Can you keep a secret? How about your staff?

It’s not just American presidents who can be indiscrete and share potentially sensitive information with people they shouldn’t. While recollections of exactly what was said at that meeting by Donald Trump vary, there was definitely the potential for inappropriate information sharing, even if it was dressed up as politics or diplomacy.

Now unless you work in the Security Services, the Military or are a senior Civil servant, it’s unlikely that you and your staff will be in possession of such top secret information. However that doesn’t mean that the information your staff know and / or have access to is safe and risk free.  While they might not be the next Edward Snowden or Chelsea Manning, information is a valuable commodity.

There are companies and people out there who will pay money for information and aren’t always too​ scrupulous about where it comes from. While some things such as bank details or credit card information have an obvious financial value (when misused), other personal details can be useful and valuable to “scammers”, criminals​ or even marketing and advertising companies too.  This personal information could be about your customers but not always; it could be about your staff too.

As well as personal data, there will be other information that could be useful and valuable to others. It could be information from your customer database, it could be product information or technical data, your business strategy or your research programme – the list goes on.

So why would others getting this information be a problem you might ask? If you work in a competitive, commercial industry it could potentially give your competitors a helping hand to outperform you or compete more effectively against you. You’ve worked hard to build up your customer base and you wouldn’t want them suddenly buying from your competitors instead. It might help them undercut you on price or to negotiate better deals with your suppliers than you have. All is fair in love, war and business?

As for personal data, especially the type that is “sensitive”, you and your organisation have a legal obligation to store, manage and use it in line with current legislation. (The Data Protection Act 1998) If you are found to have breached the legislation, either accidentally or deliberately, the Information Commissioner can issue a penalty notice or a fine of up to £500,000.  You also need to be mindful that the Data Protection Act is about to be updated and there will be new obligations and regulations that come into effect in 2018. While you might be compliant now, you might not be by next year.

So what can you do about this potential information minefield? While it’s great to hear that you trust your staff that isn’t enough, or certainly isn’t as far as the Information Commissioner is concerned. Here are some suggestions of what you might wish to put in place:

  • A data protection policy and guidance and a contractual clause about the employee’s duties and obligations.
  • The relevant processes and procedures that support your data protection policy are vital too.
  • An appropriately worded confidentiality clause – either as part of staff contracts of employment or as a stand alone document.
  • An appropriately worded intellectual property clause would be useful for your staff working in research and development, or any other product development area.
  • IT guidance about file sharing, downloads and uploads, emails and social media can remind staff to think about what they share and send, and how they do it.

(This isn’t an exhaustive list but hopefully gives some food for thought.)

Depending how much of a risk you potentially face, you need to put the appropriate measures in place now before a problem arises. Once the problem or data breach occurs it’s too late…. You can’t undo what’s been said / saved / sent however much you want to and however much you try to rewrite history. (Politicians take note!)

Understanding more about Forensic HR

The background

We are all aware that the police use forensic techniques to collect evidence and build a criminal case. Likewise many will be aware of the growing discipline of Forensic Accounting and Taxation which often results in expert witness presentations in court for criminal or civil actions.

Forensic HR (FHR) is still quite rare in the UK partly because of how HR practitioners are trained.  Initially they qualify with the CIPD (Chartered Institute of Personnel and Development) who don’t recognise or promote FHR and then most of their CPD is in the form of legal updates led by lawyers whose risk adverse cautious approach is infectious. Lawyers are informed by case law which is basically the latest legal argument or debate.  Interestingly recent case law allows employers to monitor private telephone calls if they have reasonable cause to do so.

Forensic HR is more common in countries like America, South African and Australia.

Ultimately anyone in dispute wants a swift resolution and the law allows companies to agree Settlements with employees without going through a protracted disciplinary process although the majority of companies seem to go through a long process as advised by their HR department, legal helpline or lawyers before they agree to settle. Likewise good contracts of employment will usually have the provision for reasonable investigations if the employer has just cause.

What is it?

In a nutshell the Forensic HR expert is called in to hear an allegation or suspicions regarding an individual, group of individuals or a company. Often the individual or company has an outstanding complex case and what is required is new or fresh evidence to present a counter claim or new angle and help close the matter.

The Forensic HR expert will always ensure there is just cause to investigate and that any investigations don’t stray out of a tight and agreed remit. Likewise if they feel there are any medical concerns they will ensure those are closed off before and if they proceed. Any investigations must meet the high standards demanded by the CIPD code of conduct and be both ethical and lawful.

Typical investigations can include:

  • Private investigators – for cases like sickness absence where there is good reason to suspect the case is not genuine or theft where stock is going missing or where the company wishes to investigate a potential new senior employee
  • Forensic laboratory techniques – To restore a document to it’s original state like a taxi receipt, set of accounts, or hard copy notes from a meeting.
  • CV, qualification & background checking services – to verify that every piece of information given to the employer is 100% correct.
  • Social media searches – it is quite common for employees to put information on social media and therefore in the public domain that is useful to a FHR investigation.
  • PC, mobile and other devices investigations – Looking at this in-house or sending it away to recreate deleted files. Particular focus on emails sent by the employee externally.
  • Interviews as part of a Protected discussion which present select pieces of evidence and use of intensive interviewing techniques designed to stress test the individuals case & resolve.
  • Time recording evidence – Many companies have systems which track how long employees are in the office or online. This information can be very useful.

The skill with Forensic HR is to gather just enough evidence to help present a case and agree a settlement.  The purpose is always to avoid paying out large sums due to fear or management incompetence. The forensic HR expert will often be looking in a different area to the one the complaint originated from.

Forensic HR takes a brief from the highest level within a company and needs an “Access All Areas Pass” to carry out a thorough investigation & present a report and recommended actions. Often we may take charge of negotiations with the employee regarding a swift exit or they can work closely with the in-house HR team, employment lawyers etc

A Forensic HR case

A great example of a successful Forensic HR case was a large firm of brokers who employed a well connected female broker whose nationality was Greek. She enjoyed lots of flexibility from her employer including 10 weeks paid leave to return to Greece when her father was ill.

One evening when her boss had gone home without signing out, she accessed his emails (without his permission) and saw that he had referred to her as a “bubble” in a jokey conversation with a collegue about how long she took off. He had said “These bubbles take a lot of time off”. (From the Cockney rhyming slang – bubble and squeak – Greek).

She immediately complained to HR that this was racially offensive and as the Director admitted he had said it, he was suspended pending an investigation.  He made a lot of money for the firm and was unable to trade. The firm were advised by a lawyer they consulted that as racism was discrimination, the total compensation paid out could be excessive as it would be uncapped.

Amelore were brought in by the CEO who was flabbergasted by this and wanted an alternative viewpoint. We quickly investigated and presented a case to show that she had regularly altered her taxi receipts to claim expenses relating to the weekends & also traded over her limit. Neither had been picked up or challenged as staff were frightened of her.   

She also had no right to access her bosses emails without permission which was a disciplinary matter in itself. She was a registered person with the FCA so when dismissed for gross misconduct it was the end of her career.  She was not entitled to any notice or other pay.

As part of our service we did some training with the HR team who had failed to see the bigger picture.

Can any HR practitioner have a go at Forensic HR?

Forensic HR should only be practiced by individuals with long experience of Employee Relations; a good understanding of employment and other relevant legislation, human behaviour and the right type of inquisitive, intelligent, objective and impartial approach. Training is recommended. Equally it is much harder to practice Forensic HR as an in-house practitioner. As the employer you have a duty of care to the individual you are investigating and this can present a conflict of interest. Likewise the trust and confidence in HR by the rest of the workforce may be damaged by your actions.

Criminal cases

Whilst most companies choose not to pass information on to the Police once an investigation is concluded, some of our clients have done this for extremely serious cases which have resulted in custodial sentences.  All our investigations are highly confidential however, if we come across anything that is criminal, involves children or vulnerable persons we will immediately notify the relevant authorities.

A good result

Ultimately Forensic HR is about saving the Company money – reducing a potential liability by introducing and presenting a stronger case. But equally its about leaving the organisation in a better and stronger place. Our final debrief with the CEO/COO/FD/HRD is a critical and important part of the process.

If you are interested in finding out more about Forensic HR or arranging some training for your HR team, do get in contact with us.

www.amelore.com