As digital communications become central to workplace investigations, organisations must move beyond reactive responses and build proactive frameworks. In our Behind the Screens webinar, the panel shared practical strategies for managing digital evidence responsibly – balancing legal compliance, employee privacy, and investigative integrity.
Why policies matter more than ever
Christine Young, Partner at Herbert Smith Freehills Kramer LLP, emphasised that policies are the foundation of any defensible approach to digital evidence:
“You don’t have carte blanche to look at anything on a device – whether it’s company-owned or personal.”
Clear, well-communicated policies help:
- Set expectations for employees
- Define what data may be accessed and why
- Support lawful and proportionate investigations
Key policies to review or implement:
- Bring Your Own Device (BYOD) Policy
- Privacy Notice & Monitoring Policy
- Acceptable Use Policy
- Investigation Protocols
Proportionality is key
Whether accessing WhatsApp messages or imaging a device, investigations must be proportionate. Christine advised:
- Define your terms of reference before starting
- Limit searches to what’s necessary for the case
- Avoid “fishing expeditions” – don’t mine unrelated data
- Minimise intrusion by using targeted methods
Tim Smith, Safecall’s Operations Director, added:
“You’re going to find collateral information. Decide upfront how you’ll handle it – what’s relevant, what’s forgivable, and what’s off-limits.”
Practical tips for employers
- Start with a current state analysis
Understand what tools your employees use, across geographies and demographics. - Train managers and investigators
Ensure they understand the legal boundaries and technical limitations of digital evidence. - Engage IT and forensics early
Collaborate with internal or external experts to preserve data and maintain chain of custody. - Communicate clearly with employees
If you need access to a device, explain the process, refer to relevant policies, and minimise disruption. - Document everything
Keep a clear record of what was accessed, why, and how – especially when dealing with personal devices.
Tone from the top
Policies only work when they’re followed. Christine noted:
“If managers ignore the rules, it undermines the whole framework. Tone from the top is critical.”
Senior leaders must model compliance and reinforce expectations across the organisation.