Enhance data protection compliance in corporate investigations

UK Companies conduct internal investigations on a daily basis, and also increasingly are asked to collect employees’ email and electronic documents to satisfy litigation and regulatory requests. Although these digital investigations are necessary to meet companies’ legal obligations, they also must demonstrate respect for employees’ privacy rights under EU directives and UK data protection laws, which require that these investigations and collections not be excessive in relation to their legitimate purpose. This paper will address some of the salient requirements of the EU Data Protection Directive (the “EU Directive”) or the UK Data Protection Act 1998 (the “UK Act”) pertinent to the investigation, review, and/or collection (hereinafter “investigation”) of employees’ personal data. It also touches on relevant portions of the Regulation of Investigatory Powers Act 2000 (“RIPA”) and the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (the “LBP Regulations”).