So, you’ve made the initial preparations for your remote workplace investigation, you’ve notified your employee, chosen the video conferencing method and even done a trial run. What other considerations should you have before launching your remote workplace investigation?
In May 2018, GDPR came into effect across the EU. It is designed to protect individuals’ personally identifiable information by laying out very specific rules on the types of data allowably collected by organisations, how that data should be treated and how long it should be stored for. It outlines six principles that data controllers must adhere to when collecting data. Avoidance of the guidelines may lead to a data breach, a complaint being made to the Data Protection Commissioner, and ultimately a heavy fine for your business.
Given that GDPR was introduced two years ago, you have probably already familiarised yourself with its stipulations. However, with remote working comes the increased risk of data breaches, and any organisation with remote workers will need to take some additional steps to ensure the ongoing security of personal information. While this is true for all departments across the business, it is especially true for the HR department, as this is the department which usually collects employees’ personal information such as home address, phone number, data relating to salary and performance reviews and sensitive medical information.
When dealing with sensitive matters such as an internal investigation, the last thing that you need is for security to be compromised. You also need to think about what kind of consents you may need from your interviewee. It is vital that you give careful consideration to the following items:
- Are you storing the data relating to the investigation on a workplace network drive accessible via a VPN? Is this drive separate to the company-wide one? Who has access rights, and why?
- Are you storing data locally, in a desktop folder? Have you password protected this folder – and your device?
- Do you have paper files relating to the investigation? If so, where are these currently being stored? If you live with others, how are you ensuring the privacy of these files?
- If you have been taking notes on a notepad, what type of information do these notes contain? Where is this notebook being stored?
- Is the investigation data currently stored in multiple locations? If so, why? Can you consolidate the data?
Third party providers
- What are the different apps/tools you need to use in order to conduct your investigation? (This includes not only your video conferencing tool but also any other tools being used, such as OneDrive or Google Drive for file storage)
- Where does the provider store any recordings or files, and how long do they store them for?
- Have you thoroughly researched the providers reputation for data security?
- How many people in your company have access to the provider’s account that you will use for the investigation?
- If using a video conferencing tool that allows all parties to record, do you need to implement extra measures to ensure that your interviewee does not record the meeting?
- Has your interviewee consented to the use of a third-party tool for interviewing purposes?
- Does your interview consent form allow for the meeting to be recorded? Additionally, if your software records both video and audio, has your interviewee given their consent to have their image captured, as well as their voice?
- If your interviewee wishes to include a representative, have they also signed a consent form?
- Has your interviewee signed something in which they acknowledge that the investigation should remain confidential? Are they aware of any measures they might face should they breach this?
You likely have received direction from your IT department regarding general IT security when working from home. Make sure that you have implemented all measures suggested by them, especially if using your own device rather than a dedicated work device. Use a password generator, and a storage system such as KeePass that will keep all your passwords secure. Remain alert when it comes to phishing emails. Test yourself to see how easy you find it to identify a phishing email here https://www.phishingbox.com/phishing-test. Ensure your anti-virus software is up to date and you are regularly checking for updates, especially if you use your own device at all. Install an AdBlocker, or ask your IT department to install one for you. You can also install a DNS filter, such as this free version https://www.opendns.com/home-internet-security/.
The interviews should always be conducted in a private, confidential manner. Although we are big advocates of remote working and hugely supportive of those that need to work while also minding children, this is not the time for your partner/housemate/child to come bursting into the room. It is your responsibility to safeguard against this as much as is possible. Explain clearly beforehand the importance of privacy for this meeting. Try hanging a sign on the door to mitigate the risk of them walking in unannounced. Another good practice is to sit with the back of the laptop facing the door. That way, even if someone comes through the door you will have a chance to address them before they see your video screen and your interviewee.
On that note, your equipment should be suitable for the interview. Headphones should be worn as this minimises the possibility of anyone else but you hearing the statements. Ensure your computer is automatically checking for updates and that these have all been done before the interview. Sign into your chosen software at least ten minutes in advance so that you can rest assured it is working. Internet speeds can be assessed beforehand if you wish – a simple Google search will bring up a free speed checker.
While you need to ensure all your equipment is up to date, you also need to run an assessment on your employees’ technology. What happens if they cannot download the software? What if they do not have a stable internet connection or any at all? What if they do not own a personal computer? If feasible to do so, your organisation may wish to supply needed equipment to your interviewee in order for them to complete the interview. Even in this day and age though, we can’t expect everyone to have the familiarity with technology that is required for video conferencing. In these cases, how are you facilitating the interview? Will you be able to do it via phone call and record it? Being prepared for every eventuality will help make this process less stressful.
If you need to transfer the video recordings to be transcribed, then ensure you are using a secure file transfer platform. Due to the size of video recordings, you will likely not be able to send via email. Whatever you do, don’t be tempted to upload to your personal Drive and share a link. Re-read the above section on data privacy if still unsure.
Workplace investigations are a sensitive subject that can be a potential minefield for employers. They can be tricky to get right, even in non-pandemic times. However, they must be completed effectively, efficiently, and fairly. Despite your best efforts, you may find it much easier to outsource the investigation to a trusted third party. Be realistic in your abilities, but also your resources. If you are the only HR Manager in your organisation, and you are dealing with a complex matter, then you will need to look externally for support so that you can provide a fair process to all involved.
If you need some confidential advice, do not hesitate to get in contact with us today. Our contact details can be found here.