them early and in constructive way. A large part of that engagement consist of a dialogue on the steps they are taking and why. As the way we work changes, there is all the more reason to ensure that that dialogue is maintained.
Caroline Day, Partner, Criminal Litigation, +44 (0)20 7814 1278 – firstname.lastname@example.org