eDiscovery for Internal Investigations: How to Proceed

So, you have received an internal complaint or whistleblower allegations for corruption or fraud. How will you go about managing it? 

Your in-house counsel will start to work on the internal investigation by creating a plan. Throughout the investigation, they will have to face a number of challenges, many of which can be easily dealt with using eDiscovery tools.

Before we start exploring how to manage an internal investigation, we need to understand the ins and outs of internal investigations. 

So, what is an internal investigation?

An internal investigation can be referred to as a formal inquiry made to determine if any regulatory practices or workplace policies have been violated. These can be a complaint against an employee, a suspicion of misconduct, harassment accusations, fraud, and more. An internal investigation is done to find out the truth about the complaint. It is carried out in a way to ensure that there isn’t any damage to the reputation of the employee or the organization. 

The process of an internal investigation starts by creating the investigation team. It is their responsibility to ensure that no relevant data is destroyed. For this, you need to take certain steps, like alerting your IT team to check for any deleted or copied files, suspending employees, or removing access to company devices and servers. It is crucial to identify key custodians involved in the allegation and focus on the right data sources.

Then, you must identify the allegation’s nature and plan the investigation. You need to collect the evidence located in multiple locations. You will have to take different data privacy, privilege, and state laws into account. It is crucial to undertake a full forensic collection that meets evidence requirements in relation to authentication and chain of custody.

The investigation will involve reviewing hundreds and thousands of emails and other data. Fortunately, there are tools available to save you time and costs. eDiscovery software such as Casepoint can help you with internal investigations as well. Their analytics tool can help you identify key documents, allowing you to focus on critical evidence. 

Once the investigation has been completed, you have to create a report detailing your findings. It includes the root cause of the event and any lessons learned. It is crucial to maintain privilege and give your recommendations to the board.

Objectives of Internal Investigations

Why is document review the most expensive part of the eDiscovery process? We live in a modern digital world. More and more companies are working remotely, which creates more data to be preserved. During review, any of these documents or information in the data can be pivotal to influencing a case. Your findings are capable of making or breaking your case. In the past, there have been some cases that truly demonstrate the power of eDiscovery, like the antitrust trial of the United States vs. Microsoft, which began in the late 90s. The key contention of the case was that Microsoft had been conspiring against Sun Microsystems. During the document review process, an email from Bill Gates surfaced in which he asked about what they wanted Apple to do in order to undermine Sun Microsystems. This email became the smoking gun of the case.

There are also dangers inherent in the document review process. One of the best examples of this danger is the Samsung vs. Apple case. During the document review, the outside counsel for Samsung didn’t redact a sensitive Apple contract properly. This contract was under a protective order, meaning its use in the litigation was limited. This contract was then uploaded to the internal intranet of Samsung, after which it went viral. The company faced sanctions after Apple found out about this blunder.

As you can see, the process of eDiscovery review is risky. This is not the stage where you want to cut corners or hold out on time and resources.

Section Image

When it comes to an eDiscovery investigation or regulatory scrutiny, due diligence can be document intensive. With millions of dollars hanging in the balance, the importance of internal investigations cannot be overstated.

Due Diligence

Section Image

Alleged misconduct is among the top reasons for internal investigations. The Human Resources department often deals with investigations regarding equal employment opportunity and employee misconduct issues.

Employee Misconduct

Section Image

A whistleblower is also a common source for an eDiscovery investigation. These investigations often proceed in anticipation of follow-on litigation or regulator-driven government investigation. Since whistleblower-driven investigations are associated with regulators like the Department of Justice (DOJ), it is crucial to have a thorough identification and document review process.

Whistleblower Actions

Section Image

For any organization, internal or external hackers trying to access and exfiltrate data pose a huge risk. It risks their internal confidential information, trade secrets, and valuable IP. In order to prevent the breach or mitigate an existing one, timely remediation is critical.

Insider Threat and Cyber Breaches

Data Identification, Preservation, and Collection for Corporate Internal Investigations vs eDiscovery

Conducting Internal Investigations with Casepoint

When it comes to conducting an internal investigation, you have to start with identifying the personnel involved in the matter or the custodian of the data relevant to the events of the investigation. During an investigation, these parties are often referred to as “subjects” or “targets”, and in eDiscovery, they are called “custodians”.

The difference comes from the fact that eDiscovery encompasses a larger and broader range of systems and individuals than in internal investigations. Apart from this, the process of identifying the “subjects”, establishing a legal hold, and preserving data are mostly the same.

Since both corporate internal investigations and eDiscovery have the same basic procedures, it is only logical to leverage the same tools for data preservation and collection. A good example of this is the issuance of a legal hold notice. For an internal investigation, a legal hold notice isn’t a requirement, but it would be helpful for you to issue one. The court might see the fact that an eDiscovery investigation was conducted as a triggering event that requires a legal hold. 

For investigations as well as eDiscovery, the actual process for collecting and preserving data is identical. You can use a single solution to address both needs.

Challenges in Internal Investigations

Section Image

Regardless of the event that triggered the internal investigation, getting ahead of a regulatory investigation, responding to a whistleblower, employee misconduct, or due diligence investigation, it is important to understand the risks of the matter quickly. 

Time is More Valuable

Section Image

One of the key aspects of an internal investigation is to ensure strict confidentiality. Since the people of interest and the custodians with pertinent data are still employed at the organization, discretion and speed are crucial.

Ensure Confidentiality

Section Image

We have already talked about the importance of time and confidentiality requirements while conducting an internal investigation. In order to do so, it is important to keep the investigation focused on relevant custodians and facts. It is easy to get outside of the scope of the investigation, and the counsel must mitigate this.

Focus on Relevant Facts

Section Image

The information involved in internal investigations is mostly confidential, making data privacy a major concern. These investigations might involve confidential merger activity, highly valuable trade secrets, subjects under regulatory scrutiny, and allegations of misconduct, so it is best to keep the investigation team on a need-to-know basis. You should also use a secure solution for conducting targeted document review.

Maintain Data Privacy

Section Image

The end of a corporate internal investigation doesn’t necessarily mean the end of the matter. The results of the investigation might be forwarded to regulatory agencies for a subsequent investigation. They might also be used as evidence during litigation. This is why it is important to be thorough during your data collection process and identify critical information.

Identify Critical Information

Data Processing, Review, and Analysis for Corporate Internal Investigations

After data collection and preservation, it’s time to process, review, and analyze the data. This is where the differences might exist between eDiscovery and internal investigations, depending on the matter’s severity, size, and scope.

In the case of smaller and more focused investigations, you might be fine working with existing resources. You might be able to view common types of data and run basic searches. However, for more complex matters, you will need an eDiscovery solution. It is possible that a small internal investigation could turn into large-scale litigation. So, your technology solution should ensure that it can suit your needs.

eDiscovery Resources for Corporate Internal Investigations: Usage and Advantages

Consider that your organization has received a harassment complaint from an employee. If you have a dedicated internal investigation team, they will start the investigation by placing the employee and the one against whom the complaint was filed under legal hold. They will collect the relevant data and use basic as well as advanced eDiscovery features to conduct the investigation. In some cases, they might find a much bigger problem involving multiple departments and employees. Now that the scope of the matter has increased, the volume of relevant data has increased as well.

The small internal investigation has transformed into major litigation. Your regular tools might not be capable of handling an investigation of this magnitude. You will need an external system such as Casepoint. It is a robust review platform with AI capabilities that can help you with your investigation.

But before you make the change, you have to consider certain aspects. How will you export the data? What will happen to the early review? What about the key documents identified by the internal investigation team? 

This is where you have to focus on designing the process to ensure that all your earlier work product is migrated. This includes creating the right workflows, procedures, processes, and checklists. Having an eDiscovery solution in your corner can make this a lot easier. Here are some of the benefits you will be able to enjoy with an eDiscovery software like Casepoint:

Section Image

An eDiscovery software will enable you to respond quickly to the investigation and reduce your legal discovery expenses. The technology-assisted review and faster collection process also help save a lot of time and money.


Section Image

Casepoint helps you find and connect relevant data. Its AI-powered technology is capable of handling over 600 file types and can make your pattern recognition process a lot easier.

Better Results

Section Image

Casepoint is a secure, end-to-end solution that facilitates easy collaboration and fewer transfers. You can rest assured knowing that your internal investigations are in safe hands.

Reduced Risk

Best Practices

Section Image

In order to conduct an eDiscovery investigation effectively, you have to be overinclusive on legal holds and identify and preserve data. If you have to expand the custodians or recover more data in the investigation’s later stages, you will spend a lot of resources.

Broaden Your Search

Section Image

While it is important to broaden the search in terms of identification and preservation of data, being overinclusive adds the risk of making the situation overcomplicated. You need software like Casepoint that helps you identify relevant topics for review. It helps you take a precise approach to data review.

Be Transparent

Section Image

When conducting an internal investigation, the process might seem like trying to find a needle in the haystack while also organizing every single piece of hay. Having the advanced capabilities of AI will help you with semantic insights and pattern recognition.

Go for AI

Section Image

Internal investigations can be sensitive. For instance, in the case of alleged misconduct, the organization is still employing the potential culprit, and there is a risk of reputational damage. So, it is crucial that you limit the number of people involved in the investigation. No one except the involved parties needs to be aware of what’s happening with the investigation.

Trust Few People

Section Image

Regardless of how small the event that triggered the investigation, there is the potential for the scope to expand. It is crucial that you have a review and analysis solution that is capable of handling complex investigations. Taking a bootstrap approach might end up with you wasting a lot of time and money. Moving to a new platform in the middle of the investigation can also get tricky. So, it is recommended that you consider the possibility of the matter expanding.

Employee Scalable Tools

Section Image

Once the investigation ends, follow-on litigation or government investigation is a real possibility. That is why it is of paramount importance to establish a clear chain of custody. There must be an audit trail of document review coding decisions and AI-driven data exclusion. You have to create a written report detailing the tools, processes, and steps involved in the investigation. If any remedial action was taken, you must be able to justify it during any follow-up actions.



Internal investigations might seem different, but they face the same challenges as the traditional eDiscovery issues. The techniques, tools, and procedures in place to deal with eDiscovery challenges can also benefit the investigation team. Taking a broad approach is crucial, regardless of the subject matter or the scale of the investigation. It will ensure that you avoid any spoilation or sanctions down the road. A software solution like Casepoint is exactly the scalable technology that you need at your organization for an internal investigation.