Blog
How to Appropriately Scope Internal Investigations Triggered by Civil Investigative Demands
Contents
- 1 How to Appropriately Scope Internal Investigations Triggered by Civil Investigative Demands
How to Appropriately Scope Internal Investigations Triggered by Civil Investigative Demands
When a company receives a civil investigative demand (CID) from a government agency like the Department of Justice or Federal Trade Commission, it can trigger an internal investigation to gather responsive information. However, companies must be careful to appropriately scope these internal investigations to balance compliance with minimizing business disruption.
Understand the Basis for the Investigation
The first step is to understand the general basis for the investigation by reviewing the CID resolution and speaking with agency attorneys. This will indicate the suspected violations or practices under review. It’s important to understand the scope so you can appropriately target the internal investigation.
Key Areas to Understand
- The specific laws, regulations, or agency authority involved
- The general time period under investigation
- The types of products, services, or business activities involved
- Any limitations on the scope noted in the CID
While CID scopes can be quite broad, any limitations provided can help appropriately narrow the internal investigation (see discussions on Reddit).
Assess Internal Resources
Conducting an internal investigation requires substantial resources in terms of employee time, legal review, data gathering, and document production. Assessing available resources will determine what can feasibly be covered.
Key Resource Questions
- Which employees have relevant knowledge?
- What data systems or repositories need to be searched?
- What legal and compliance staff are available?
- What technical/IT resources are required?
- What is the availability of records management resources?
Understanding resource constraints allows creating an appropriately scoped plan (see related discussions on Quora).
Identify Key Data Sources
The next critical task is identifying the key systems, repositories and records where relevant data resides. This allows targeting data gathering to appropriate sources.
Common Investigative Data Sources
- Email servers
- Shared network drives or folders
- Enterprise content management systems
- Document management systems or databases
- Relevant desktop or laptop computers
- Mobile phones used for business
- Relevant paper records
- Data analytics platforms and reports
| Data Source | Collection Method |
|---|---|
| Email servers | Keyword searches, date filters |
| Network folders | File indexing and review |
| Content management systems | Metadata and full-text searches |
Identifying these key sources early allows focusing data gathering and review (see Avvo’s CID response guide).
Conduct Employee Interviews
Interviewing employees with relevant knowledge of the business activities under investigation is also critical. This serves to understand key systems and records as well as locating responsive information.
Tips for Conducting Interviews
- Review documents, communications and data on systems before the interview.
- Focus interviews on the time period and activities within the scope.
- Identify other relevant custodians for data gathering.
- Follow up interview leads regarding other data sources.
- Document all steps taken during interviews.
Well-planned interviews allow efficiently targeting data gathering and avoiding excessively broad searches (see LawInfo’s CID guide).
Prioritize Data Gathering
The volume of information potentially responsive to CIDs often exceeds what can realistically be gathered and reviewed within typical deadlines. Prioritizing key data sources and search areas allows staying within appropriate limits.
Factors to Consider for Prioritization
- Search terms, date ranges, and custodians identified from interviews
- High-risk products, services or business units
- Easily accessible versus difficult to access data sources
- Likely highly relevant versus peripheral information
Effective prioritization minimizes potentially irrelevant data collection (see FindLaw’s CID guide).
Document the Investigative Process
Thoroughly documenting all steps taken in the internal investigation is crucial both for agency reporting and demonstrating a defensible process.
Key Documentation Elements
- Data sources searched
- Search terms, filters and time ranges used
- Review and culling processes
- Outside vendors or forensic services utilized
- Policies guiding investigation methodology
Complete documentation helps establish the internal investigation was conducted in a reasonable, proportional, and defensible manner.
Evaluate Opportunities to Negotiate Scope
If any aspects of the CID seem excessively burdensome or irrelevant, companies should evaluate opportunities to negotiate limitations with the agency’s attorneys based on the established internal process and documentation.
Potential Negotiation Grounds
- Search terms or date ranges that can be narrowed
- Custodians that can be removed if data is duplicative
- Data sources that provide limited utility
Reasonable negotiations can help reduce business disruption while demonstrating cooperation. Companies should consult legal counsel when assessing these options.
Appropriately scoping internal investigations requires carefully balancing compliance obligations with minimizing organizational disruption. Following protocols to assess scope, identify key sources, conduct interviews, prioritize gathering, document the process, and negotiate opportunities allows organizations to appropriately respond.