Locating and preserving relevant documents

There are a number of issues around locating and preserving documents: 

  • consider whether the collection and preservation of relevant documents will engage data protection laws. Further information on data protection can be found here
  • steps must be taken immediately to prevent the destruction of relevant documents, either through the company's normal document destruction processes or by those individuals likely to feature in the investigation 
  • the company's IT department should be contacted immediately to ensure that all routine deletion of electronic material on servers, backup systems, individual PCs and other electronic devices is immediately suspended pending the outcome of the investigation process 
  • a member of the internal investigation team should be immediately tasked with collecting all hard copy notebooks, working files and other hard copy materials, as well as laptops and other portable electronic devices used by relevant employees 
  • consider how confidentiality will be preserved. Relevant individuals should be contacted individually, rather than via mass communications sent to the whole workforce. Each relevant individual should be expressly reminded of the confidential nature of the investigation from the outset 
  • relevant individuals should be consulted as soon as possible for assistance to identify and locate all relevant electronic and hard copy material. This may require relevant personnel to bring in data from home or provide access to locked filing cabinets and/or data rooms within company premises 
  • it may be necessary to identify and quarantine some documents (including all copies) as quickly as possible. A means of quarantining any such documents should be identified (the offices of any external advisers might be appropriate for this purpose) 
  • consider the need for specialist IT assistance, which may assist in processing and searching electronic documents
  • consider whether data relating to a third party (such as an agent or other contract counter-party) needs to be reviewed. If so, consider whether there are likely to be any contractual terms relevant to collecting and processing their data. Consider whether the agent or counter-party should be aware that its data is to be collected and processed