Philip Berkowitz (email@example.com) is the U.S. practice co-chair of Littler’s International Employment Law Practice Group and co-chair of the Financial Services Industry Group in New York City.
Compliance or internal audit departments frequently carry out audits intended to assure that business partners in an organization, such as human resources or legal departments, have in place policies and procedures that are consistent with the myriad laws with which the organization must comply, including those related to employment, whistleblowing, anti-bribery, and corruption. These reviews are often not confined to policies, but may also seek review of sensitive contemporaneous records. For example, in the case of an internal antidiscrimination and harassment policy, or a public and employee-facing whistleblower policy, compliance may wish to review logs of complaints and investigation files. These records may contain the names of whistleblowers, allegations of unethical or illegal conduct, and legal conclusions.
Compliance or internal audit may want to understand the status of each internal complaint: the allegation, how it was handled, the conclusion; whether the company retained outside counsel or any investigators; whom the company retained; whether there was a violation of law; whether the company imposed discipline and, if so, what it was and whom it was against; and whether information was shared with the complaining party.
Of course, internal reviews of this nature are usually quite essential and legitimate. However, it is important for compliance and internal audit departments to recognize that in-house counsel, human resources, and other departments may have legitimate concerns that an internal audit may result in inappropriate disclosure of confidential information and, critically, an unintentional waiver of the attorney-client privilege or otherwise.
Investigation details may contain damaging evidence of wrongdoing on the part of the company or an employee. The underlying investigation may have revealed shortcomings in the company’s internal compliance procedures. Additionally, plaintiffs’ counsel often set their sights on discovering the fruits of internal investigations, including the underlying interview notes and other raw materials created when carrying out the investigation, in the hope that they can bolster their claims, either by demonstrating that the employer’s investigation was inadequate or by using damaging evidence the investigation may have uncovered.
In light of these risks, compliance, internal audit, and the departments whose activities they review must have in place guidelines to avoid disclosure of privileged information and limit, to the maximum degree possible, the disclosure of sensitive and confidential information.