1) What an “HR Incident Report” is—and what it is not

An HR incident report is a contemporaneous record of a workplace event that may require fact-finding, corrective action, prevention measures, or legal compliance. In Philippine practice, it commonly covers:

• Employee misconduct or policy violations (attendance fraud, insubordination, code-of-conduct breaches)
• Workplace conflict (altercations, threats, bullying, disrespect)
• Harassment and discrimination complaints (sexual harassment, gender-based sexual harassment, hostile work environment)
• Safety and security events (accidents, near-misses, property damage, theft, visitor incidents)
• Data/privacy or IT incidents (unauthorized disclosure, access violations)
• Management incidents (abuse of authority, retaliation claims)

What it is not:

• Not a verdict. An incident report is not the final finding of guilt or liability.
• Not a substitute for due process. It supports—never replaces—the required notice-and-hearing (or notice-and-opportunity-to-explain) steps.
• Not automatically “confidential forever.” It must be protected and limited in access, but it can be disclosed when legally required (e.g., litigation, government proceedings) under controlled conditions.

---

2) Why incident reports matter legally in the Philippines

Incident reports often become decisive evidence in:

• Disciplinary action and termination disputes (especially illegal dismissal cases)
• Administrative investigations (harassment committees, internal grievance mechanisms)
• Occupational safety compliance (accident documentation, corrective actions)
• Data privacy compliance (security incidents and accountability)
• Civil/criminal exposures (assault, theft, defamation risks if mishandled)

Philippine labor disputes frequently turn on two questions:

1. Was there a valid ground (substantive due process)?
2. Was proper procedure followed (procedural due process)?

Well-prepared incident documentation supports both—provided it is credible, consistent, and produced through a fair process.

---

3) Core legal framework (Philippine context)

A. Labor standards and employee discipline (general)

Philippine law requires that disciplinary action—especially dismissal—be based on just cause or authorized cause and be accompanied by procedural due process. The “two-notice rule” and a meaningful opportunity to be heard are central principles in just-cause dismissals. For authorized causes (e.g., redundancy, retrenchment, closure, disease), notice requirements differ and typically include notice to both the employee and government labor authorities within required lead times.

Key takeaway: The incident report is usually the starting document that triggers the due process pipeline; it is not the pipeline itself.

B. Workplace harassment and safe spaces

For harassment complaints, Philippine statutes require employers to maintain mechanisms to receive complaints, conduct investigations, and prevent retaliation—often through internal committees and written procedures. Documentation must be handled with heightened confidentiality and trauma-informed care.

C. Data Privacy Act (RA 10173) implications

Incident reports are almost always personal information; many contain sensitive personal information (e.g., medical details, disciplinary history, alleged misconduct, sexual conduct allegations). This triggers duties to:

• Collect only what is necessary (data minimization)
• Use for declared legitimate purposes (purpose limitation)
• Secure the records (organizational, physical, technical measures)
• Control access on a need-to-know basis
• Retain only as long as necessary (storage limitation)
• Dispose securely

---

4) Documentation: what “good” looks like (and what breaks cases)

A. The anatomy of a strong incident report

A legally resilient incident report typically contains:

1. Header / Administrative details

   • Report title, unique reference number
   • Date/time drafted and date/time of incident
   • Location (physical site or system/work channel)
   • Reporting person (name, role), receiving HR officer
   • Parties involved and their roles (complainant, respondent, witnesses)

2. Neutral narration of facts

   • Chronological, specific, and factual
   • Direct observations vs. second-hand information clearly labeled
   • Avoids conclusions (“he is guilty”) and inflammatory language

3. Evidence log

   • Attachments list: CCTV timestamps, screenshots, emails, access logs, medical certificates, photos
   • Chain-of-custody notes: who obtained it, when, where stored, who accessed

4. Immediate actions taken

   • Separation of parties, medical assistance, security involvement
   • Interim measures (temporary reassignment, work-from-home arrangement, no-contact instructions) when warranted

5. Policy references (optional but helpful)

   • Cites which company rules may be implicated—without “pre-judging”

6. Sign-offs

   • Prepared by; reviewed by; received by HR
   • If a witness statement: witness signature and date, with a declaration of truthfulness

B. Common documentation mistakes that create legal risk

• Leading, judgmental language: “He stole” instead of “Item missing; CCTV shows employee placing item in bag at 3:12 PM.”
• Inconsistent dates/times across report, notices, and sanction memos.
• No evidence preservation (deleted chats, overwritten CCTV).
• Coached or template-like witness statements that appear manufactured.
• Delayed reporting without explanation (courts and labor tribunals often examine delay as credibility issue).
• Over-sharing (gossip circulation, company-wide emails naming parties).
• Retaliatory documentation (sudden performance memos only after a complaint is filed).

C. Witness statements: practical guidance

• Separate incident report (HR’s intake document) from witness statements (first-person accounts).
• Use first-person language for statements (“I saw… I heard…”).
• Note vantage point and distance; identify exact words heard when possible.
• Avoid forcing legal labels (“sexual harassment,” “grave misconduct”) into witness statements; reserve for analysis.

D. Digital evidence: screenshots, chats, and logs

To increase reliability:

• Capture full context (date/time headers, participants, preceding messages).
• Preserve original files where possible (exports, metadata).
• Keep an evidence register (hashing is ideal in higher-risk cases; at minimum record file name, date acquired, custodian).
• Restrict editing. If redactions are needed for privacy, keep an unredacted master copy secured with limited access.

---

5) Due process: integrating incident reporting with lawful discipline

A. Due process for disciplinary action (conceptual sequence)

A robust Philippine-compliant workflow usually follows:

1. Intake & initial incident report

2. Preliminary assessment

   • Is there an immediate risk? (safety, harassment, violence)
   • Should interim measures apply?

3. Issuance of written notice to explain (first notice)

   • States the acts/omissions complained of with sufficient detail
   • References supporting facts/evidence
   • Gives a reasonable period to submit a written explanation

4. Opportunity to be heard

   • Could be a conference/hearing, especially when facts are contested or dismissal is on the table
   • Employee can respond, present evidence, identify witnesses

5. Evaluation & decision

   • Findings of fact; rule violated; penalty imposed (with proportionality)

6. Written notice of decision (second notice)

   • Explains the grounds and reasons for the penalty

7. Appeal/grievance (if company policy or CBA provides)

Important: “Opportunity to be heard” is not always a courtroom-style trial, but it must be meaningful—especially for serious penalties.

B. “Substantive” vs “procedural” due process (why it matters)

• Substantive: Did the employee actually commit an infraction that is a lawful ground for discipline/dismissal?
• Procedural: Did the employer follow the correct steps (notices + opportunity to respond)?

Incident reports support substantive truth-finding. Proper notices and hearings satisfy procedure. Employers lose cases when they treat documentation as a replacement for procedure.

C. Preventive suspension and interim measures

When presence at work poses a serious and imminent threat to life/property or to the investigation (e.g., harassment retaliation risk, evidence tampering), employers may use interim measures consistent with company policy and fairness. Best practice is:

• Put the basis in writing
• Set a clear duration and review points
• Avoid using interim measures as punishment before findings

D. Standard of proof in workplace admin cases

Internal administrative findings are typically based on substantial evidence—that amount of relevant evidence a reasonable mind might accept as adequate. This is lower than criminal proof beyond reasonable doubt, but it still demands credible documentation and a fair process.

---

6) Retention: how long should incident reports be kept?

A. The core principle: “retain as necessary, dispose securely”

In Philippine practice, there is no single universal statute dictating a one-size-fits-all retention period for all HR incident reports. Retention should be anchored on:

• Legal prescriptive periods for likely claims (labor, civil, criminal)
• Regulatory requirements for particular incident types (e.g., safety/OSH records)
• Operational necessity (progressive discipline, repeat offenses)
• Data privacy storage limitation (do not keep indefinitely “just in case”)

B. Practical retention matrix (risk-based approach)

A defensible internal policy often uses tiers such as:

1. Low-risk, minor incidents (resolved coaching, no sanction)

   • Retain for a short period (e.g., 1–2 years), then dispose securely.

2. Moderate-risk incidents (written warnings, suspensions, significant disputes)

   • Retain through the period needed for progressive discipline and for foreseeable claims after separation (commonly several years).

3. High-risk incidents (termination-related, harassment, violence, major safety incidents, significant data breaches)

   • Retain longer, often through employment plus an extended post-separation period to cover disputes and investigations.

4. Safety/accident incidents

   • Align with OSH and insurance needs; retain long enough for compensation claims, audits, and trend analysis.

Data Privacy Act note: Whatever periods you select, document the rationale, restrict access, and implement secure deletion.

C. “After separation” retention

A common compliance mistake is deleting incident records immediately after resignation/termination. Many claims are filed after separation, and you may need records to defend or pursue claims. A retention policy should explicitly include post-employment retention, then secure disposal.

D. Litigation hold

Once a complaint, demand letter, administrative case, or foreseeable dispute arises, suspend ordinary deletion for related records (including emails/chats/CCTV) and preserve evidence.

---

7) Confidentiality and access: who should see incident reports?

A. Need-to-know access

Limit access to:

• HR investigators/ER (employee relations)
• Relevant managers with decision-making roles
• Legal counsel (internal/external)
• Security/OSH officers (for safety incidents)
• Committee members (e.g., anti-harassment committee) as required by policy

Avoid broad distribution (department-wide emails, shared drives without permission controls).

B. Redactions and disclosures

When disclosing to:

• Government proceedings (DOLE/NLRC)
• Courts
• External investigators

Disclose only what is relevant; consider redacting third-party identifiers when not necessary, while keeping an unredacted secure copy.

C. Data subject rights (privacy perspective)

Employees may request access or correction under data privacy principles, subject to lawful limitations (e.g., privilege, ongoing investigation, protection of other individuals). Create a controlled process with HR + legal review.

---

8) Special topic: harassment complaints (sexual harassment, safe spaces, retaliation)

Harassment cases require additional safeguards:

1. Trauma-informed intake

   • Do not force repeated narrations unnecessarily
   • Offer a private setting; consider support person requests

2. Interim protection

   • No-contact directives, schedule changes, temporary transfers (avoid penalizing complainant)

3. Confidentiality

   • Strictly limit disclosure; gossip can create independent liability (and retaliation risk)

4. Fairness to respondent

   • The respondent must receive sufficient details to answer
   • Avoid public shaming; avoid assuming guilt

5. Retaliation monitoring

   • Document and act on retaliation allegations promptly

---

9) Drafting your internal policy: minimum clauses to include

A solid “Incident Reporting and Workplace Investigations” policy usually includes:

• Definitions of reportable incidents
• Reporting channels (HR, hotline, email, supervisor)
• Anonymous reporting rules (and limits)
• Non-retaliation statement
• Investigation steps and timelines (flexible but stated)
• Evidence preservation procedures
• Interim measures and preventive suspension rules
• Due process steps for discipline (notice(s), opportunity to respond, decision memo)
• Confidentiality and access controls
• Retention periods by incident category
• Secure disposal method
• Coordination with OSH/security/IT/privacy
• Appeals/grievance procedure (and CBA alignment if unionized)

---

10) Templates you can adopt (practical, Philippine-ready)

A. Incident report (intake) – key fields

• Incident Ref No.:
• Date/Time Reported:
• Date/Time of Incident:
• Location:
• Reporter:
• Persons Involved:
• Summary (1–2 sentences):
• Detailed Narrative (chronological, factual):
• Witnesses (names/contact):
• Evidence Attached (list):
• Immediate Actions Taken:
• Risks/Concerns (safety, retaliation, evidence preservation):
• Prepared by / Received by / Date:

B. Witness statement – key fields

• Name / Role / Department:
• Relationship to parties:
• Where I was / what I saw / what I heard (chronological):
• Exact words (if remembered):
• Evidence I have (screenshots, files):
• Declaration: “I affirm that the above is true and correct…”
• Signature / Date

C. Evidence register (simple)

• Item No.
• Description
• Source
• Date obtained
• Custodian
• Storage location
• Access log notes

---

11) Practical compliance checklist (for HR and managers)

• Report written promptly and neutrally
• Evidence preserved and logged (CCTV request made before overwrite)
• Interim measures documented (if any)
• First notice issued with specific facts and reasonable time to explain
• Opportunity to be heard provided (conference/hearing when warranted)
• Findings based on substantial evidence
• Decision memo explains rule violated and proportional penalty
• Second notice served (for dismissals)
• Confidentiality enforced; no retaliation monitored
• Records secured, retention period assigned, disposal planned
• Litigation hold triggered when dispute is foreseeable

---

12) Common “hard problems” and how to handle them

A. Anonymous reports

Accept them, but corroborate before acting. Anonymous reports are best treated as leads, not proof.

B. “He said / she said” cases

Focus on:

• consistency over time
• corroborating circumstantial evidence (access logs, CCTV, time records)
• credibility markers (vantage point, detail, motive, contemporaneous reporting)
• pattern evidence (prior similar complaints) handled carefully and fairly

C. Social media / off-duty conduct

Document the nexus to work (workplace impact, company reputation, threats to coworkers, policy coverage). Avoid policing purely private life absent a legitimate workplace interest.

D. Defamation risk

Stick to need-to-know communications, factual language, and internal privilege. Avoid broad announcements naming individuals or asserting guilt before findings.

---

Closing note

In the Philippines, HR incident reporting sits at the intersection of labor due process, privacy compliance, and workplace safety and dignity. The safest approach is to treat incident reports as evidence containers—built for accuracy and fairness—then run a consistent due process workflow that can withstand scrutiny if the matter escalates to DOLE/NLRC, court, or regulatory review.