U.S. companies conducting internal investigations need to be mindful of the patchwork of ever-proliferating state and federal laws that restrict what employee data they can collect and how they can use it. Prior to commencing any internal investigation, a company should ensure it has proper policies and procedures in place to prevent it from running afoul of the complex framework of laws around data protection. The Cybersecurity Law Report spoke with Littler partner Philip Gordon about the U.S. laws companies must navigate when pursuing internal investigations, as well as practical measures for complying with them. See “How to Build Insider Risk Programs to Satisfy Global Employee Privacy Laws” (Oct. 6, 2021).