Page Header Image

Documentation

About Documentation

Introduction

Increasingly, human rights defenders and other concerned professionals have to conduct investigations into the commission of business related human rights abuses but without appropriate experience, training or access to best practice information. As a result, despite best efforts, information proving human rights violations may be lost, damaged, destroyed or rendered inadmissible with serious consequences for justice and accountability.

This information is for use by human rights defenders, and civil society documenters (often referred to as first responders) but also aims to provide other professionals, such as lawyers, journalists, civilian investigators, human rights researchers and others with the essential knowledge required to document and investigate violations whilst keeping themselves and others safe. The term ‘practitioner’ is used as an umbrella term to describe these various actors.

Ten ESSENTIAL Investigative Rules

During investigations of business-related human rights violations, various harms could be caused to victims and witnesses, to victims' families and local communities, to human rights defenders and practitioners that are carrying out the investigation but also to evidence. For example, evidence could be lost or victims can be re-traumatised if not interviewed properly. 

Adhering to the 10 Investigative Rules detailed below ensures that human rights defenders and practitioners collect evidence safely and ethically and ensure that no harm is done during investigations. This also enables the collection of evidence in a manner that ensures its integrity, and usefulness for when any available grievance mechanisms are accessed.

1. Do No Harm

Ensure, at all times, that your activities do no harm to yourself, victims and witnesses, colleagues, and local communities. Under no circumstance should an investigative activity be undertaken if you are unable to respect the ‘do no harm’ principle. 

Serious and sometimes life-threatening consequences can flow from the intervention of those placing themselves in the role of information gatherers or investigators, including harm to oneself, as well as to victims and witnesses, colleagues, and local communities. The requirement to ‘do no harm’ should therefore guide all activity, including any decision to enter a high risk area, all collection of information/evidence, any engagement with persons associated with an incident or potential witnesses, and all record keeping.

At a minimum, the principle of do no harm involves being aware of the security, privacy, health and other similar concerns of victims and witnesses, as well as taking measures to prevent and mitigate any potential harm that they may suffer. Particular attention must be paid to civilians and those who are particularly vulnerable, including children and victims of sexual and gender-based violence (SGBV). Additionally, seek to manage the expectations of victims and witnesses, to ensure they have a realistic understanding of the investigative and relevant grievance procedure.

Importantly, if you cannot guarantee that no harm will be done to a victim or a witness by a particular activity, you MUST NOT ATTEMPT TO UNDERTAKE THAT ACTIVITY until the risk of harm has been removed or managed. If harm arises during the course of an investigative activity, you MUST CEASE THAT ACTIVITY IMMEDIATELY AND SEEK TO REMEDIATE HARM DONE.

The Public International Law and Policy Group (‘PILPG) Handbook offers a list of minimum actions that should be undertaken to respect the principle of do no harm during investigations:

  1. If necessary, offer or arrange for immediate professionally trained (health) care as the first priority
  2. Conduct a risk assessment prior to undertaking any investigative activity (note: risk assessments are discussed in Preparing a Risk Assessment and Strategy).
  3. Ensure team members are appropriately prepared and trained before engaging in collection activities
  4. Obtain informed consent from victims and witnesses prior to any information gathering exercise, and ensure consent is obtained for any specific activity that will be undertaken during the investigation, such as making audio/visual recordings or taking photographs (see Ensure INFORMED CONSENT, CONFIDENTIALITY, and PROTECTION of witnesses and sources)
  5. Protect the identity and safety of the victim or witness as well as the confidentiality of the information documented (see Ensure INFORMED CONSENT, CONFIDENTIALITY, and PROTECTION of witnesses and sources)
  6. Act with respect, professionalism and empathy towards others, always with their safety and security in mind
  7. Refrain from collecting information from particularly vulnerable persons (traumatised victims or witnesses, particularly children and victims of sexual and gender-based violence showing signs of psychological trauma)
  8. Watch for signs of emotional stress or re traumatisation while interacting with victims and witnesses; stop, pause or postpone the interview/documentation as required. Take special precautions when working with victims or witnesses of sexual and gender-based violence
  9. Avoid interaction with minors without the presence of their parent(s) or legal guardian, and defer interaction with traumatised children to qualified professionals
  10. Prevent harm to yourself and others by securing a high risk area from potential hazards before entering
  11. Plan and prepare adequately

2. Maintain MINIMUM STANDARDS

Always ensure your conduct and the conduct of your colleagues adheres to an explicit set of minimum standards for ethical conduct and professionalism throughout the planning and execution of the investigation process. 

The principle of minimum standards demands that:

  • The investigation is well planned and executed
  • Any decision to enter a location where violations and abuse took place is taken with care and due consideration for the risks
  • Any collection of information/evidence is timely and followed by adequate record keeping
  • Any engagement with persons relevant to an incident or potential witnesses is only conducted when relevant risk assessments have been made
  • That the investigation conducted is verifiable, accurate, independent and impartial. A failure to meet these demands may undermine the viability of future proceedings, and justice as a whole

The minimum standards that you or your organisation adheres to, should be explicit. Accordingly, it is recommended that a Code of Conduct is drafted prior to the commencement of investigative activity. This process should ensure all team members are committed to conducting their activities in line with the minimum standards concerning ethical conduct and professional behaviour.

3. Maintain IMPARTIALITY and OBJECTIVITY

Maintain impartiality and objectivity throughout the investigative process. Your role is to document reliable evidence pointing to the commission of an abuse or violation of human rights. You should collect all relevant information/evidence, including both incriminating and exonerating. 

Always maintain an open mind when recording a potential violation. Separate your opinion from where the information/evidence leads you. Be objective and maintain healthy scepticism about any information you receive. Never assume particular pieces of information are accurate without verification and always question your own assumptions.

When conducting interviews or gathering information/evidence, ask open-ended questions that allow victims and witnesses to provide their testimony freely, without being led. For example:

  1. What? (e.g., What happened? What is the source?)
  2. Who? (e.g., Who was involved? Who did what?)
  3. How? (e.g., How did that happen? How does the person know that?)
  4. Where? (e.g., Where did this take place? Where is this information from?)
  5. When? (e.g., When did this happen? When was this information obtained?)
  6. Why? (e.g., Why does the person believe that?)

4. Be confident of your own COMPETENCE 

Ideally, investigations should ordinarily be undertaken by professionally trained investigators. However, at a minimum, anyone engaging in investigative processes needs to be confident of their own competence prior to undertaking a task. If you believe you do not have the competence to undertake the task, you should refrain and seek advice from appropriately qualified personnel. 

Non-professional practitioners (including first responders) may still have a vital role to play in the information gathering process – for example, in preserving a location where a violation or abuse took place, informing investigators of relevant issues, and preserving information that comes into their possession.

5. Focus on the INFORMATION / EVIDENCE, not law or opinion

Documentation should be fact-led. Premature assessments of what the information/evidence might reveal should be avoided. The role of analysing evidence should ordinarily be left to professional investigators and analysts. 

Fact-led investigations ensure that the truth of what happened is revealed, rather than a partial view based on the investigators preconceived idea of what may have happened. This will provide those subsequently involved in prosecuting cases with a clear view of what information may eventually constitute evidence and its precise relevance and probative value. It will protect you and the integrity of the process from any subsequent complaint(s).

6. RECORD, COLLECT and PRESERVE all information / evidence

Never disregard or discard any information/evidence that appears even vaguely relevant, while continuing to consider all possible outcomes. At the early stages of an investigation, it is not possible to fully anticipate what might be relevant and probative of an individual’s responsibility or guilt. Conclusions cannot be safely reached until the entirety of the evidence has been gathered.

This requires that you do not allow early witnesses and evidence to influence you improperly or limit the scope of the investigation by drawing premature conclusions about what happened. Continually consider all possible outcomes and whether witnesses and information are relevant, adequate and reliable.1

The preservation of all information requires you to ensure that it is not damaged, does not deteriorate or become contaminated and is secured for use during the grievance procedure. As well as being approached objectively, this requires the implementation of a chain of custody for all physical, documentary and digital information/evidence (See Collection and Preservation of Information/Evidence).

7. Implement an ORGANISED SYSTEM to RECORD the investigative steps and the results

Implement a system to ensure information/evidence is handled, stored and recorded in accordance with minimum standards. 

Any obvious departure from the basic principles concerning its collection, handling and preservation risks providing reasons to doubt its integrity or even its exclusion in any future judicial process.

The principal components of preparing for an investigation are: a safe and secure storage system, an investigations kit and folder, an investigations plan and a risk assessment and strategy.

9. Always Implement a CHAIN OF CUSTODY

The proper collection of information/evidence is based on: (i) the implementation of a chain of custody; (ii) preservation of the information; and (iii) accuracy in identification and labelling. At a minimum, this involves ensuring a proper description of the source of the evidence, the correct labelling of the information/evidence, a record of its removal from its original place and its storage and movement until it is handed over to the relevant authorities.

As part of this basic standard, attempt to source and authenticate the information/evidence. Depending on the item, this could be as simple a step as asking particular questions to the person who hands you a document, or finding information that corroborates its origin. A complete chain of custody should record:

  • The whereabouts of the piece of information from the moment someone receives it to the moment it is handed over to the relevant court or other proper authority 
  • All persons who handled that information, including those that provided the information and those responsible for the storage of that information
  • The purpose for which the information was handled, for example an investigator handling the information

10. Be aware of your own IN-HOUSE GUIDELINES

Your organisation may have, or should implement, in-house guidelines to ensure professionalism and minimum standards, which should be adhered to throughout the information gathering or investigative process. 

You should keep these in mind throughout the information/evidence gathering processes to ensure the credibility, accuracy and reliability of the information/evidence collected. This will provide an on-going measurement of minimum standards and protect you and the integrity of the documentation process from later criticism.

  • icon image

    Note That

    No investigative activity should be undertaken without first ensuring that these 10 Investigative Rules can be adhered to throughout the investigation. Respect for these principles increases the likelihood that relevant information is collected in ways that optimise the potential that it will be useful in future.

Preparing for an Investigation

This Section addresses the steps practitioners should undertake prior to commencing investigative activities to create a safe and secure system that ensures that minimum standards of collecting, handling and documenting information are maintained. 

1. Implementing a Storage System

Prior to engaging in any investigative activities, practitioners must consider where and how any information is going to be stored and organised. In case the grievance procedure selected is through judicial proceedings, be aware that parties to these proceedings (for example, prosecutorial authorities or defence lawyers) may not only probe the final evidence but also the integrity of the investigation, including the storage system and the chain of custody of the information gathered.

If the confidentiality and/or integrity of the information cannot be guaranteed during its collection or storage, then it must not be collected.

Note: This section does not consider how a practitioner should catalogue the information collected, only the overall minimum arrangements required to secure it.

How to Store Information? 

A manual storage system, a digital storage system, or a combination of both may be used to collect information. The following considerations must be taken into account when determining the most appropriate storage system:

  • The physical space available
  • The practitioner’s capacity and resources
  • The available security measures to keep each type of information (physicaltestimonialdocumentary or digital) safe and confidential

To safely handle and store information, the following basic principles must be followed at all times:

  1. Plan where the information will be stored and who will have control over it
  2. Consider the available technology to store, backup and encrypt sensitive or confidential information
  3. Store public and confidential information separately
  4. Store information that identifies a victim/witness separately from that victim/witness' statement or summary. For more information, see The Investigative Kit and Investigation Folder.
  5. Organise information to be easily and logically retrieved
  6. Ensure staff understand how to relocate stored information once the files have been secured, how to secure the information during an emergency evacuation and what to do if the storage facility is searched by authorities, including identifying information that is protected by professional privilege and cannot be seized
  7. Avoid carrying documents or files identifying victims/witnesses by name or location by travelling only with (protected and backed-up) USB sticks.

Practitioners may consider organisations, such as the Human Rights Information and Documentation Systems (‘HURIDOCS’), that use technology and documentation methods to organise and present data about violations.

Manual Storage System

If a manual storage system is being used, these additional basic principles must be followed:

  1. Store the information in a locked storage facility (cabinet, safe or other storage unit)
  2. Limit access to the storage facility to specific staff and have a clear policy on who is permitted to access the information
  3. Have in place an emergency security plan to ensure the personal safety of those staff with access to the storage facility. See Preparing a Risk Assessment and Strategy
  4. Keep a logbook to record any access to the storage facility (e.g., name of the person, the date, the time, purpose of access, and what items were accessed)
  5. If the information is part of a set or collection (e.g., multiple photographs of a scene of human rights violation), make sure that each item is marked and identified as part of a set and bind it with a note stating what makes up the full set
  6. All items should be catalogued with an established numbering system. The numbering system should link to any connected witness statements or summariesdocumentary or other pieces of information
  7. If the information is perishable, ensure the storage conditions are appropriate. In particular, keep it away from heat, light and humidity as well as insects, mice or other animals that may damage it

Digital Storage System

If a digital storage system is being used, these additional basic principles must be followed:

  1. Conduct a risk assessment and put in place a digital security protocol before starting to collect and store information electronically. Ideally, in addition to open source guidance (such as Security in-a-Box Guide to Digital Security), specialists should be consulted
  2. Assess which technologies are the most appropriate for your purpose and context (Security in-a-Box – Digital Security Tools and Tactics provides guidance on available technologies)
  3. Protect and encrypt all sensitive electronic files with a password. Encryption tools are often freely available on the Internet. Some examples are: AxCryptBitLockerGNU Privacy Guard and 7-Zip
  4. Consider whether to keep a record of relevant passwords somewhere secure and off-site
  5. Limit access of protected files to specific staff. There should be a clear policy on who can access the information
  6. Make and keep two copies of all digital files by transferring and storing them on a computer, memory key/USB and/or read-only CD which is kept separately/outside of the office
  7. Have an emergency security plan to ensure the personal safety of staff with access to relevant passwords and protected files. See Mitigating Risks to Practitioners (p. 40)
  8. Use anti-virus software and back up database files
  9. Automatically record any access to the digital files and have an edit-trail function on the database
  10. Ensure digital storage systems are demonstrably inaccessible and are sufficiently protected against tampering. (See Security in-a-Box – Digital Security Tools and Tactics for guidance on available technologies) 

For more information on digital information, including authentication and verification, see p. 62 et seq.

 

2. The Investigative Kit and Investigation Folder

1. The Investigative Kit 

Prior to any investigative activity, an Investigative Kit containing the basic tools, files and recording logs, required to retrieve and organise the information, should be prepared.

The Investigative Kit should include:

  1. Communications equipment, mobile telephone, satellite telephone, radio (or similar)
  2. Laptop computer
  3. Digital audio recording device that can be used to record interviews, oral notes of investigative activities or observations at a crime site
  4. Digital storage media (thumb drives, memory sticks, etc.)
  5. Global Positioning System (‘GPS’) navigators (and maps)
  6. Camera (an Evidence Photo Board is a useful tool for photographic information. This is simply a small chalkboard or a blank piece of paper on which the practitioner writes key information that will help identify the photo at a later time)
  7. Measuring tape
  8. Sketch pad
  9. Rope and signs to secure an incident scene
  10. Rubber gloves
  11. Cotton swabs
  12. Plastic bags
  13. Information storage envelopes
  14. Flashlight
  15. Memo pads
  16. Information kit inventory

2. The Investigation Folder 

Practitioners should use an Investigation Folder to catalogue the information collected during investigative activities. An Investigation Folder can be created either electronically or in hardcopy but must include every record of your investigative activities and copies of the information collected.

Small Investigations 

For investigations that involve allegations of single event violations or do not involve large quantities of information, a simple ‘Investigation Folder’ (or Investigation Sheet) recording the following information may suffice:

  1. The identity of the alleged perpetrator(s)
  2. The location, date and time of the incident
  3. The circumstances and the nature of the incident
  4. The responses of the government and/or of other groups
  5. The relevant information that is available (witness summaries/statements etc)
  6. The identity and personal information of the victim(s) or witness(es). This should be kept in a separate Witness Statement File and a Confidential Witness Information File (see below)

Larger Investigations 

For larger investigations involving large quantities of information and/or multiple allegations, a more extensive Investigations Folder or database (preferably electronically but also in hardcopy if necessary) should be created prior to the information gathering process.

An Investigation Folder for more complex investigations should contain the following:

  • Case Management File - ensures that all activities undertaken pursuant to the investigation are accurately recorded. It should also include: 
    • An Activity Log - to describe all activities undertaken relevant to the investigation and clearly detailing who was involved in the investigation, what they did, and when
  • Communications File - records all the communications relevant to the investigation. This should contain: 
    • Communications Log - recording each relevant communication related to the progress of the investigation including its date, time, duration, participants and content
    • Copies of all written correspondence - with persons outside of the investigative team including letters and emails, received or sent by investigators should be included. Include an entry recording the date of the correspondence, the author and a description of its content
  • Witness Statement File - contains all the written or digital witness statements or summaries. Any information that may identify the victim or witness should not be included in this file. Sensitive information will be included in a separate confidential Witness Information File. The Witness Statement File should contain: 
    • A Witness Communications Log - chronologically recording all the contact that the practitioner had with each witness. At a minimum, it should include: the witness’ code number (it should not include the witness' name or identifying information), the name of the practitioner conducting the interview, the date, the time and the place of the interview, and the names of the people present
    • All Witness Statements - The original witness statements should be preserved in a secure place. Put a photocopy of the witness statement in the Witness Statement File only after names and other identifying information has been removed
  • A sub-file (Confidential Witness Information File) containing confidential information about the witness should be kept SEPARATELY from the Witness Statement File, in a secure place, such as the evidence storeroom. This should include: 
    • Witness Code Sheet - identifying each witness and their corresponding code. This is one of the main documents in the witness protection system. It is the only sheet that contains the identity of all the witnesses. While the Witness Code Sheet forms part of the Witness Information File, it should be stored in a secure and separate information storage box which follows the same general storage principles as above
    •  Witness Information Sheet (see ANNEX-4)  - records sufficient information about the witness to ensure that they can be located again in the future. Record detailed background information about each witness, including name, address, telephone number, date of birth, place of employment, any national identification number, copy of driver’s licence/passport/national identification card, photograph of witness, and names of at least three permanent contacts

At all times while organising files related to witnesses, consider the Ten ESSENTIAL Investigative Rules, in particular: Principle One: Do No Harm and Principle Eight: Ensure Informed Consent, Confidentiality, and Protection of Witnesses and Sources:

  • Physical Evidence File – should contain a “Physical Evidence Log” and, if possible, photographs of each piece of physical information linked to the identifying information: 
    • Physical Evidence Log  - records all physical information collected. Make a separate entry for each piece of information. Each entry should contain: “the log number, the date the information was collected, the information envelope number, the name of the person who collected the information, and the description of the item”
  • Photograph and Video File - This File should contain a copy of all photographs and/or videos taken or collected. The File should include: 
    • Photograph and Video Log - should contain a separate entry for each photograph and video. Each entry should contain: “the log number, the date the photograph/video was taken, the name of the photographer/videographer, and a description of what the photo/video depicts”
    • Copies of all Photographs and Videos – if photographs and videos are stored electronically, burn a duplicate of the digital files onto an external hard drive and store the hard drive with the physical information and /or upload to a secure location. If electronic storage is not available, store the photographs/videos securely with the “Photograph and Video Log,” indicating how to find each individual photograph/video
  • Document File - should contain a “Document Log” and a copy of all documents obtained during the investigation. The File should include: 
    • Document Log - records all documents collected by numbering each entry and recording the date it was received, the name of the person who collected it, and a description of the document
    • Copies of all Documents - make a clear photocopy of each document as soon as possible to be kept in the File. Original documents should be placed in a sealed envelope to be stored with the rest of the physical information in a secure location
  • Sketch and Diagram File - should contain all of the investigative scene sketches or diagrams created during the investigation (or scanned copies if the File is electronic). The File should include: 
    • Sketch and Diagram Log - each entry should contain: the sketch/diagram number, the date it was drawn, the name of the person who drew it, and a description of what the sketch/diagram depicts
    • Copies of all sketches, charts and diagrams - Duplicate and store all sketches, charts and diagrams in a separate, safe and secure place 

Proposed examples of file logs for the Communication, Witness Statements and Physical Information Files are annexed (see Template Investigation Logs).

3. Maintaining Two Investigative Notebooks 

It is advised that practitioners use two notebooks to record details on the investigation. 

Notebook 1: a notebook to record all objective notations, including the practitioner’s actions and other details of the investigation. For each activity you undertake, include a short description of where you were, who was there, what you observed and when. Also include a step-by-step description of the action with a comprehensive note of any information received and any relevant occurrences, such as leads provided and by whom. If possible, record matters contemporaneously as opposed to at the end of the day or at a later date. This notebook may later be used in analysis by investigators and may have to be disclosed to the parties to any proceedings, including the accused or those seeking to challenge the integrity of the investigative process. Thus, strive for accuracy while simultaneously resisting the temptation to be overly narrow. You should not attach legal determinations to the acts observed. For example, if police officers are detaining a large group of civilians, do not immediately conclude that it is an act of illegal detention. Confine the note to reporting the observation of seeing police officers detaining a group of (what appeared to be) civilians at a particular place and time. If the practitioner is unclear about what they are witnessing, ensure that any subjective analysis or conclusion is kept separately from the observations of fact in Notebook 1. 

Notebook 2: a notebook to record any subjective analysis, personal reflections or other similar commentary. The purpose of this notebook is to separate subjective information from the factual information recorded in Notebook 1. This notebook will serve more as an aide memoire for the practitioner and is intended to provide a personal, nuanced and living record of the progress of the investigation.

This separation of factual information from subjective recollections is crucial for two main reasons:

  • Harm to subsequent investigations: mixing the two (e.g. jumping to conclusions or pre-maturely attaching legal determination to the acts that you are observing) may introduce partiality and harmful subjectivity, including to the work of subsequent investigators.
  • Submission to the court: if the information recording your investigative steps needs to be used in court, it can be done by submitting only Notebook 1. By being entirely personal, Notebook 2 ought to be protected from disclosure.

The format and content of the notebooks will vary but the following are important to consider:

  1. Make notes at the time of the occurrence or as soon as possible thereafter
  2. Record notes in a bound and consecutively numbered book, notepad or similar, including page numbers. This ensures that pages cannot be torn out and re-written, assisting in establishing their authenticity
  3. If notes are made electronically, e.g., on a laptop or personal digital device, print a copy as soon as possible and ensure it is signed by the maker and witnessed. This document protects against allegations that notes were altered at a later date
  4. Where mistakes are made in the notes, mark a single line through the error and record the correct entry. This ensures complete transparency of the record
  5. Initial all corrections or additions to the notes
  6. Commence notes with the date and time and, where appropriate, record the time throughout the notes (this places a verifiable sequence to the record). Also record a description of the task, location and persons involved
  7. Write notes clearly and explain any abbreviations, if used
  8. Sign notes after the last entry and include your full name, title, date and time. The notes may also be signed or adopted by appropriate members of the investigative teams
  9. Do not leave large blank spaces in the notes
  10. Protect and secure the notes in accordance with the guidance above

 

3. An Investigation Plan

Once a storage system and the Investigative Folders have been considered, the practitioner(s) should prepare an Investigation Plan (which includes Preparing a Risk Assessment and Strategy) to act as the road map for all the investigative activities to follow and to define how the practitioner intends to conduct the information gathering activities.

A clear understanding of the practitioner's capacity to conduct the investigation will shape the scope, intended outcomes and methodology of the Investigation Plan. The Investigation Plan must be fluid and open to amendments as the investigation proceeds and should adapt to the different stages of the investigation and any new information that is found. 

It is important to keep in mind that the discovery of new information may necessitate a re-writing of the objectives, or may lead to a whole new line of inquiry that needs to be explored.

The Investigation Plan should contain the following elements:

  1. Preliminary research and identification of allegations and objectives 
  2. Potential violations, elements needed and information required 
  3. Potential subjects to be investigated
  4. Resources and cost 
  5. Plan of investigative activities 

1. Preliminary Research and Identification of Allegations and Objectives

Prior to drafting the Investigation Plan, the investigations team should undertake preliminary research on the following issues:

  • What violations have allegedly been committed
  • Whether the available information may have already been documented by other actors
  • Whether further investigations are necessary

Pending the finding of this preliminary research, you may need to conduct further research on issues such as:

  • The local context where the violations are alleged (for example, whether there is an ongoing dispute between local communities and a company)
  • The local political structures
  • The history of business presence in the area
  • Whether certain groups have been primarily targeted, which can be an indication for certain crimes, such as genocide or crimes against humanity 
  • The alleged perpetrators (including the political, military or security organisations from which they emanate)
  • The legal and social services available in the area for victims and witnesses of the violations committed

This can be achieved using, amongst other methods, open-source information, including websites, media outlets and reports from international organisations (such as the United Nations (‘UN’)), or civil society organisations (‘CSOs’).

Preliminary research should also focus on identifying the available accountability mechanisms and an accountability strategy. This strategy should explore whether the aim of the investigative activities is to:

  • Highlight human rights violations
  • Preserve information for future accountability mechanisms or
  • Support international investigations

By focusing on the aims of the investigation from the outset, including which grievance mechanism(s) to pursue and the requirements for the chosen mechanism(s), practitioners will be better equipped to ensure that the investigative team and approach possesses the necessary skills and capacity to pursue the anticipated activity to the relevant standard.

Based on the findings of the preliminary research, a clear statement of the allegations and how the information was received should be included in the Investigation Plan. It may be possible to make a preliminary assessment of the credibility of the allegation and any information available at this stage of the investigation.

2. Potential Violations, Elements Needed to Prove Violations and Information Required 

Prior to the commencement of investigative activities, practitioners should try to form a preliminary view of the violations that may have been committed, and what elements need to be proven to establish these offences. 

Investigation of business related human rights abuses should normally be conducted in a two-step manner.

  • First, consider the information indicating that the alleged violations have been committed (i.e., the evidence (see Investigating the Violation Base)
  • Second, assess the evidential links between the alleged violations and the (chain of) people or businesses allegedly responsible for committing them (see Investigating the Linkage to Businesses)

The grievance mechanisms that you aim to pursue (identified during the preliminary research) should guide the assessment of the legal regime establishing the violations, the elements of these violations, and the information required to prove them.

Consider the capacity of your organisation when deciding on the geographic or temporal scope of the investigation. In addition, consider the breadth of the violations that it will focus upon and the possible perpetrators. Factors that may affect your decision include: the overall accountability objective, the capacity and skills of the personnel that the organisation can deploy, the risks involved, and the personnel’s ability to identify and safeguard the well-being of relevant victims and witnesses.

Based on the foregoing, limit the scope of your investigation in accordance with the capacity of your organisation. Without adequate funding, resources or capacity, it is unrealistic (or even unethical) to attempt to engage in a complex investigation process involving multiple allegations, lines of inquiry and locations.

3. Potential Subjects to be Investigated 

Consider which groups or organisations conduct should be investigated, such as employees or representatives of the business, state authorities, police or non-State groups. Let the investigation be led by the information and refrain from premature attempts to identify suspects, as to do so would be detrimental to the impartiality and overall accuracy of the investigation.

Depending on the capacity of your organisation, it may not be appropriate to conduct investigations into named individuals, particularly high-level suspects, due to the considerable security and resource demands associated with such investigations.

For more information, see Investigating the Linkage to Businesses).

4. Resources and Cost 

Consider administrative details, such as how many staff are required to conduct the investigation (including interpreters, investigators, intermediaries  and technical experts, such as child protection specialists). In addition, consider the location of the offices, the storage systems needed, and any other additional resources required for the investigation.

Strive for all members of the team to have appropriate skills and competence to conduct investigations of human rights violations. To this end, the PILPG Handbook notes that an organisation preparing to undertake investigations of serious human rights violations should:

  • Ensure that all members of the team are appropriately selected and vetted
  • Ensure all members of the team are appropriately trained to document violations 
  • Ensure team members’ ability to deal with victims of serious human rights violations including minors and/or victims of sexual and gender-based violence (SGBV’) (for more information, see Specific Guidance on Collecting Information/Evidence of SGBV, and SGBV Against Children).
  • Where possible, train staff to deal with trauma and how to recognise and respond to post-traumatic stress disorders
  • Ensure consistent and fair accountability for the actions of all team members, clearly discuss what is expected from them and the consequences of not being able to meet those standards
  • Never jeopardise the safety of victims, witnesses or other persons with whom the investigation comes into contact

Where necessary and possible, the Investigation Plan should also include an estimate of costs of the investigation taking into account travel, specialised staff required, equipment costs, document storage systems, and handling costs.

5. Plan of Investigative Activities 

Considering the potential offences and the elements of those offences as defined above, the Investigation Plan should consider what sorts of information may be sought, where it is likely to be located, and how it can be obtained.

An information matrix should be created, where the elements of the offence(s) or violation are listed alongside the possible types of information that would establish the element.

The Investigation Plan should include how information can be obtained and the identification and prioritisation of all potential sources and leads that will be followed during the investigation. In broad terms, this section should identify:

  • The steps that might be taken to generate further leads and ensure a sufficiently broad information gathering exercise
  • All the locations where information may be found (including where the violation may have taken place, where the victims were immediately before, during or after the incident and any place the possible perpetrators were immediately before, during or after the incident)
  • Any prioritisation of scenes to visit
  • The steps that need to be taken for retrieving and finding information at each scene of human rights violation
  • Potential witnesses who might provide relevant and probative investigative leads or information about the incident
  • Potential documentary information that must be preserved

It should be remembered that the role of the practitioner is to gather all relevant information, and this planning exercise is not designed to restrict the information that is gathered or constrain the scope of the investigation. Practitioners should be prepared to change the Investigations Plan in accordance with the information gathered.

6. Review 

The Investigation Plan should allow for continuing reassessment as new information is received. It is recommended that the Investigation Plan identifies specific times (i.e., at specific phases of the investigation or at regular intervals) for the investigation findings to be reviewed and incorporated into the Plan.

Collection and Preservation of Information / Evidence

This Section - Collection and Preservation of Information/Evidence - outlines the specific steps concerning the receiving, recording, handling and preservation of physical, documentary, digital and testimonial evidence.

1. Collecting and Preserving Physical Information

The standards below outline the basic principles that should be maintained if you receive physical information. Physical information refers to physical objects as well as prints (such as fingerprints, footprints, cut marks, tool marks etc.) found at the scene where the human rights violations happened.

Observation and investigation of a location where violations and abuses took place and collection of physical information may involve risks to health and safety. Practitioners should exercise extreme caution when collecting and handling physical information or accessing locations where violations took place. It usually requires a high degree of training and expertise. However, if owing to the circumstances, you are required to collect, handle or preserve physical information, then follow the principles and guidelines in this section.

Observing and Documenting a Scene of Human Rights Violation

The management of  a scene where violations and abuses took place is a highly technical process that requires the expertise of a professional investigator. An inexperienced practitioner may easily contaminate a scene of human rights violation in a variety of ways. Therefore:

  • Do not attempt to enter, secure, manage, or intervene in, a scene of human rights violation
  • If practicable, contact the appropriate domestic or international authorities within your locale to process the scene  of human rights violation

Only undertake this role if:

  • Professional investigators are not willing or able to access the scene of human rights violation in time to preserve the information
  • Information arising from the scene of human rights violation would be lost or damaged if the scene  of human rights violation is not secured
  • You are confident of your expertise and have carried out appropriate risk assessments (see Preparing a Risk Assessment and Strategy to ensure you and others remain safe)

In the event that these conditions are met, take the following steps in observing and documenting the scene  of human rights violation. 

Step One: Preserving the Scene of human rights violation

Preserving a a location where violations and abuses took place is a three-step process that requires: 

1. Assessing the safety of the area where the scene of the human rights violation is located 

As a general rule, the safety of the practitioner or any other person found at the scene of human rights violation should always have priority over information gathering. 

First, make sure that the site is safe and free of any dangers. Perpetrators of human rights violations often have an interest in destroying information and will consider violent means to do so. 

When assessing risks to the scene of human rights violation:

  • Identify and plan for escape routes – take into consideration how you and your team and the information gathered can be transported from the location. Refer to the Preparing a Risk Assessment and Strategy
  • Identify nearby medical facilities and your ability to access medical care when needed
  • Locate other actors working in the area and determine the trustworthiness of local authorities and whether collaboration is appropriate
  • Ensure capable personnel have swept the area for landmines, unexploded ordnance and booby traps
  • Make initial observations (look, listen, smell) to assess the safety of the scene
  • Wear protective clothing (such as protective helmets, gloves and shoes)
  • Prioritise assisting any injured persons found at the scene through first aid, if need be

2. Identifying the scene of a human rights violation

Once the safety of the area is established, the practitioner should identify the scene of a human rights violation. This requires the practitioner to:

  • Identify the central point(s) of the scene, i.e., the exact location where the violation occurred (e.g., a street where a person has been shot or a room where a violent act occurred)
  • Consider whether there are any possible secondary scenes. Physical information may not only be found in the direct vicinity of the violation. The practitioner should attempt to identify all locations where physical information may be found (i.e., the investigative scenes)
  • Cordon off an area around the central point and investigative scenes that is large enough to contain all relevant physical information 

3. Securing the scene of a human rights violation

Once the scene of human rights violation is identified, the third step is to secure it with a view to maintaining the integrity of the investigation and ensure that the information is not interfered with. This requires the practitioner to:

  • Accurately record the location of the site
  • Sketch the site including the location of potential information
  • Cordon off the scene with scene tape
  • Establish a common entry point to the scene
  • Monitor access to the scene
  • Keep a log of all those who enter the scene
  • If the scene is outdoors, promptly photograph and shelter it from the weather
  • Ensure everyone refrains from contaminating the scene. This can be done by avoiding the use of any facilities available at the scene (such as telephones and bathrooms); not eating, drinking or smoking within the scene; not moving anything/anybody (except for situations where it is absolutely necessary); not touching or handling objects found in the scene; and not littering or spitting

Step Two: Observing and Recording the Scene of a human rights violation

After the scene is secured, proceed to record what you have observed in as much detail as possible in the Investigation Folder (in the activity log) and your notebooks. 

The purpose of this is to have an accurate and reliable account of the original state of the scene of human rights violation. Detailing the activities undertaken by practitioners at the scene may prove vital in establishing whether the scene was tampered with.

In detailing the scene of a human rights violation, practitioners should:

  1. Record facts regarding the scene, not personal opinions
  2. Ensure that the notes are correct, detailed and professionally kept; the records you create may eventually become evidence in any court process 
  3. Note the date/time of the incident and also the date/time that you arrived at and left 
  4. Note the location and size of the scene through GPS coordinates and by hand on a map. The map should be signed, dated and preserved
  5. Note the type of violations that may have occurred at the scene
  6. Note your observations in the Investigation Notebook, i.e.: 
    • Your vantage points in observing the scene
    • How the scene looked when you arrived 
    • Whether anything has been moved within or removed from the scene
    • The location, description and measurements of any potentially valuable information that is found (including any deceased victims)
    • Who was present at or leaving the scene and their activities
    • The names and identifying details (full names, dates of birth, ID details, places of residence, contact information, etc.) of potential witnesses
    • Description of any suspicious vehicles that are seen, including colour, year, make, body and licence
    • Description of any suspicious individuals using the ‘head to toe’ method, i.e., his/her race, sex, age, height and weight, followed by a description of the individual from head (hair) to toes (or shoes)
  7. Supplement or substitute the written record with voice recordings, photos and videos, in case it is more practical than writing down observations
  8. Prepare a detailed bird’s eye sketch of the scene of human rights violation (including an indication of the scale used in drawing, signed/dated and stored) which indicates: 
    • The direction of north
    • The central point of the scene
    • The location(s) where the violation(s) occurred
    • The location of identified information or objects. Such objects should be labelled and described
    • Any landmarks, roads or buildings with a label and description
    • Any measurement of pertinent objects and spaces between them

 

Collecting and Handling Physical Information

As a general rule, do not attempt to collect or remove physical information from a scene of a human rights violation. As indicated, managing scenes and collecting information are primarily the responsibility of experienced professional investigators mandated by domestic or international authorities.

Nonetheless, in certain situations, it may be necessary to collect and retain physical information. This may be the case if, for example:

  • The information in question would disappear or deteriorate without its immediate collection 
  • You are requested by the authorities who do not have immediate access to the scene to collect and store the information on their behalf

Only under such circumstances should practitioners engage in the collection of physical information at a scene. Proper collection of physical information is required to ensure that it retains its (reliability and probative) value. These standards rest largely on three stages:

  1. Collecting: accurate recording of the information or item
  2. Handling: implementing a chain of custody
  3. Storing: preservation of the information or object

Step One: Collecting Physical Information 

Generally, practitioners will come into possession of physical information in two ways: collecting it from a scene or receiving it from a source, such as a witness or victim of the violation. 

If you cannot accept a piece of information due to concerns on how to handle it properly, make a note of it in your Investigation Notebook together with its location and the details of the provider to enable its collection at a later date. 

1. Collecting Physical Information from a Scene of human rights violation 

As a general rule, defer the collection of forensic information (i.e., DNA, blood, semen, body parts etc.) to professionally trained practitioners. Similarly, collection of potentially dangerous information such as firearms or other weaponry and associated material (such as cartridges, casings and bullets) should be left to professionally trained practitioners.

When collecting other types of physical information from a scene of a human rights violation:

  • Consider the elements of the violation when deciding what to collect 
  • Prioritise collecting information which may disappear/deteriorate if not collected immediately
  • Wear protective clothing (e.g., gloves) before collecting the item to avoid contamination
  • Photograph the information in its original location before removing it
  • Record the description and the original position of the information in sketches and notes
  • Place the object in a storage bag which has a piece of paper attached to it or an envelope and seal it in a way that will allow any tampering to be detected
  • Record the reference number given to the object, the date, time and location of collection and name of the person who collected it on the bag/envelope
  • Record the chain of custody of the object on the storage bag or envelope by noting the details of the person who collected the item and the item’s movement from the possession of one person/location to another, if applicable
  • If possible, engage experts in gathering physical information which requires specialist knowledge (such as gunpowder, DNA or bodily fluids) to prevent them from degradation or contamination

2. Receiving Physical Information from a Source 

When receiving physical information from a source (i.e., a victim, witness or a third party), the practitioner should:

  • Avoid receiving information in exchange for money
  • Ensure that the provider obtained the information honestly, without threat, coercion or trickery and with due regard to the fair treatment or others, especially the vulnerable.
  • Record the personal and contact details of the provider
  • Wear protective clothing (i.e., latex gloves) in handling the item in order to ensure that any possible forensic information on the item is not contaminated
  • Do not promise to the provider that the information or their identity will remain confidential in all circumstances
  • Explain to the provider that the authorities who receive the information may be able to address any confidentiality and/or security concerns through protective measures
  • Consider the motivation of the provider in providing the physical item

3. Recording Physical Information 

Whenever you observe and/or collect any form of information, record it in writing in the Investigation Folder. The section of the Investigation Folder on physical information should include:

  • A Physical Evidence Log to register the collection of physical information from the scene of human rights violation, indicating: 
    • The reference number of the object appointed by the practitioner
    • The description of the object
    • When, where and by whom (including their contact information) the object was collected
    • If it was provided by a person, when, where and by whom (including their contact information) it was provided
    • Any additional comments regarding the circumstances under which the information was collected/provided
  • Photographs of the collected information

Step Two: Handling Physical Information 

Proper handling of physical information is crucial to ensure its reliability and, consequently, its successful admission as evidence before a court. This requires maintaining an accurate and complete chain of custody of the item in question. 

You should strive to keep the chain as short as possible. As few people as practicable should handle the information. If a link in the chain of custody is missing or in question, a court may need to assess whether it has been intentionally or inadvertently altered from its original state, affecting its admissibility, or the reliability and weight given to it by the judges. 

In short, to ensure an accurate chain of custody, the practitioner should:

  1. Put the information in a storage bag or envelope
  2. Record the following on the “chain of custody sheet” that is fixed to the storage package or envelope containing the physical item: 
    • The reference number assigned to the object upon collection
    • The name of the person who originally collected the item, the date and time it was collected and the location where it was found
    • A description of the object (appearance, quantity, size, weight and other features)
    • The names of all persons who take possession of the item, the date, time and location of handlings, and the purpose for which they handled it.
  3. Seal the bag/envelope with adhesive tape in a way that enables any interference to be detected
  4. Store it in a secure location where it will not be disturbed
  5. Keep an up-to-date record of the whereabouts of the item in the Physical Evidence Log

Step Three: Storing the Information 

Once you have completed the necessary steps regarding the collection and handling of the physical item, you must store it. A practitioner should:

  1. Store the information in a secure, safe place such as a room or a closet space with a lock, free from environmental factors (extreme heat or cold, water, etc.) and unauthorised access
  2. Appoint a person to be responsible for the storage area and access to the physical items
  3. Institute a logbook to record who is entering the room and for what purpose
  4. Ensure that any handling of the item after storage is properly recorded
  5. Contact the authorities to pass the item to professional investigators as soon as practicable 

Please see Implementing a Storage System for detailed information on the storage of physical information.

2. Collecting and Preserving Documentary Information

Documentary information gathered from private and public sources are vital to the investigation of business related human rights abuses, including in linking perpetrators to the violation and establishing the elements of a particular abuse. Documents are often difficult to dispute and, unlike oral testimony, are more likely to be contemporaneous and free of ill will or bias (if not produced for the purpose of the trial process). Any practitioner needs to ensure that it is properly sourced, handled and authenticated.

Whilst digital information is also considered as documentary information, due to specific technical considerations regarding utilisation of such information, the principles related to digital information are dealt with in a separate section, see Collecting and Preserving Digital Information/Evidence.

Receiving and Handling Documentary Information

Documentary information can be gathered from public and private sources. These include state authorities, international organisations, non-governmental organisations, victims and witnesses, private individuals and organisations, national or international media, including radio broadcasts, online posts, newspapers and online sources.

Documentary information relevant to the potential commission of a business related human rights abuse may include:

  • Official documents: orders, instructions, rulebooks, periodic reports, situation reports, meeting reports (agendas, minutes, stenographic records), land and property records
  • Official logbooks: documents from police stations, prison records, etc.
  • Official financial and personnel records: payslips, telephone and transportation billing records, personnel files/dossiers, commendations, and attendance records
  • Court files and prison records: case files, investigative reports and dossiers, records pertaining to detention and release of prisoners and prisoner health records
  • Maps
  • Medical records from hospital and psychiatric institutions
  • Business records of companies
  • NGO reports
  • Diaries, journals and other forms of individual records
  • Newspapers and other print media

Step One: Receipt of Documentary Information 

In receiving documentary items from external sources, practitioners should:

  • Avoid receiving documentary items in exchange for money
  • Ensure that the provider obtained the document through valid means 
  • Consider the motivation of the creator/provider in creating/providing the documentary item
  • Not promise the provider that the item or their identity will remain confidential in any circumstances
  • Wear protective clothing (e.g., gloves) in handling the document to avoid contaminating any possible forensic information (if applicable)
  • Avoid altering the original state of the document in any way (e.g., stapling the document)
  • Make copies of the original document as soon as practicable and store the original appropriately to prevent loss or damage. Avoid making too many copies of the original document
  • Explain to the provider that domestic or international authorities who will receive the document may be able to address their confidentiality and security concerns through protective measures

Step Two: Authenticating Documentary Information

One of the most significant issues regarding documentary information is its authenticity, which is intrinsically linked to the eventual assessment of its reliability and probative value during admission of evidence in a court. Accordingly, a document’s authenticity must be established for it to be admitted as evidence before a court.  A given document may:

  • Be self-authenticating, for instance, if it is an official document publicly available from an official source
  • Be prima facie reliable, meaning it bears sufficient indicia of reliability such as a logo, letterhead, signature, date or stamp and appears to have been produced in the ordinary course of the activities of the person or organisation that created it
  • Not bear sufficient indicia of reliability, meaning that its authenticity must be established to enable the court to verify that the document is what it purports to be 

1. Authentication

If a document is not self-authenticating or prima facie reliable, take the steps outlined below to assist in assessing whether the document is authentic. Ideally, these details should be gathered from the original provider/creator of the document at the time that you receive it:

  • Identify the author and provider of the document (including the organisation he/she belongs to) and his/her motivation in producing/providing the document
  • Establish when, where and for what purpose the document was produced
  • Identify witnesses (ideally the author of the document) who can speak to the creation or origins of the document
  • Establish the provenance (i.e., the origins and source) of the information relied upon by the author in the preparation of the document
  • Find (if possible) copies of the document from different sources and cross-check its content
  • Record how the document was obtained (in order to assess whether the document was obtained through valid means 
  • Maintain a chain of custody of the document from the time of its creation until its provision to domestic or international authorities
  • Collect additional information to demonstrate the authenticity of a document 

2. Specific Guidance on how to Authenticate Particular Types of Information 

Open-source material: Open-source material is information that is readily available in the public domain (e.g., the internet or public libraries). In collecting such information:

  • Note where the document was obtained from (e.g., a website)
  • Record when the document was obtained
  • Note the process through which the document was obtained
  • Indicate if the item of information is no longer publicly available

Reports from NGOs, IGOs or third state governments: Generally, reports that appear to be well-researched and documented from well-known and respected NGOs, intergovernmental organisations or governmental bodies will be considered prima facie reliable (i.e., without requiring authentication) if they provide sufficient guarantees of non-partisanship and impartiality. Accordingly:

  • Focus on collecting reports issued by impartial, independent and respected NGOs, intergovernmental organisations or governmental bodies 
  • Note when and from where each document was obtained
  • Assess whether the report provides information on its sources. In addition, consider the methodology used to analyse and present the factual claims within the report

Official documents: Official documents refer to any authenticated documents from organisations that perform public functions (even if they do not belong to regular state authorities) and may include documents such as pay records, records of employment, orders, police reports, meeting reports, court records, military personnel records, daily military reports, land and property reports, or State legislation.

Generally, these types of documents constitute highly probative information before a court. To authenticate official documents:

  • Note from where and when the document was obtained 
  • Note the source of the document and how it was obtained
  • Check whether the document is authored and signed by an identified representative or agent of an official body or organisation. If so, the document will be presumed authentic, as long as the authenticity of that signature is not called into question
  • If the document does not have an identified author, check whether the document is self-authenticating, i.e., whether the origin of the document is apparent from the document itself (for instance from a letterhead or logo)
  • In case the document is not self-authenticating (i.e., does not bear a clear indication as to its origin and author), ensure that the document is certified by the relevant issuing authority or an identified representative from that authority 

Private documents: Private documents are those that are provided by private individuals or organisations. In authenticating these documents:

  • Note when, from where/whom and how the document was obtained
  • Ensure that the document provides proof of authorship or adoption or other indices of integrity
  • If the document does not provide any indices of reliability, have the author of the document authenticate it or find corroborating and independent information authenticating the document and establishing its date (e.g., through another document or witness referring to it)

Media articles/reports: Media articles and press reports may provide highly relevant information on the occurrence of abuses, statements made by alleged perpetrators or associated groups, or details on the scope of the victims or affected communities. However, media articles/reports often do not provide detailed information about their sources and, therefore, will likely be considered opinion information. This information is often only admissible when presented in court by an expert. Accordingly:

  • Note the date and source of the press article/report
  • Note how the press article/report was retrieved
  • Note the author of the article/opinion and how they have come to their conclusions, e.g., the background of the journalists and their sources and other material relied upon in publishing the article/report
  • Note that news articles from respected news organisations (such as the BBC) found online may be admissible even if the author of the article is unknown 

Letters, manifestos, political statements and similar documents: Letters, manifestos, political statements and other documents emanating from persons or entities involved in contemporaneous events related to the commission of violations and abuses will likely be considered as opinion information and therefore often only be admissible when presented in court by an expert. More often than not, these documents will merely contain assertions by people with subjective interests, limiting their probative value. If, however, the documents make factual assertions about relevant military or political events:

  • Note when, from where and how the document was obtained
  • Note the date of the document
  • Find corroborative information (allowing cross-checking) demonstrating that the document contains reliable and objective statements
  • Ask the author for further information concerning how they arrived at the conclusions or opinions contained in the document 

Step Three: Recording Documentary Information 

In order to keep a record of the collected documentary information, maintain a Document File within the investigation folder. The Document File should contain:

  1. A “Document Log” recording all documents obtained in the course of the investigation and their metadata, including: 
    • A description of the document
    • The provenance/origin of the document
    • The date of the document
    • A short summary of the content of the document
    • The location of the original copy of the document
    • The provenance of the document, including who authored it and provided it to the practitioner
    • When the document was provided to the practitioner
    • The chain of custody of the original version of the document
    • Whether the document contains confidential information or not
  2. A copy of the document as a countermeasure against the possible loss or deterioration of the original version

For additional information on how to record documentary information, please see The Investigative Folder.

Step Four: Storing Documentary Information 

Once you have completed the previous steps, preserve the original version of the document. To do so:

  • Store the original version of the document in a secure, safe place such as a room or a closet space with a lock, free from environmental factors (extreme heat or cold, water, etc.) and unauthorised access
  • Do not share the original document with third parties (unless they are professional investigators or other relevant domestic or international authorities)
  • Appoint a person to be responsible for the storage area and access to the original document
  • Institute a logbook to record who enters the storage area and for what purpose
  • Ensure that any subsequent handling of the document after storage is properly recorded 

For additional information on how to store documentary information, please see Implementing a Storage System.

3. Collecting and Preserving Digital Information

Digital information refers to anything stored on, received or transmitted by an electronic device.  This includes photographs and videos, audio recordings, email communications, posts on social media and data downloaded from websites. In addition to digital information recorded personally by the practitioner, digital information from other sources including eyewitnesses, NGOs and other public organisations, the internet, and social media may provide relevant and probative evidence.

Digital information is often considered to be a type of documentary information (see Collecting and Handling Documentary Information/Evidence). Accordingly, the same or similar approach needs to be taken to reliability and probative value. The practitioner should assume that the information would need to be authenticated before being used as evidence. In order to enhance its probative value, practitioners should:

  • Assess the content, provenance, source or author of the digital information as well as that person's role in the relevant events 
  • Record the chain of custody from the time the information is created or downloaded or otherwise seized until its submission to the relevant authority or court, and
  • Consider any other relevant information that might help in establishing the authenticity of the digital information

Ethical Principles for Collecting Digital Information

In creating, collecting and preserving digital information, practitioners should respect some minimum principles in addition to the Ten ESSENTIAL Investigative Rules. In particular:

1. Security

  • “Do no harm” is the most essential consideration of any investigation. Accordingly, the practitioner should explore how this principle may be important in the collection of digital information. In particular, the practitioner needs to ensure their own security and that of those with whom they are interacting, and anyone identified in the information and their associates.

2. Transparency of Collection Methods 

  • The collection of digital information should be transparent. It should provide for potential replicability: are third party practitioners able to confirm the appropriateness of methods employed to obtain the information? 

3. Legality 

  • Are there any laws that might preclude the use of the information collected? For example, digital information containing personal data will likely be highly protected as it affects the right to privacy of individuals. International courts will wish to comply with human rights laws and any violation may result in the exclusion of relevant information. 

4. Integrity and Ethics 

  • Apart from the need to ensure compliance with human rights principles, there are a variety of associated ethical considerations. For example, all information collected should be preserved with the same characteristics as the original (or as close to that as possible) and a chain of custody should be maintained as it helps demonstrate that this has been done. An ethical approach also requires respect for data minimisation principles (which demands that no more information than required is collected); due regard for the consequences that data collection may have on victims, witnesses and third parties; and the need for informed consent.

Creating Photographic and Video Information

A practitioner may take photographs and/or videos of scenes of a human rights violation, investigation sites, or physical information. Before being admitted as evidence, a court will require proof of the photograph or video’s originality and integrity. The relevance of the photograph or video depends on the date and/or location of the recording so the practitioner must ensure that this information is always provided.

Once the photograph or video has been taken, it should be treated as other forms of documentary or physical information (e.g., if a mobile phone is seized as potential evidence, then physical information/evidence principles should apply during its collection).

1. Taking a Photograph

Photographs provide an effective way to document a scene of a human rights violation in its original condition. When taking these steps, practitioners should take care to:

  • Use the camera’s date and time. Alternatively, take a photograph, for instance by including in the photograph a picture of that day's newspaper 
  • Try to activate GPS settings on the device itself or otherwise note the location where the photograph was taken, e.g., by ensuring that the location is clearly visible in the photograph itself
  • Take the photographs immediately upon your arrival and before the scene is disturbed
  • Take a series of photographs to ensure good quality images
  • Take as many photos of the scene as possible from different angles
  • Take close-up and mid-range photographs of the individual pieces of information
  • Take wide-angled photographs that show the location of the information within the content of the entire scene
  • Use a ruler next to relevant objects to indicate their dimensions
  • Record the author, location, date and time of the particular photograph; a description of the part of the scene the photograph depicts (for example: ‘investigative scene facing north) and a description of the information the photograph shows, if any (for example: ‘bullet casings found at the south entrance to the scene’)
  • Take photographs of victims and potential perpetrators that may still be at the scene (providing all security and consent issues have been adequately addressed)
  • Do not attempt to alter the photograph (e.g., crop/filter or add anything to the original). If an alteration is necessary, record the reason why
  • Practitioners should consider seeking corroborative information from witnesses at the scene, who may be able to further clarify the context and relevant occurrence. In doing so, you should: 
  • Obtain the informed consent of any person you are photographing
  • Record the names and contact information of the person you are photographing and others on the scene who may have information about the events

2. Taking a Video 

If your team is personally collecting video information, ensure that the person taking the footage has experience in doing so. When taking these steps, practitioners should take care to:

  • Film with the date and time showing on the screen and note the location of the recording
  • Take a note of the location of the video and, if possible, ensure that the location is clearly visible in the media itself. It may be possible to activate GPS settings on the device
  • Avoid narration and film silently
  • Film strategically and logically to ensure that viewers will understand what has happened and where
  • Take the video immediately, i.e., before the scene of a human rights violation or information is disturbed
  • Try to continuously film the same incident or location, i.e., try to not stop and start your film unnecessarily, to avoid any later suggestion that the film has been spliced or otherwise altered
  • Ensure that the video is comprehensive in capturing all aspects of the scene, not just your opinion on what is important: film 360 degrees around, from a distance and up close
  • Ensure that the footage is not distorted and images captured clearly through adequate exposure
  • Attempt to record details that demonstrate the location (e.g., buildings, landmarks, etc.), the time of day, date and surroundings, as well as the detail being filmed (i.e., the specific incident occurring or the physical information)
  • Take videos of potential perpetrators that may still be at the scene (providing all security and consent issues have been adequately addressed)
  • Record the contact details of the person who did the filming
  • Ensure the protection of the video in the field by keeping memory cards safe from physical damage or confiscation
  • Do not attempt to alter the video (e.g., cut/edit, or add anything to the original). If an alteration is necessary, record the reason why
  • Practitioners may seek corroborative information from witnesses at the scene, who may be able to clarify the context and relevant occurrence. In doing so, you should:
  • Obtain the informed consent of persons you are recording
  • Record the names and contact information of the person you are recording and others on the scene who may have information about the events

3. Ensuring Authenticity of Photographs and Videos 

Photographs and videos taken by practitioners can be highly relevant and probative if demonstrated to be authentic. The following steps will assist to establish authenticity:

  • Take the photographs/videos immediately
  • Date the photographs and videos.  In addition, record the date in your Photograph Log
  • Try to activate GPS settings on the device itself or otherwise note the location where the photograph was taken (e.g., by ensuring that the location is clearly visible in the photograph itself)
  • Maintain the chain of custody
  • Do not attempt to alter the photograph/video (e.g., crop/filter or add anything to the original) to ensure that it can be authenticated as originals. If an alteration is necessary, record the reason why
  • All photographs should be clearly labelled and recorded in the ‘Photograph Log’, including who took the photograph or video, when, where, why and how, what it depicts and other contextual information
  • Consider if witnesses can provide information for essential context, for example by describing what is in the photograph/video, when, where and why it was taken and by whom
  • Practitioners should be aware of specific digital tools that allow photographs and video recordings to be verified during their creation. For example: 
  • Truepic offers a free camera application available on any Smartphone and Tablet. Truepic's Controlled Capture technology establishes trust in digital photos and videos by verifying their origin, pixel contents, and metadata, from the instant the capture button is pressed. It leverages cutting-edge machine learning, computer vision, and cryptographic techniques to ensure the highest possible levels of trust, credibility, and immutability. The unique cryptographic signature of each photo and video taken using Controlled Capture technology is written to the blockchain. This creates an immutable record in a distributed public ledger, which is outside Truepic's control, for maximum resiliency. Ubiquitous Smartphones can collect even more data than what meets the eye. Within the phone’s hardware are myriad sensors of the phone’s position and usage. Changing a phone’s time or date is a simple settings modification and there are countless applications and methods of spoofing a phone’s geolocation. The Truepic app allows anyone to document and report on events from their surroundings, while allowing recipients to verify the integrity of the origin and metadata of the image. Granular privacy controls allow for higher levels of anonymity in challenging or dangerous environments. Learn more about the app at https://truepic.com/truepic-app/.
  • eyeWitness - combines law and technology to promote accountability for human rights violations and the worst international crimes. Their system is based on three pillars. First, a mobile camera app designed to verify the date, time and location, and the fact that the footage has not been altered. Second, a secure server system and transmission protocols that create a chain of custody that can be presented in court. Lastly, tailored support for the use of photo and video in court and other accountability processes. The eyeWitness system is currently trusted by human rights documenters around the world. Their footage has been used for building photo and video dossiers that have been inserted into investigations or cases by the United Nations, the ICC, different European war crimes units, domestic courts, and international police forces.

Collecting, Handling and Preserving Digital Information

Prior to collecting any digital information, practitioners should make a Photograph/Video Log and Physical Evidence Log that will record the details of the collection of each piece of information. The Log should be designed to record:

  • The date, time and location of the collection or creation. In relation to video recordings, you should note the exact duration of the recording
  • The collector or creator’s name and organisation and contact details
  • The contact details of the information provider, including the address, contact telephone number and e-mail address
  • A title for the item
  • A description of the item (for example, appearance, quantity, size, weight and distinguishing features)
  • Information actions taken with respect to the item (such as where the item is stored, whether it was moved)

1. Collecting Digital Information from an E-device 

Digital information can be collected directly from an electronic device (“e-device”), such as a computer, digital camera, mobile phone, or portable electronic storage device. Ideally, when an electronic device is found, it should be handled and examined by a digital forensic expert in order to avoid accidental contamination of data and to protect the digital information on the device from, for instance, attempts to tamper with the evidence via remote access programs.

E-devices must be handled carefully in order to protect not only their physical integrity but also the data they contain. The integrity of a device may be compromised and data (including date, time and system configurations) lost due to among other things, exposure to electromagnetic fields, environmental factors like dampness, dust and humidity, and failure or corruption of the battery. Most batteries have a limited life and there is a real risk of losing data from the prolonged storage of e-devices. Therefore, practitioners should give priority to e-devices powered by batteries, and all relevant data should be recorded in a log as soon as possible.

With the large file-containing capabilities of modern electronic devices, it is key that investigators know how to efficiently search these devices, in order to save time and adhere to data minimisation principles (which dictates that the evidence collected must be no more than required). The following are examples of techniques that may be utilised in order to identify, extract and collect evidence pertinent to the investigation, from e-devices

  • Keyword Searches: This entails searching the content of devices using likely or known file names and/or key phrases of text. Using this method, you should be able to search for specific, topical information and digital documents
  • File Signature Searches: This entails searching for specific types of electronic files, e.g., doc. PDF, JPEG
  • Searching Known Evidential Locations: Focus on electronic files and folders that are most likely to contain the type of information that you are looking for.  For instance, folders whose name corresponds to an issue you are investigating or folders that were mostly recently accessed prior to seizure of the device
  • Hash Searches: Hashes are a unique string (text data) used to identify a file and ensure it has not been tampered with since its gathering. In order to search for a file using hashes, an investigator must be familiar with the ‘command’ function of a computer device

As e-devices and the files therein may be encrypted, it is worth trying to ascertain and record the passwords, codes, or PINs needed to access the device.

If the Device is Turned Off:

  • Do not turn on the device
  • Label connections, peripheral cables (cables used to connect older hard drives to power sources), manuals, and attached devices
  • Photograph and document the labelled computers and associated cables, connections and devices
  • Pull the power plugs from the back of machines and remove all cables
  • Bag, tag and transport all the information in accordance with your specific organisation's procedures (should it have any)
  • If possible, record the passwords, codes, or PINs needed to access the device

2. Collecting Digital Information from Third Parties 

Practitioners may collect digital information from third parties. Below are some considerations that practitioners should keep in mind:

  • Avoid receiving information in exchange for money
  • Check that the provider obtained the information through valid means
  • Consider if witnesses can provide information to verify the digital information received, for example by describing what is in the photograph/video, when, where and why the photograph/video was taken and by whom, and by providing context
  • Do not, in any way, alter the received digital information received. If the alteration is necessary, you should record the reason why

Collecting Information from Open Source Investigations 

Open source information is information that is publicly available on the internet. It may be a valuable source of evidence in court processes. It may include (but is not limited to) that which is created, shared, or collated by journalists and news organisations; state agencies; commercial entities; international organisations; nongovernmental and civil society organisations; academics and academic institutions; private individuals; and groups of individuals with political, commercial, professional, and personal affiliations. Common types of online open source information include online news articles; expert and NGO reports; social media content; image and sound recordings; geospatial imagery and mapping data; documents, including public administrative records and leaked confidential documents; library holdings, and more. Online open source investigation is the process of identifying, collecting or analysing information that is publicly available on or from the internet as part of an investigative process.

There are a number of steps that will enable the integrity and success of open source investigation. The practitioner should:

  • “Do no harm”- it is the first consideration of any investigation. An open source investigator should think through the digital, physical, and psychosocial security of those with whom they’re interacting and anyone identified in the collected information, as well as themselves and any affiliated staff. The investigator should also consider and plan for data security
  • Develop the initial query, define the search parameters and use algorithms for automated searching if possible
  • Conduct open source investigations as close in time to the relevant events as possible in order to capture original postings. This is key as social media websites maintain a policy of taking down content that violates their guidelines. However, preservation of any information is better than none so “near duplicates” posted later may also provide critical information and should be recorded
  • Preserve metadata, links, networks, content, and all comments from relevant social media and other sites. 
  • Preserve the chain of custody
  • Preserve collected materials with the same characteristics as the original (or as close to that as possible)
  • Ensure the organisation and searchability of the information (i.e., the information found as a result of the investigation) and avoid duplication of information. At a minimum, the coding of any archives should include the following: who (names of individuals, unit, command, etc. with consistent descriptions that may include a coding scheme); what (document? photo? video?); where (coordinates? city?); and when (date, made as narrow as possible)
  • Ensure transparency and accountability. Maintain clear records around how the investigation was conducted, the processes used and standards adhered to, the nature and type of information found and how the information is stored
  • Maintain objectivity. Open source investigations should include both incriminating and exonerating materials without favour. Objectivity should be integrated into the development of search parameters, including the selection of search terms and the design of algorithms for automated searching, as well as in the review of collected materials. Peer review and ‘two-factor authentication’ (that is, analysing both the content and the source of the relevant information) are useful methodologies that ensure the objectivity of the information collection process
  • Be mindful of data collection ethics, including data minimisation principles (which require collecting no more information than needed); the increased vulnerabilities that data collection may create for witnesses and others; and the need for informed consent of use of the underlying materials for legal accountability purposes. Investigators should also be mindful of their “footprint” - for example, too many people accessing the same website might raise flags that are problematic for others

4. Handling of Digital Information 

The mishandling of digital information can lead to unintentional modification or destruction of information that reduces its probative value or otherwise renders it inadmissible. In order to safeguard against these negative occurrences, practitioners should keep in mind the following basic steps.

Chain of Custody

A chain of custody includes a precise description of the item collected and a detailed record of activities in relation to that item. A detailed and precise record serves as proof of the integrity and reliability of the piece of information in any legal proceedings. It is important to make note of precise details as these will remove or minimise any opportunities for interference and will safeguard the information against allegations of interference. For example, if collecting a bundle of photos or multiple visual or audio recordings, the practitioner should record the exact number of items collected, the duration of any footage or recording, and the content.

An accurate and comprehensive chain of custody will help establish the origin of a piece of information and will be crucial in establishing whether the information has been modified or tampered with. A complete chain of custody should also record:

  • The whereabouts of the piece of information from the moment someone receives it to the moment it is handed over to the relevant court or other proper authority 
  • All persons who handled that information, including those that provided the information and those responsible for the storage of that information
  • The purpose for which the information was handled, for example an investigator handling the information

As with physical and documentary information, a chain of custody should be implemented as soon as you receive or create the digital information and should be maintained until it is passed on to the relevant authorities or used in court. See Chain of Custody.

Please see Authenticating and Verifying Digital Evidence for additional considerations to bear in mind when seeking to protect information through the maintenance of a chain of custody.

5. Preservation of Digital Information

Digital preservation refers to the storage of digital information. It entails organising and maintaining the information in a secure space so that information is easy to securely access, retrieve, interpret and understand for the entire time span during which the information is required. The following steps will assist in achieving these aims by preserving the integrity of electronic devices and the digital information contained therein.

Packaging Digital Information

The practitioner should take the following steps when packaging any e-devices:

  • Prior to packaging devices, document your process in handling the information. Make note of any changes to the device resulting from your actions so that any problems in retrieving the digital information can be traced and easily corrected
  • Place the device in either the original or antistatic packaging and ensure that the device is protected from the physically damaging effects of bumps and shocks during transport
  • Extra precaution should be taken to not fold, bend, or scratch storage media such as diskettes, CD-ROMs, and tapes. Avoid placing adhesive labels directly on the surface of e-devices - label the outer cover so as to avoid damage from scratches, etc. For instance, do not label a CD-ROM but do label its casing
  • Where a device is composed of multiple parts and components, pack each individual component separately. For instance, separate the computer monitor from the attached wires
  • Clearly label and photograph each device and any associated parts or equipment. For instance, for a computer system, label the monitor, connections, cables, user manuals and any peripheral devices like scanners, printers, etc. Make note of any serial or identification numbers on these items.
  • Do not affix adhesive labels to the surface of storage media (devices that store user information)
  • Leave cellular, mobile or smartphone(s) in the power state (on/off) in which they were found
  • If the device is on, leave it this way. Two challenges in dealing with powered on devices include: (1) isolating the device from cellular and Wi-Fi networks; and (2) obtaining security passwords or pass patterns for the device so the evidence can be examined forensically. Turning the device off could result in loss of information because there may be security features on the phone - these can include passwords (simple or complex), security/wiping apps, pass patterns, or biometrics (facial scan). The best option is to keep the device powered, unlocked (if locked, collect any available passwords, PIN codes, or security unlock information), and in airplane mode until it is in the hands of an experienced technician.

Transporting Digital Information

In transporting any digital information devices, practitioners should:

  • Keep them away from magnetic sources, including radio transmitters, speakers, magnets and heated seats as they can potentially interfere with the device and corrupt the date contained therein
  • Ensure that the equipment is strapped down in the vehicle and not loosely placed in containers in order to protect it from mechanical damage caused by shocks and bumps. Avoid leaving digital devices in a vehicle for long periods of time.
  • Document the transportation of the digital information and maintain the chain of custody for all devices transported

Storing Digital Information

The storage of digital information should strive to protect the original data from loss, theft, contamination or other changes so as to ensure its originality and integrity in any legal proceedings. For more information, see Implementing a Storage System. In storing digital information, practitioners should also implement an appropriate storage system by:

  • Storing the original version of the digital information in a safe location, for example, on an external hard drive. Keeping a complete back up of the information that includes copies of all the digital files kept in separate locations
  • Storing information collected on a physical device (such as a computer or mobile phone) in a secure and supervised room with enough fire-safety precautions and temperature controls to protect the devices from heat, humidity, dust and dampness
  • Implementing measures to prevent unauthorised access to the data, including limiting access to files to persons with security clearance and maintaining strong passwords on all devices and information
  • Encrypting files, particularly sensitive information, through encryption software such as VeraCrypt is recommended. It is also recommended to install firewalls, antivirus and anti-spam software on all devices to protect your device from malicious software, such as MalwareBytes, Avira or AVG. For more information about digital security and data, see: Front Line Defenders and Tactical Technology Collective: Security in-a-box – Digital Security Tools and Tactics

Cataloguing Digital Information

In cataloguing digital information so it remains safe and securely accessible and searchable, practitioners should:

  • Allocate each piece of information collected a unique reference number. This entails assigning each document, photograph, video footage, etc. a unique identifying number
  • Create a Photograph/Video Log and Physical Evidence Log where each piece of digital information, as well as its metadata, is recorded. Record any access and log any edits that are made to the digital files
  • Within the Photograph/Video Log and Physical Evidence Log, indicate the location of the original and the copies as well as the chain of custody of the digital information
  • Preserve the “original” information and label and store it appropriately.

Authenticating and Verifying Digital Information

Authenticating Digital Information 

As stated in the Introduction to this section, the practitioner should work on the assumption that digital information will require authentication before being used as evidence. This is required to be able to demonstrate that it retains its integrity, particularly in establishing that the information has not been purposefully or otherwise, manipulated or tampered with.

Generally, digital information shared through official channels or marked with official logos or stamps may be considered self-authenticating, meaning that it does not require additional authentication. The practitioner should take steps to protect photographs or videos that may readily be doctored or otherwise used to disseminate misinformation. If the practitioner creates digital information or receives it from unofficial or unknown sources (for example, photographs from a witness or videos from websites/social media), he/she will need to take various steps to ensure the authenticity and integrity of the information. 

To assist in authenticating digital information, practitioners must adequately record the metadata of the digital information they have created. The metadata that practitioners should record in order to establish the authenticity of digital information includes: 

  • The description of the lifecycle of the digital information, i.e., the chain of custody
  • The details of any person/organisation that played a role in the creation, publication or dissemination of the digital information. Note that persons linked to the creation, publication or sharing of the digital information should be available to testify in court on its integrity and related issues
  • How the digital information was created, collected or received
  • The languages used in the digital content (if any)
  • The type (e.g., a photograph, voice recording or a video) and format (e.g., JPEG, MKV, mp3 etc.) of digital content and its format (PDF, JPEG etc.)
  • The tool(s) used to create the digital content (e.g., the type of camera, recorded etc.)
  • The size or duration of the digital content
  • The subject of the digital content explained through single keywords (e.g., scene, attack, weapons etc.) so the content can be retrieved quickly through key searches
  • A brief description of the contents of the digital content
  • The location that the digital content depicts (if applicable). This can be achieved by geolocating the landmarks in the images either automatically (by enabling GPS on the electronic device used to create the digital content) or manually (by, for instance, including street signs, clocks, landmarks, etc. in photographs and video footage)
  • Chain of custody of the digital content, including changes in ownership

Verifying Digital Information 

While authentication deals with ensuring the digital information has not been manipulated or tampered with, verification purports to tell you something about the who, what, where, and when of a certain event. Practitioners should verify digital information to increase its probative value in the event it is submitted as evidence to a court. The Dat Nav: A New Guide to Navigate the Digital Data in Human Rights Research recommends the following five basic steps to assist in verifying digital information:

  1. How did you get the content? Think about what information channels it travelled through before arriving on your desk. How many times did it change hands?
  2. Who created the content? Is the person who shared or uploaded the content online also the creator, or was it someone else? Ask if you do not know.
  3. Where is the content from? Descriptions and metadata can be forged. Are there visible landmarks or sounds (like police sirens or dialects) that can help you verify a location or time? If you are concerned about the authenticity of the images, you should employ an experienced member of your investigations team or other professional to geolocate the landmarks in the images
  4. When was the content created? You may not always be able to trust the date stamp on a file. Are there visual clues like the weather?

Why was the content created? Can you determine the motivation for sharing the content? What interests does the uploader have?

Conducting Interviews

The most appropriate way to gather testimonial information from a witness is to conduct an interview, allowing the witness to describe their account of the events related to the commission of the abuse in question.

Gathering testimony from a witness is a highly specialised activity that involves a range of legal, ethical, psychological and security issues. Interviewing victims and witnesses without adhering to basic standards may undermine the integrity of witness statements and any future prosecution, as well as lead to further traumatisation or victimisation on the part of the witness or victim.

For these reasons, it is often prudent to defer to the expertise of a professionally trained investigator and refrain from attempting to obtain detailed statements from victims and witnesses. However, where it is necessary due to objective fears that information may be lost or deteriorate (e.g., there is no real prospect of a prompt investigation by international or national authorities or courts or the witness is elderly or sick), the following basic standards should be observed.

Witness Statement vs Witness Summary

A witness statement signed by a witness will be considered to ‘belong’ to the witness. If later statements or accounts are materially different, it may be used in court to impeach the reliability of their account. Therefore, interviewing a witness with a view to obtaining a signed statement should only be attempted if the practitioner is confident that the circumstances are amenable to an accurate and comprehensive interview (e.g., sufficient time, safe and secure environment) and they have the required skills and experience.

If in doubt, it may be prudent to aim only to obtain a witness summary with a view to recording the broad “four corners” of the testimony. This will preserve the main aspects of the testimony and provide a trained practitioner (in the future) with sufficient material to conduct a more formal interview or gather other information or obtain evidential leads. A summary belongs to the practitioner and not the witness and thus has limited impeachment value.

Collecting Testimonial Information 

Whether aiming for a full statement or only a summary, practitioners should consider the following methodology when preparing and conducting an interview of a witness.

Step One: Contacting the Witness 

Contact the witness to check their willingness and availability to give the testimony and readiness to provide informed consent.

In order to ensure the integrity of the process and informed consent, the practitioner should:

  1. Keep a clear record of all interactions with the witness
  2. Use a safe and secure method of communication that will not put anyone at risk
  3. Explain who you are and the purpose of your call
  4. Inquire whether the witness has a preferred method of communication
  5. Ask whether an interpreter is needed
  6. Establish whether the witness has already been interviewed by another organisation. Avoid unnecessary recounting of the event producing multiple statements
  7. Ensure you do not promise benefits to the witness (for example, free health care, education, expenses beyond the cost of attending for interview)
  8. Explain to the witness that their consent may be withdrawn at any time during the interview process
  9. Explain to the witness how their statement may be used and the possible consequences of giving a statement. Specifically, explain that if the statement contains relevant and probative information: 
    • The statement may be passed on to the relevant authorities
    • The witness may be called to testify before a court
    • The identity and the statement of the witness may be disclosed to a court and the defence at some point in the proceedings
    • If the witness has any concerns regarding their safety, explain that it is at the discretion of the investigating and prosecuting authorities using the information to provide protective measures
  10. Ask whether the witness has any concerns regarding their involvement in the investigation. If yes: 
    • Ask what their concerns are
    • Explain the measures you intend to take in ensuring confidentiality during the investigation – see Step Three: Implementing Key Protection Steps
    • Explain the range of protective measures that may be available and ensure they have a realistic view (do not give the promise of full protection)
    • Discuss self-protection (e.g., not indicating to anyone their engagement in the investigation)

Step Two: Scheduling the Interview 

If, in the knowledge of the foregoing, the witness provides informed consent (see p. 16) to be interviewed:

  1. Ask for preferences on time and location of the interview
  2. Ask for preferences regarding the gender of the interviewer. This is particularly important for victims of sexual and gender-based violence (‘SGBV’) crimes (for more information, see Collecting and Preserving Information/Evidence of SGBV, p. 87)
  3. Ask whether the witness would like to have any support persons present, such as a guardian, psychologist or a social worker

Step Three: Preparing for the Interview 

  1. Prepare for the Interview 
  2. Familiarise yourself with the information collected during other parts of the investigation and the law (i.e., the relevant violations and modes of liability) 
  3. Consider what information the witness can potentially provide, what facts they can speak to and how this might fit with the rest of the information collected (e.g., whether they are likely to have any (specific) knowledge of the issues relevant to the investigation, such as identifying what happened during the commission of the abuse, identifying direct perpetrators or providing corroborative information)
  4. Implement Key Protection Steps - Witnesses may have protection concerns in providing statements. You should ensure that certain “key protection steps” in relation to each witness are put in place. In particular: 
    1. Use encrypted communication devices to discuss meeting places or send confidential information
    2. Identify a secure location to meet with the witness, free of interception by a third or hostile party, avoiding places where access to the location can be monitored
    3. Consider informing the witness about the meeting location at the last moment
    4. Advise the witness to use diversion techniques when coming to the location
    5. Consider the following tactics to minimise attention: dress in local attire, park the vehicle at a distance from the meeting point, walk to the meeting venue and enter the meeting venue before and separately from the witness. If you find that the location is not suitable, abort the plan to meet and make alternative arrangements
    6. Keep participants in the interview to a minimum 
    7. Conduct a risk assessment (for more information, see Preparing a Risk Assessment and Strategy)
    8. Classify the witness as sensitive if they would be in jeopardy if his or her involvement in the investigative activities becomes known
    9. If the witness needs urgent medical or psychological assistance, arrange such assistance as a matter of urgency and prior to conducting the interview
    10. Consider measures (such as arranging psychosocial support) to address the possible traumatisation of the witness and potential secondary traumatisation that you, the practitioner, may experience
    11. Assign a pseudonym for the witness when storing the information provided and ensure that their personal identifying information is locked away in a secure location separate from their statement/summary (for more information, see The Investigative Kit and Investigation Folder)

Step Four: Conducting an Interview 

Once the preparatory steps are completed, meet the witness at the designated location and time to conduct a witness interview. 

At the outset, you should outline what will happen and the process of the investigation. You should emphasise throughout that all you expect from the witness is that they tell the truth. You should explain that you are not there to seek particular information or to coach them. Never make any promises as to benefits the witness could receive. 

Once the process is explained, ensure that the witness gives their informed consent. 

When recording the interview, the practitioner should:

  • Ensure that details of the witness’ account are recorded properly, including locations, dates and times 
  • Consider using an audio recorder to record the interview (with the consent of the witness)
  • Consider asking the witness to sketch any locations onto a separate piece of paper which should be handled as physical information
  • If the witness provides any documentary, physical or digital information, ensure that it is identified and described by the witness during the interview (for more information, see Collecting and Handling Documentary Information). 

Six Key ‘LISTEN’ rules for Conducting the Interview 

  1. Let a witness lead you through their story. Avoid asking ‘leading’ questions. A leading question is a question that suggests an answer. Instead, ask the witness to elaborate or encourage them to tell you what happened next – “Why did you do that?”, “What happened next?”, “Where did that happen” or “What did she do after?”
  2. Identification: Ask the witness to identify all persons and events with care, including their own details and role and the identifying physical characteristics, appearance and role of any person described
  3. Story: Ask the witness to chronologically explain the details of the relevant events they have witnessed. Depending on what the witness knows, this may include:
    • The events they have witnessed relevant to the investigation
    • Whom they saw, where and when they saw them and what happened. A description of the violations witnessed and the scene of the abuse
    • Identification of the perpetrators and/or a full description of their physical characteristics (including their clothing, vehicles, etc.)
    • Words spoken by the suspect(s) and by other people relevant to the investigation
    • Anything else of relevance that might assist in determining the credibility of the account
  4. Thoroughness: explore gaps and inconsistencies, but do not assume that they must be eradicated – they are sometimes indications of reliability and credibility, and not the converse. If there are inconsistencies, take the witness back through their story step - by-step. Ask them to clarify or explain why they believe events unfolded in the manner in which they describe and try asking your questions in a different way. If you still cannot reconcile an inconsistency, note it and move on
  5. Ethics: do not rehearse, practise the interview with the witness beforehand or coach a witness about what they remember, and be cognisant of unconscious influence. Be conscious that the provision of support (for example, free health care, education, expenses beyond the cost of attending for interview) by your organisation or anyone else will likely undermine the integrity of the information and provide opportunities for impeachment in court.
  6. No others: You should only speak to one witness at a time; other witnesses should be excluded from the room.

Step Five: Closing the interview 

Once the witness account is obtained, close the interview. In doing so:

  1. Confirm that you have covered all relevant details
  2. Summarise the information using the witness’s own words 
  3. Allow the witness the opportunity to add any additional facts or comments 
  4. Allow the witness to ask questions
  5. Reconfirm the informed consent of the witness and remind them that they can change their mind and withdraw consent if they wish 
  6. Ask whether they consent to the disclosure of their statement to the specific agency/court 
  7. Offer to refer the witness to any psychosocial care providers or protection services that may be available 

Step Six: Writing a Witness Summary or Statement 

As indicated above, practitioners may not feel that they have the required environment or expertise to obtain a comprehensive and signed witness statement. Accordingly, witness summaries taken by the practitioner are primarily aimed at assisting such professionals by providing them with an indication of the available information. 

Rules for Writing a Witness Summary: 

  1. Summarise the witness’s information accurately
  2. Take notes and record the summary a witness wishes to make. You should be aware that your notes may later be requested by the courts
  3. Focus on facts and not opinions: whom they saw, where and when they saw it and what happened
  4. Record dates accurately, but bear in mind a witness may be genuinely confused. The summary should indicate whether the matters indicated are from: 
    • The witness’s personal knowledge and observation or
    • Common information or belief (and not first hand). In this case, the summary should describe clearly the source of the information or belief
  5. Exclude obviously irrelevant material
  6. Include “hearsay” information. It can often be used as evidence in court. Hearsay information is a statement from someone other than the immediate witness or victim. For example: the witness may say, “My mother told me that she saw him enter the house through the backyard.”
  7. Classify the witness in the summary: are they sensitive, i.e., someone who may be in jeopardy if their associations were to be known?
  8. Do not ask the witness to sign the summary or it will become their statement

Rules for Writing a Witness Statement: 

If you are required to take a witness statement, you should ensure that it includes an accurate and comprehensive reflection of the information provided:

  1. A chronological sequence of events witnessed by the person making the statement
  2. Identification details of all perpetrators, if known (including any positive identification and/or any identifying features, such as their clothing, vehicles, etc.)
  3. A comprehensive description of all the violations and abuses witnessed
  4. A description of the scene of the crime
  5. Actual words spoken by the suspects and by other people in the presence of the suspect
  6. The ability of the witness to see or hear the things mentioned in the statement (i.e., how far away the witness was from the suspect, or lighting conditions)
  7. Anything else of relevance which might assist the court in determining the credibility of the witness
  8. Information learnt from other people, which should be separated from what the witness saw or heard or knew him or herself

The witness statement should be written in the first person, i.e.,: “I saw…” or “I did…”. The statement should ideally be in chronological order and be in the witness’s words to the extent that clarity allows. If the witness has relevant documents, these should be identified and described (by the witness) in the relevant part of the statement.

Once the statement is complete:

  • Allow the witness to read and review the written statement in a language they understand and to confirm the content
  • If the statement is written in a language the witness does not understand, have an interpreter read it to the witness
  • If the witness disagrees with any information found therein, redraft that part of the statement in line with the witness’s clarifications
  • Once the witnesses is satisfied with the content of the Statement, ensure the witness, the practitioner and any other persons present sign the statement

Step Seven: Post-Interview Activities 

Once the interview is complete:

  • End the interview on a positive and neutral topic and use culturally appropriate gestures when departing
  • After the witness has departed, review the statement or summary in its final form and assess whether there are any remaining ambiguities or gaps in the witness’s information. If so, consider taking another statement or summary from the witness
  • Review the information logs (physical, documentary and digital) to ascertain whether there is any information that can corroborate the witness' account. If so, make a note linking the corroborating information to the witness’ information
  • Maintain contact with the witness in case they have further queries or information or may need to be called to court in future proceedings

Step Eight: Storing Witness Information 

In brief, to store the witness information:

  • Create a ‘Witness Statement File’ that contains all the written or digital witness summaries or statements, as well as a ‘Witness Communication Log’ chronologically recording all contact the practitioner had with the witness. These documents should refer to the witness only by their designated code (see below), not by name or any other identifying information
  • separate ‘Confidential Witness Information File’ containing all confidential information about the witness should be kept in a secure place separately from the Witness Statement File. This includes a Witness Code Sheet (identifying each witness and a corresponding code) and a Witness Information Sheet (providing sufficient information to ensure they can be located in the future)
  • Do not share the original copies of the witness statement with third parties (unless consent has been obtained e.g., to disclose to professional investigators from trusted domestic or international authorities)
  • Appoint a person to be responsible for the storage area and access to the Witness Log or the statement
  • Institute a logbook to record who is entering the storage area and for what purpose.
  • Ensure that any subsequent handling of the witness statement after storage is properly recorded. For information on storing witness information, please see The Investigative Kit and Investigation Folder.

Specific Guidance on Collecting Testimonial Information from Particularly Vulnerable Individuals

In addition to the steps indicated above, practitioners should be aware that they may need to employ certain specific measures while interviewing particularly vulnerable witnesses such as children, the elderly or disabled individuals.

Specific Guidance on Collecting Testimonial Information from Children: 

As a general rule, practitioners should not attempt to interview children unless they have expertise in doing so. The risks of re-traumatisation are high. Accordingly, practitioners should interview children, especially younger ones, only in exceptional circumstances where the information is critical and cannot be obtained through other means or sources. Additionally, this should only be done after a careful assessment of the child’s best interest, which must prevail at all times.

When interviewing a child, practitioners should:

  • Ensure permission of a parent/guardian is obtained prior to the interview
  • Consider making a video or audio recording of the interview (with consent)
  • Consult the parents/guardian on the effects an interview might have on the minor
  • Inquire as to whether the child has a preference for the gender of the interviewer
  • Inquire as to whether the child has a preference for the location of the interview
  • Ensure that the parent/guardian or other caregivers are present during the interview
  • Provide, if possible, counselling and psychological support services during and after the interview
  • Advise the minor, their parent, guardians or caregivers of any referral services and protection mechanisms that are available to them
  • Be ready to see and respond to the specific needs of the child that may arise during an interview
  • Remember that the mental and physical wellbeing of the child comes first, before the interests of the investigation
  • Recognise that the child may be unable to comprehend fully the consequences of giving a statement 

Elderly and the Disabled

In working with the elderly and disabled, practitioners should:

  • Ensure that you do not underestimate or overestimate the ability or stamina of the witness 
  • Always respect the dignity of the witness
  • Consider and explain the accessibility of assistance services
  • Ensure that an independent support person is present. However, also ensure this person does not answer the questions for the witness.

Labour Rights Abuses

Practitioners investigating labour rights violations and abuses should be trained. Labour rights abuses are violations of national or international labour law as contained under the International Labour Organisation Conventions.

The guidance provides a general framework for labour rights investigations and practitioners should not expect a comprehensive, step-by-step guide to investigating labour rights abuses. Instead, this section seeks to encourage practitioners to ensure that awareness of specificities triggered by labour rights violations is integrated into their investigations. 

Practitioners should pay attention to the Ten ESSENTIAL Investigative Rules, in particular: Principle One: Do No Harm and Principle Eight: Ensure Informed Consent, Confidentiality and Protection.

Preparing to Investigate labour rights abuses

When preparing any investigation, practitioners should be aware of the high risk of labour rights abuses having occurred and the likelihood of underreporting especially by workers from marginalised communities which includes women, disabled, migrant workers and workers from ethnic and religious minorities. To this end, practitioners should make specific provision for the investigation of labour rights abuses within their Investigation Plan. Research into the occurrence of labour violations should be an essential component of the Investigation Plan and should be revisited throughout.

This research should include:

  • What are the social dynamics in the area (such as high levels of poverty, lack of decent work and traditional and cultural beliefs in the community related to labour rights)
  • The nature and scope of labour violations
  • Whether any abuses have been officially reported
  • Community attitudes towards and understanding of labour rights
  • The security situation (see Preparing a Risk Assessment and Strategy) and obstacles for victims seeking accountability
  • Whether different forms of labour violations are criminalised and the legal requirements to prove the offence
  • Investigation and prosecution of such cases at the national and local level
  • The different forms of justice available to victims and witnesses
  • The political and security situation and whether there is a history of labour activist persecution
  • The targets of the violence, particularly whether any specific groups have been targeted
  • Whether other criminal acts have been committed as part of the attack
  • Research into the alleged perpetrator (for more information, see Investigating the Linkage to Businesses).

In addition, practitioners should consider the availability of support services:

  • What legal and economic assistance is available for workers, and how can they be referred?
  • Which actors are providing these services at the local, regional and national level?
  • What obstacles do workers face in accessing these services? 

The Investigation Plan should include specific protective measures to mitigate risks associated with investigating labour rights, in particular:

  • Contact workers outside the premises of the factories to interview them 
  • Keep workers personal information separate from the interview notes and use a coding system (for more information, see The Investigative Kit and Investigation Folder)
  • Provide assistance specifically tailored to the individual safety and security risks of workers to avoid giving them the impression that the testimony is rewarded
  • Be cautious about engaging with courts and other accountability mechanisms that do not protect complainants

Specific Guidance on Collecting Testimonial Information from Workers or Victim of Labour Rights Abuses 

Prior to conducting any interview with a worker, the practitioner should familiarise themselves with the guidance contained in Collecting and Handling Testimonial Information/Evidence (see p. 75). 

Victims of labour rights abuses may include a wide variety of persons, including:

  • Women workers 
  • Children 
  • Disabled workers
  • Workers from ethnic and religious minorities 
  • Informal workers 

Typical testimonial information of labour rights abuses should include the following details (if known by the worker).

  • A description of work conditions including working hours, wage, attitude of the management, presence or absence of trade unions, possession of identification papers
  • A description of the type of abuses and rights violations the worker was subjected to and/or witnessed
  • Any relevant information relating to the identity of the perpetrator
  • Information about the context in which the abuse took place to help prove, for instance, the existence of systematic harassment of workers to increase productivity

Protective Steps for Victims and Witnesses of labour rights abuses

As a general rule, practitioners should ensure that adequate protective measures to safeguard the victim have been put in place. All the general principles already described in Collecting and Handling Testimonial Information/Evidence apply also when collecting and handling testimonial information from victims of labour rights violations. In all cases, practitioners should keep the investigation confidential. Even if the existence of the investigation becomes public knowledge, the details of it should be confidential wherever possible to reduce negative impacts on parties involved, ensure that workers are not unnecessarily affected and reduce the risk of witnesses discussing evidence. 

Specific Guidance on Physical Information for Labour Rights Abuses 

Physical information relevant to establishing labour rights abuses may include:

  • Physical injuries: bruising, burns, cuts, scars, internal or external injuries.
  • Electronic/digital items: phones, computers and other communication equipment

Documentary Information for Labour rights Abuses

Documentary information may be useful to prove labour rights violations. Typical documentary information may include: 

Official Documents:

  • Reports and other operational documents: for example, logistics records, duty logs, situation reports of activities, communication records, written directives and orders, intercepts 
  • Official archives of the company: transfer or suspension, 

Non-official documents:

  • Other health records, including psychiatric/psychological reports, notes, photographs and other forensic medical information produced by health professionals
  • Reports and records by international and national organisations: for example, monitoring and tracking mechanisms, incident data, and human rights reports
  • Reports of abuses received by local labour investigators
  • Newspaper articles, including notes taken and not included in publications
  • Contract between the parties indicating a debt workers have to pay off

Specific Guidance on Digital Information for Labour Rights Abuses

Typical digital information that may help establish labour rights violations include:

  • Electronic health records, including psychiatric/psychological reports, photographs, digital medical and other forensic medical information produced by health professionals
  • Pictures, videos and other information posted on social media
  • Information stored on computers’ hard drives and peripheral equipment, such as memory cards, USB thumb drives and CD-ROM
  • Voice calls, voicemails, emails, text and instant messages, internet chat
  • Aerial photos and satellite imagery
  • Metadata

Preventing Retaliation 

Workers and witnesses who collaborate in the investigation must be protected from retaliation. Ensuring their protection will further increase workers trust in the practitioner and facilitate the collect of information and evidence.   

Safety & Security

Safety & Security recommendations

Practitioners should pay attention to the safety and securities of individuals they interact with but also to their own safety and security. Indeed, as investigators of human rights violations, practitioners can face both targeted or indirect threats. Indirect threats can come from criminal activity or armed conflict that take place in their region while targeted threats are closely linked to their work. 

Strategies to cope with security issues

To cope with security issues, practitioners can use different strategies including by engaging with all actors in the area they operate to gain support and acceptance of their work. Alternatively, security procedures and protective elements or the use of counter-threats for protection by taking legal cases out against the individuals emitting threats can be used. 

Personal Security Plan

! Practitioners can produce a Personal Security Plan. This will identify factors of security or insecurity, the risks usually faced and actions that can be taken to prevent their occurrence. The plan can further include ways to react if threats materialise themselves in order to react quickly in case of attack and have a list ready of emergency contacts ready for use (see Personal Security Plan template in the Annexes). 

Usually, your attacker is going to watch you before taking action to gather information and identify the right method, place and time to attack the practitioner and escape. 

Counter surveillance methods

As attackers will usually watch their target before taking action to gather information and identify the right method, place and time to attack the practitioner and escape, counter surveillance methods can be used to try to prevent an attack. For example practitioners can: 

  • Pay attention to individuals who could be watching them
  • Notice movements of people in their area and changes in their attitude
  • Ask someone they trust to watch people who could be watching them
  • Identify and analyse security incidents 

Safety of practitioners also is accomplished through the protection of their digital communications. To protect their digital communications, practitioners can meet face to face with victims to discuss sensitive issues, keep in mind that their communications might be monitored, and avoid keeping sensitive information on their electronic devices (phone and laptop) without securing them. Moreover, practitioners can  use code names for people or places to protect their identity, use secured platforms to communicate such as Proton mail or Signal, keep back-copies of information in a secure location and use a strong password for your electronic devices.

If the risk of attack is really high practitioners can:

  • Go into hiding or leave the area
  • Look for protection by other actors. For example, ask for diplomatic protection to exit the country or apply to the witness protection program
  • Inform their colleagues and other practitioners that may be at risk 
  • Try to avoid having a routine that attackers can predict 
  • Try to keep a high level of alertness and be conscious of ways to manage the impact of stress on themselves and their colleagues 

Reaction to attacks

If practitioners have been attacked, they should attempt to reach the safest location possible and seek medical attention and psychological support if necessary. 

Once their physical safety is ensured, practitioners should try to keep in mind their professional habits and record every detail possible on the attack they have suffered. They should detail, in writing: 

  • What happened? 
  • When? 
  • How many people were involved? 
  • Were there identifiable vehicles? 
  • What were their number plates? 

Practitioners should further document the event by keeping any medical records, copies of documents they are handed over and taking pictures of the physical injuries or material damages they have suffered. They may consider contacting a lawyer to take remedial action.