This is the second in a series of six articles on the “Dozen Do’s and Don’ts of Corporate Internal Investigations.” Read the first installment here.

In our first article we discussed the importance of developing internal processes that motivate employees to report compliance concerns (“Do listen for the whistle”) and the importance of developing a process that ensures an efficient and thorough investigation of alleged malfeasance (“Don’t shoot before you aim.”) This segment addresses two more keys to an effective internal investigation: the importance of searching the right places for potentially relevant information (“Do dig where the treasure is buried”) and ensuring that evidence is properly preserved (“Don’t destroy documents”).

3. Do dig where the treasure is buried

When you identify potential misconduct and decide to conduct an internal investigation, the company must first determine where relevant information resides and implement an effective plan for recovering that information. The starting point is identifying all potential custodians of relevant information and then identifying the repositories of potentially relevant information—both hard copy document files and electronically stored information. This may include emails, voice mails, phone records, text messages, Word documents, Excel documents, portable document format files and company financial records, among others. With respect to electronically stored information, the company and its counsel should develop a list of search terms that ensures the recovery of relevant documents and filters out irrelevant documents.  

Depending on the company’s document storage and document retention protocols, it may need to search backup tapes and/or custodians’ personal workstations to ensure recovery of all relevant documents. The company should search in all places the government might look. Further, the company must involve its IT professionals to make sure that each potential treasure trove of electronically stored information is searched.

In many cases, the organization should consider retaining a third party that specializes in forensic data recovery. The reasons are twofold:

1. The volume of data can be immense and a third party may have sophisticated tools to help recover, manage and store large quantities of data

2. A third party in charge of data recovery creates a buffer between your company and potential claimants, including the government

Hiring a third party to assist with data recovery may enhance your company’s credibility in the eyes of the government, which often requires that third parties collect data pursuant to subpoenas for information and documents. While third-party data recovery can create an unwelcome large expense at the front end of an investigation, it often reduces costs in the long run by helping you target only relevant data repositories, thereby weeding out irrelevant or duplicative data.

Regardless of whether the company’s search for documents is aided by a third party or conducted internally, the collector should produce a comprehensive log identifying and organizing important documents, including a description of where each document was discovered and its custodian.

4. Don’t destroy documents

Once your company is on notice of potential misconduct, the company must issue a document retention memorandum. Not only does the document hold help ensure recovery of all relevant documents, it also ensures the preservation of evidence at the earliest possible moment the government could claim the company had notice of potential litigation. This is crucial, because, if a company is facing a government investigation, its failure to retain documents may result in obstruction charges or allegations of spoliation in civil litigation.

The company should distribute the document hold letter to all potential document custodians and the IT department. In some circumstances it may be sufficient to simply image relevant hard drives and/or backup tapes to protect against spoliation. The best practice, however, is to cease all routine and non-routine document deletion, at least with respect to the identified custodians. In the event a government investigation commences, the government may disagree with the company’s search term list or its application of search terms to the electronically stored information. Accordingly, in many instances it may be necessary to access the same data you searched in pursuit of your internal investigation, if and when your company receives a government subpoena or civil discovery request. Be certain not to lift or deviate from the document hold until the company and its counsel are confident that no claim or government investigation will result from the alleged misconduct.

Our next article will address the next two of our dozen do’s and don’ts of internal investigations: “Do Identify Your Client” and “Do Come Armed.”