Navigating Internal Investigations

A recent CCBJ webinar highlighted the importance of being proactive instead of reactive when conducting internal investigations.

A key component of a corporate investigation is gathering data. As Curtis Collette, solutions architect at QDiscovery, puts it, “We need to understand what happened and have control over the data and our understanding of it.”

Collette joined Yaniv Schiff, QDiscovery’s director of digital forensics, to present a webinar hosted by Corporate Counsel Business Journal. Their focus: conducting effective internal investigations.

Litigation is centered on presenting a story, and that story becomes easier to tell when it’s backed by strong information. That’s why an investigation must be focused on the eventual outcome. “An investigation is valuable only when it’s an effective investigation,” Collette said. “An ineffective investigation will just put you in a worse position than if you had not done an investigation at all.”

The three elements of an effective investigation are processes, people and tools. First, it’s important to have processes – forms, procedures, checklists – that will apply to at least 80 percent of your cases. Collette told webinar participants to “think of it as the playbook in a football game. You don’t want to be going into the huddle like you did when you were a kid and make up the play as you go along.” Second, preparing ahead of time includes identifying what skills you need and the types of investigations your company is going to be involved with. Third, if you do not have the appropriate tools, you could end up spending more in the long term. “Don’t try to take tools that you’re using for another purpose,” Collette said. The tool you use could end up in litigation, so make sure it’s collecting everything you want it to, Schiff added.

Schiff reviewed some common types of investigations: former employees, harassment claims, data breaches, and policy violations. He again emphasized the importance of having the right procedures in place, so you can respond quickly when the need for an investigation develops. For a former employee, for example, you’ll need to determine what information that person has and how it was communicated. Having a device policy will make it much easier to search that employee’s cell phone, especially if it’s not company owned. You’ll also want policies on e-mail and application logs. Having a procedure for off-boarding employees is helpful too, Schiff said.

In terms of harassment, the first things to determine, Schiff said, are the allegation and the method of communication. “The faster you get a handle on what you’re looking for and knowing where to look, the better off you’ll be,” he said.

Data breaches are particularly important to defend against, since even small ones can have a profound impact on a company. Systems that identify data that needs to be retained make preservation methods more effective.

For policy violations, you’ll need to know what type of violation occurred. Is it an internal data breach – an employee accessing information they shouldn’t – or is it an HR or IT policy violation? Again, this is where having processes, tools and the right people in place make the difference in developing an effective investigation.

Schiff went on to offer tips and tricks for conducting investigations. For any type, he said, it’s about knowing the capacity of your internal team and when to seek outside expertise. An organization like QDiscovery can help establish the ultimate goals by partnering with a company’s legal and IT departments to obtain the necessary data. “If you prepare ahead of time, it doesn’t cost as much,” Collette pointed out.

To learn more, watch online at

Published .