5 Best Practices for Protecting Sensitive Information During an Investigation by Jeffrey Wolff
O
rganizations are feeling the pinch of compliance like never before as government agencies at every level are scrutinizing their business affairs more closely and issuing more regulations. To meet their compliance obligations, smart organizations leverage internal investigations to address personnel issues, respond to employee complaints, prepare for litigation, and audit their business practices. In most circumstances, organizations want to keep the findings of their internal investigations private, whether it’s to safeguard the company or an employee from embarrassment or to prevent an opposing party from gaining access to damaging information. That requires organizations to take proactive steps to protect sensitive information. Fortunately, there are several tools for protecting sensitive information during an internal investigation.
What Is Sensitive Information? Sensitive information is any information that is confidential, proprietary, private, or legally protected. It can take a variety of forms. Here are some of the most common types of data that organizations need to protect: • Employee data such as Social Security numbers, dates of birth, home addresses, and health and benefits records • Financial information, including bank account and credit card numbers, revenue sources, and expenses and losses
Why Protecting Sensitive Information Is Important Organizations and their counsel should protect the sensitive information uncovered or generated during an internal investigation for several reasons. Sometimes the information may be potentially damaging to the reputation of an organization or its employees. Most companies have an interest in resolving internal affairs quietly. Keeping private matters private avoids potential embarrassment and a public relations nightmare. Protecting sensitive information can also prevent the contamination of witness testimony and encourage reluctant witnesses to come forward. If you’re interviewing multiple employees about an employee issue, you may want to keep witness testimony private until the conclusion of the investigation so there’s no possibility of undue influence. Furthermore, employees are more likely to raise concerns if they’re assured that their comments will be kept confidential. Finally, where litigation may follow, organizations should take care to protect sensitive information so that it’s not subject to discovery by an adverse party. The failure to safeguard confidential information may put you at a serious disadvantage if the matter leads to legal proceedings.
Legal Protections For Sensitive Information
• Results of internal investigations and other information not known to the public
The main way to protect sensitive information is to cloak it in the attorney-client privilege. If lawyers participate in an internal investigation for the purpose of providing legal advice, then those conversations and the materials that you share are protected by the attorney-client privilege. Similarly, a lawyer’s work product, including notes and documents, is protected from discovery so long as it’s created in preparation for litigation. Be cautious, though. These protections don’t generally apply to routine audits or other investigations conducted in the ordinary course of business. That’s why it’s important to make sure that you’ve taken the right steps to protect sensitive information before an internal investigation even begins.
Sensitive information is often implicated in internal investigations—and without caution, it could be intentionally or inadvertently shared outside the organization.
5 Best Practices For Protecting Sensitive Information
• Client and customer information, including contact details and previous order records • Proprietary information such as trade secrets or research details • Strategic plans, including potential mergers and acquisitions, development opportunities, and internal processes • Operational details such as inventory records, pricing policies, and marketing techniques
1. Involve legal counsel in the investigation: One of the easiest ways to help protect sensitive information is to involve legal counsel both before and during an internal investigation. 26
Attorney Journals San Diego | Volume 220, 2022
