Have the right policies in place

– Ensure clear, readily accessible, and (where necessary) country-specific policies are in place indicating the permitted uses of company devices and other IT equipment, including messaging services. If you allow employees to use their own devices to perform work, make sure your policies adequately address issues of access in the context of investigations.
Continue Reading Be Prepared: How to Proactively Account for Data Privacy

Many investigations, particularly those that are cross-border in nature, are likely to present data privacy issues, and managing these issues is frequently a key consideration in an investigation.  By keeping data privacy laws in mind as soon as an investigation starts, an organization will avoid the risk that it has failed to satisfy certain requirements, thereby exposing itself to the possibility of a fine or sanction from a regulator.
Continue Reading Incorporating Data Privacy Considerations Into Investigations

When a company receives a request for information from an investigating authority, one initial issue is whether to cooperate with the request or to assume an adversarial (or at least non-cooperative) position.  Even if the company ultimately decides to contest the authority’s characterization of the conduct, it is often in the company’s best interest to agree to cooperate with the investigation and the authority’s requests (to the extent they are reasonable and lawful).  In this vein, there are three important ways to establish and maintain a cooperative posture with an investigating authority, while also protecting the company’s interests in the process.
Continue Reading Best Practices for Negotiating the Scope of an Investigative Request

One critical issue to consider in responding to an investigative request is whether by producing the requested data, the company will be waiving a privilege or violating legal confidentiality obligations, including data privacy restrictions.
Continue Reading Before You Press Send: Protecting Privilege and Complying With Limitations on Data Dissemination When Responding to an Investigative Request

Upon receiving a request for information from a governmental authority or other agency, it is critical to make early strategic decisions about how to respond to the request and effectively frame the scope of the inquiry.  Generally speaking, there are two overarching goals that typically inform a company’s strategy for responding to requests for information: (i) to provide the requesting authority the information it seeks as efficiently as possible while maintaining credibility and (ii) to appropriately frame and cabin the scope of inquiry to minimize the burden on the company.  To do so, the party receiving the request should first explore a number of foundational questions to understand the context of and motivation for the request.
Continue Reading Five Important Questions for Addressing an Investigative Request

In an increasingly global, regulated, and litigious environment, companies face unanticipated and potentially destabilizing events that often play out in the public eye.  Frequently, the issues organizations face during large-scale, often public, crises require more than exclusively legal skills, but also communications skills.  Below we discuss three key steps in the process for handling the public relations aspects of any crisis: (1) assembling a crisis-response team, (2) deciding whether or not to make a public statement, and (3) crafting the public message.
Continue Reading Public Relations Considerations When Managing a Crisis

The Dodd-Frank Wall Street Reform and Consumer Protection Act goes further than other statutes in providing protection to whistleblowers.  In addition to broadening prohibitions against retaliation, the Securities and Exchange Commission promulgated Rule 21F-17 to ensure companies could not interfere with an individual’s efforts to raise concerns and communicate directly with the SEC.
Continue Reading Rule 21F–17: Guidance on Drafting Confidentiality and Non-Disclosure Agreements

U.S. whistleblower protections broadly provide public and private sector employees with protection from retaliation for reporting potential concerns about misconduct. Companies that are ill-prepared to handle complaints internally not only face potential lawsuits from whistleblowers, but also open themselves up to substantial regulatory scrutiny and perhaps enforcement actions.
Continue Reading Five Building Blocks for Effective Internal Controls to Comply with U.S. Whistleblower Protections

While legal protections for whistleblowers in the United States were first adopted in the late 1970s for federal employees, statutory protections enacted in the last 20 years have substantially increased protection beyond the federal workforce to certain private-sector employees.  These protections create a number of potential issues for companies today, ranging from employee retaliation lawsuits to regulatory investigations. 
Continue Reading Whistleblowers: Who Are They and Why Should You Care?

The overall success of an investigation depends on the flow of communications between those overseeing an investigation, those conducting it and the company’s relevant stakeholders.  As such, it is necessary to identify responsibilities and define the structure of communications at the outset of the investigation
Continue Reading Dealing with an Investigation: Communication