In our latest podcast episode, Michael Egan, Senior Director in our Legal Technology Group and Governance and Consulting Services Group, is joined by Louise O’Byrne, Partner in our Employment Group and Head of the Commercial Group, to discuss how technology is shaping employment investigations and workplace relations. From scenarios such as data exfiltration to allegations of misconduct, the conversation explores the increasing complexity of modern investigations and the growing role of digital evidence across multiple platforms, as well as the evolving impact of AI tools in this space.
Podcast Transcription
Michael Egan
Hi, welcome back to our podcast. I hope you enjoyed our last session where we discussed the rise of Gen AI in legal services with Colin Rooney. If you missed it, my name is Michael Egan. I’m a senior director of Legal Tech and the Company Compliance and Governance Group. We’re going to focus in on a very niche topic today, where technology is having a big impact in employment investigations and workplace relations. So I’m very happy to be joined by Louise O’Byrne, who’s head of commercial and also a partner in our Employment Practice Group. So welcome, Louise.
Louise O’Byrne
Thanks, Michael.
Michael Egan
So Louise, we’ve worked together quite a bit in this space on employment investigations. I think we have to follow a fair process and ultimately whatever we do, it needs to be able to stand up to maybe the WRC or court challenges. So what I thought would be a good way of going through today and showcasing how the technology and the tech intertwine, was going through scenarios and pick your brain maybe, on how these play out in practise because you have a lot of experience in dealing with this. So the first one we have is data exfiltration. We see this one quite a bit at the moment. An employee may be leaving the business or a disgruntled employee. Do you want to maybe shed some light on what would typically happen in that scenario?
Louise O’Byrne
Sure. Yeah. And as you say, this is becoming kind of an increasing feature I think, of what’s happening in the employment landscape. So the scenario effectively kind of transpires in a couple of ways but the most usual scenario is somebody is leaving the business. It might be unexpected. They could be in a senior position, a sales position, access to a lot of commercial and sensitive data and something occurs that triggers a question mark in the employer’s mind as to what the departing employee may be doing with information and it generally is a combination of two things. It’s either emailing you know significant quantities of data to personal Gmail accounts, or a significant amount of downloading is taking place in a context where that would be an unusual scenario, or certainly it would raise question marks in the context of a departure. So that’s kind of what triggers concerns. And then it really, you get into action mode very quickly thereafter in terms of needing to understand what, if anything, has occurred. And certainly for most employers, there could be a kind of a data protection regulatory element to this. So there could be notification requirements under the GDPR to the Data Protection Commissioner. And obviously there’s very tight timelines there. So it’s really important that you can understand:
A) what is happening
B) the quantity of the data you’re talking about and the nature of the data.
And that all needs to happen sometimes in a matter of hours, but certainly in a matter of a day so that you can then decide how you’re going to deal with the next steps, be it any regulatory notification requirements, which is extremely important, any potential impacts vis-à-vis that individual employee, any steps you need to take in terms of protecting your sensitive personal data. So that’s obviously the next port of call is, is your team, Michael, in terms of how you can support our clients through what is often a very stressful 24 hours.
Michael Egan
The forensic challenge for us is data can leave the organisation so many ways now. It doesn’t walk out the front door anymore. I think what people typically you think of as maybe an encrypted hard drive or a USB key that, you know, a person plugs into a device. In most organisations you can’t do that anymore, you know, you can’t get access to the ports. But there’s so many, there’s so much technology out there. We see all the AI models now. Also, I’d say the people, employees are getting more sophisticated. I mean, they have access to the likes of Claude, ChatGPT and they’re able to look up ways and means to get the information out of the organisation. So you know, you’re up against that as well. The challenge also for us is distinguishing between legitimate behaviour and what’s suspicious behaviour in the organisation, because we need to be proportionate. And ultimately we’re trying to reconstruct the timeline for you guys and we’re trying to follow the information and the movement of data to see exactly what went on. So what we are often doing is we’re preserving the information. So someone may have tried to delete it, they may have modified it and they’ve tried to syncing it across systems effectively to conceal or cover their tracks. We’ll also look at the metadata as well and the logs to try and figure out exactly what occurred and we’re looking at that side of it as well. So it’s all feeding into the speed and getting those early facts for the client so that you, the legal team, can advise them, and that can help shape the legal strategy and how you kind of go forward with the client and see ‘Is there something that we need to be concerned about here?’
Louise O’Byrne
Yeah, and I think obviously when you get through that kind of critical juncture of the first, we’ll say, 24 hours, when you have a fair idea, albeit that it mightn’t be precisely what you’re dealing with, you’ve a fair and you certainly know at that stage the quantity of the data you’re dealing with. You have identified the key players because it’s sometimes not one individual employee. It could be part of a team move, for example, or there could be other forms of impropriety happening. And it’s, as you say, it’s working with the technology and the technologists and the experts that are on your team to do that as efficiently, effectively, and precisely, because precision is key in terms of any regulatory requirements and equally, any individual consequences that might flow from what may or may not be identified because there often are very significant consequences for individuals flowing from this type of issue. One thing I think that your team bring a lot of value, and it’s kind of a post-match analysis piece, is the integrity of your system. So as you’ve pointed out, how data leaves your organisation now has, you know, has changed exponentially because of the sophistication of people and the sophistication of supports that they can leverage to get data out of the organisation. That frightens the life, quite rightly, out of employers. And it’s really important from a post-match perspective that we can identify:
A) what happened, is it a system integrity issue? What can we do to ensure the systems are more robust that that may not happen because it’s impossible to shut down your systems completely so that it will never happen. But that your team have brought a lot of value, certainly to my clients who found themselves in this scenario, in terms of comfort about the integrity of their systems. In a lot of cases, which is no matter how good and robust your systems are, there will always be gaping holes. It’s the question is, is it, as you say, is it a kind of a legit like, is it a bad actor, which it generally often is or is it a systems failure? And sometimes it can be a combination of both, but more often, certainly with the clients that we deal with more often it’s a bad actor. And a bad actor will find a way to infiltrate the system and it’s much easier obviously to do that on the inside than on the outside.
Michael Egan
Yeah, yeah. And I mean and ultimately it can have a huge impact to the business, pricing sensitive information, deals going on. So, you know, it can be quite critical to the business when it occurs. So I’ll move on to the next topic. Another one that we see every now and then is allegations of misconduct by an employee. Do you have any examples of what you typically see maybe in that space?
Louise O’Byrne
Yeah, so lots of examples. I think where tech plays a really helpful role from investigations that we’re dealing with is kind of a power play dynamic. So when you have allegations being made against a very senior person within an organisation by a more junior person in the organisation, you know, depending and certainly allegations of sexual misconduct or impropriety or inappropriate behaviour of that type of nature, is very sensitive and can be very sensitive. And there’s often, in the vast majority of cases, there’s going to be a power play, involved as well. So capturing the data across all of the platforms is very important. And most people say to me, well, that’s, that’s very obvious because surely the person who’s making the complaint will have been a party to such communications, will have been a party to exchanges on WhatsApp, on Teams, on email, or whatever the case may be. And that is often the case. But sometimes what happens is most organisations have privacy policies and they have data retention policies and sometimes this type of conduct can be going on for an extended period of time. So it’s trying to kind of put the genie back in the bottle and working through the timeline there in circumstances where oftentimes it could be a “he said, she said”. So it might not necessarily be a slam dunk text message or Teams message. It could be a more subtle timeline that you’re trying to create and that is very time consuming unless you have very enabled technology to piece through that. And sometimes a more junior person who’s finding themselves in this type of situation can often be a little bit scant on detail. So to ascertain, as most employers will want to ascertain, what exactly went on and how this came about and what the timeline is, it is often not just the case that you’ll have one slam dunk WhatsApp, for example. There will be a whole host of different things across different networks, across a different timeline, a “he said, she said”, and it’s really time consuming and expensive if you’re to do that by way of a manual review or a little bit of guesswork. It’s a needle in a haystack. So it’s working with you guys to say, well, we think we kind of roughly know what we’re trying to establish here, but we need to establish that with, as I said earlier, with a degree of precision, because obviously the respondent in that scenario has all of their rights to fair procedures and natural justice, but with a with a fact pattern, a paper trail, and some form of substantiating evidence outside of “he said, she said”, hearsay scenario. So it’s not an exact science, but all of the tools that you have that I’m sure you’re going to talk to us about, really make that a lot easier, a lot more efficient from a time perspective, and bring much more clarity to a process like this than you would ordinarily have, I think.
Michael Egan
Yeah, yeah. And look, what I kind of hear is there’s like modern investigations, they turn heavily on digital evidence. It’s not just witness recollection. Conversations rarely sit in any one place like you mentioned a couple of the platforms there. And I mean, ultimately there’s humans involved here that remains central too, you have to take that on board. To pick up on your point about the phones and the emails, like in my experience, it is, it might start in an email, a conversation between two people. It might move over to Slack, Teams, and then it might finish up in WhatsApp. That’s just naturally what happens. You have one device, but you have access to multiple platforms. Forensically, the challenge is we need different devices to access every platform. We need a different set of skills, not a different set of skill set, but a highly skilled team to be able to go in and do it. So for example, if a phone comes into play, you need to get the device, you need specific software. Most organisations have a thing called MDM, Mobile Device Management, on their phone. It can make it really challenging to get the information off it, even with the IT team on the other side. Then you will have a mixture of personal data belonging to the employee and their corporate device. That’s a challenge and obviously we handle that as best you can, but you have to take the image of the entire phone. And then if you have a willing or cooperative person, I mean, if someone’s willing, they come in and they give you the passwords and everything, it makes it a lot easier. So that always comes into play. You’re going to have things like email. They’re obvious ones that you’ll collect but you have to work with the IT team to get that. You can get that from, you know, whether that’s Google Vault or it’s Purview. And so we’ll be getting that, plus the teams, you might have LinkedIn, that could come into play as well. Like it’s just throwing out other ideas of this, this can go anywhere when two people are conversing. And as you mentioned, it might come down to one or two series of conversations between the people and we have to find that amongst that vast array of information that we’ve collected and obviously this needs to be resolved by the business. There’s an urgency to finish it. So again, back to the point, we must be proportionate. It must be defensible and you know, there has to be fair procedure as well, which you said. So the tech team’s role in it is often to reconstruct the digital timeline. And I mean, build the jigsaw back for you as your legal counsel and the investigators involved and the client so that you can make a fact-based decision, not something that’s based on assumptions.
Louise O’Byrne
I think one of the more evolving areas that I think we’re kind of now becoming far more alive to is the use, but certainly all of our, we should assume that all of our employees are using multiple AI platforms all of the time. So they’re using both the platforms that are used by the organisation and they’re going to be using their own personal platforms as well. And that creates complexity. It creates a lot of complexity even from a litigation perspective, from a discovery perspective. But in terms of the forensic analysis that you are talking about now and putting the genie back in the bottle so to speak, one thing that all organisations now need to be mindful of is, prompts that employees are using in their AI tools, both the AI tools that are licenced by the organisation and any personal AI tools. And they should be mindful of policies around that. And you know, the level of transparency that there is around that prompts in AI should be considered the same way as emails, as Teams messages, as any other form of communication on a company device. And there needs to be an expectation that they are something that could provide very valuable information to employers in an investigation scenario.
Louise O’Byrne
Certainly, the prompts that are being used can be very telling in any form of investigative process.
Michael Egan
I think a lot of organisations are very focused on maximising AI, as they should be. Like ourselves and everyone else out there, but that’s fine. But you do need to be conscious of the fact that this information is being captured, you need to look at your retention policies and you need to make sure that employees are aware of what’s going on. And I suppose those policies evolve with the technology as well.
Louise O’Byrne
Absolutely. Couldn’t agree more.
Michael Egan
Okay. Well, look Louise, thanks a million for coming in. I know you’re very busy, so I really appreciate it.
Louise O’Byrne
Pleasure.
Michael Egan
I’m sure everyone’s found that a really informed discussion. And if there’s anything in it that you found particularly interesting, do feel free to reach out to either Louise or myself, or visit our website at arthurcox.com/employment. Thank you.
Podcasts
The Arthur Cox podcast series ‘AC Audio’ is a collection of knowledge and insights across a range of practice areas within the firm.![]() |
![]() |
![]() |
![]() |
Disclaimer: The contents of this podcast are to assist access to information and do not constitute legal or other advice. Specific advice should be sought in relation to specific cases. If you would like more information on this topic, please contact a member of our team or your usual Arthur Cox contact.




