Posted on: February 23, 2017in Blog
Corporate Internal Investigations Best Practices
An estimated 93% of all data created by corporations is in the electronic format. Subsequently, the number of sanctions levied against parties who improperly handle electronic evidence continues to increase.
Here are 11 best practices that should be followed when planning and conducting an internal investigation.
Internal Investigations Best Practices
1. Identify trigger events
Identify your specific trigger events. This would be anything that would cause you to take action from a legal, compliance or investigative standpoint. Document these triggers and make the records available to stakeholders.
2. Identify external contacts
Identify your key external contacts and document their information. Ideally, you will have contracts in place ahead of time to avoid negotiating a statement of work for a time sensitive issue.
3. Identify internal contacts & roles
Identify your key internal contacts and document their roles. Document their individual roles and responsibilities within the investigation process. Once you have identified your internal team, get them in a room together to begin building relationships and agreed upon protocols.
4. Have an investigation plan
Have a plan or policy in place on what to do when a trigger event occurs and how to defensibly handle the investigation.
5. Document entire your process
Documentation is your sword in negotiating a reasonable scope of discovery and your shield in showing that what you included or excluded in preservation and collection was reasonable.
6. Document your chain of custody
Document your chain of custody. This document should provide details regarding the collection, transportation, storage and general handling of electronic evidence.
7. Avoid evidence spoliation
Treat the suspect employee’s computer like a crime scene. Every time an untrained individual accesses – or attempts to access – the data on the devices, they run the risk of unintentional destruction of data, or at best, significant changes to the data that cannot be undone.
8. Collaborate with external expertise
Collaborate with outside counsel and/or a forensic examiner to dive deeper into the data. This will arm you with valuable information about the case.
9. Preserve the entire workstation
Your first step should always be to preserve the suspect’s workstation and immediately call a forensics expert. Have the full internal team on this call, and be prepared to discuss the facts of the case/background, end goals, and timeline of events.
10. Use forensic expertise & tools
Remember: trained forensic examiners with proper tools can recover deleted information. This enables them to piece together a story that traditional discovery methods cannot.
11. Be prepared to testify
Be prepared to testify if you are handling the electronic evidence. You must be able to defend the accuracy of the evidence collected, and testify to the actual collection process. If this is an internal individual, then be prepared for questions surrounding bias and expertise.
Download the PDF version of these best practices - which includes a reference sheet for you to create your own lockstep protocol for handling internal investigations.
- 4 Key Internal Roles Involved with Conducting Corporate Investigations
- Intellectual Property Theft: How to Ensure a Defensible Investigation
- Legal Hold Triggers: When Should You Document Your Reasonable Expectation of Litigation?
- Forensic Investigations Unlock Key Digital Evidence
D4 Weekly eDiscovery Outlook
Power your eDiscovery intellect with our weekly newsletter.
Posted October 10, 2018
How to Reduce Your Threat of Cyber Attacks in Wake of China Hack Allegations
Posted September 26, 2018
X1 Insight and Collection & RelativityOne Integration: Testing and Proof of Concept
Posted September 19, 2018
D4 used Relativity to pinpoint a single Chinese character with hundreds of thousands of WeChat messages
Posted September 12, 2018
Why You Should Implement Pre-Review Analysis in Your ECA Workflow
Posted September 05, 2018
What is Data Mapping? ESI Basics for eDiscovery
Posted August 29, 2018
ILTACON 2018 Takeaways: 4 Ways to Get Your Lawyers to Use Advanced Technologies
Posted August 22, 2018
Basic eDiscovery Early Case Assessment Checklist
Posted August 15, 2018
Document Review Best Practices: 9 Steps to Prepare Your Workflow
Posted August 10, 2018
Data Reuse in eDiscovery: 4 Questions to Help Start Your Policy
Posted August 03, 2018
Taking a Team Approach to eDiscovery Projects