Combating Negligent Security Claims

(US Wire Service) Early this morning, three men claiming to be members of the “Vengeance Brigade” stormed into the lobby of the City Financial Center and shot several employees of building tenants. An explosive charge was detonated in the main elevator shaft that contained the communications and data lines and the fire suppression system. Four were pronounced dead at the scene and eight more are in critical condition at a local trauma center. Police did not release the victims’ identity and employer.

The assailants escaped.According to police, the Vengeance Brigade had made numerous threats against unnamed building tenants. Among the building tenants are a pharmaceutical firm with a history of harassment by radical groups, the consulate of a Middle Eastern country, the regional office of a government intelligence agency, and an electronics research firm.

What plans for recovery and mitigation are in place? Will you be able to defend litigation that is certain to follow? Will this attack cause tenants to move to another location? What is your potential personal liability? What should the media be told? What a way to start the day! These are only a few of many questions that will have to be answered. How would you as the property manager respond?

This is not a wild unrealistic scenario. In our changing world it could easily occur at any location. Today is the time to start preparing contingency plans for this and other potentially disastrous occurrences. How to develop plans for various threats requires a methodical approach with reality, practicality, and cost containment as the primary objectives.

Current Practices

Randomly selected property managers were surveyed to determine details of their risk assessment and property security programs. The results were very disappointing because of the apparent lack of understanding of premises liability and negligent security issues on the part of those responding to the survey.

The survey results indicate that the overwhelming majority of property managers and owners would not be able to successfully defend litigation for negligent security. The plaintiff would probably be successful in demonstrating that, at best, there was a minimal attempt to identify risk. However it fell short of that necessary to reasonably identify the foreseeability that a negligent action would result in injury.

The surveys were sent to property managers for commercial properties. The properties included apartments/condominiums, office buildings, hotels/motels, retail stores/malls, manufacturing/assembly facilities, and industrial parks. The results of the surveys reported:

  • Fifty-seven percent of the respondents had not conducted any type of risk assessment for their properties. The remaining respondents had conducted some form of risk assessment within the previous two years.
    • The property manager or an independent security consultant conducted the assessments. The analysis tasks included the identification of security risks and vulnerabilities existing within or on the facility property and inspection of the facility to identify actual or potential security vulnerabilities resulting from the facility design or maintenance. Only one survey conducted reported meeting with local law enforcement officials to identify the crime problem within the area.
    • None reported meeting with adjacent businesses to identify common security risks and vulnerabilities or meeting with staff members and tenants to identify their security knowledge and concerns.
    • The minimal actions of the security consultants to identify potential risks bring into question their professional knowledge of premises liability and negligent security claims. This identifies the necessity to ensure that the consultant has the skills and knowledge to best meet your needs.
    • One property reported that a consultant had conducted a risk assessment but there was no written report of findings. The plaintiff’s attorney will certainly directly state or imply that there was a “cover up” of risks on the property.
  • More than half of the respondents reported that security instructions, policies and procedures had been compiled but were not readily available to staff members.
    • Less than 30 percent of the respondents stated that the security instructions, policies and procedures had been reviewed within the last year for adequacy, sufficiency and currency. The remainder had not reviewed the security protocols since their initial implementation.
    • None could prove that the security protocols for the property had been communicated to tenants or staff members. Proven awareness of security requirements is a basic litigation issue.
  • About one-half of the properties reported utilizing contract security officers or off-duty police officers.
  • Approximately 15 percent of the respondents reported any form of requirement for staff members or tenants to report specified incidents occurring on the property. The primary response was similar to “any incident that makes for an unsafe workplace.” This is basically a “do whatever you want to do” response.
  • One property manager reported, “security is not an issue.” This property had not conducted a risk assessment, leading to the conclusion that if you don’t know of a potential risk, you have no problem. This type of situation and comment would make for a very ecstatic plaintiff’s attorney.

There is apparent confusion as to the value of a viable risk assessment program leading to appropriate security protocols. Regardless of the actions taken, failure to document such actions leads to an assumption that such actions were not undertaken.

What Can I Do To Protect My Property?

There is a natural flow from assessing risks to developing security protocols to having a reasonably safe and secure property:

  • Know the risks
  • Identify reasonable and appropriate risk countermeasures
  • Educate staff and tenants
  • Document activities
  • Reinforce requirements
  • Periodically reevaluate risks and countermeasures

Identifying The Risk

A methodical risk assessment is the basis for all mitigation actions. Until you know the “enemy”, you cannot adequately prepare! The enemy is not only the criminal assailant. The enemy may be a terrorist, a threat to business profitability, negligent security litigation, adverse public relations, and many other personal and business threats.

Risks
A comprehensive risk assessment should be conducted to establish a threat baseline. Periodic reevaluations, normally annually, should be conducted to identify factors that may have changed–new tenants may influence probability factors, neighborhood characteristics may increase or decrease crime potential, world affairs may raise threat levels, etc.

Various individuals may conduct risk assessments but the primary qualifier should be the individual’s expertise in identifying risk and developing viable countermeasures. The property manager may be very qualified at managing individual properties, but does this person have the requisite knowledge of proper security countermeasures? Using an independent security consultant may be an alternative, providing professional expertise and impartiality. A security systems vendor may provide assessment services but caution must be exercised to ensure impartiality and that the assessment is not a prejudiced marketing tool.

Property managers must be concerned with risk loss events facing their business clients as well as their own staff members. Not all risk loss events are equal in severity or probability. The initial step in any risk assessment is determining the probability that a risk loss event will occur. This is the foreseeability element in potential litigation–did the owner and manager know, or should they have known, that there was a probability that such an event could occur.

Many tasks comprise risk identification. An individual risk may not appear to be a problem–when viewed in relationship to other risks, the complexity increases. What to assess is as important as how to conduct the assessment. As a minimum, the following tasks should be included in the risk assessment:

  • Discussions with property management staff and tenants. This is the most important of all risk assessment activities. Staff members and tenants are intimately acquainted with the property and its operation. In their daily activities, they will become aware of problems not readily obvious to the outsider. The greatest outcome is that this promotes “buy in” by staff, management and tenants. The security program becomes a mutual effort when their thoughts are a part of the decision process, thus facilitating compliance with security protocols.
  • Meeting with local law enforcement officials. The type and amount of crime occurring in the neighborhood will impact on criminal acts occurring on your property. No property “is an island unto itself” and must prepare to counter the potential for risk from the external environment. Many law enforcement agencies have crime prevention units that can assist in identifying problem areas.
  • Meeting with adjacent businesses to identify common problems. This provides a conduit for mutual exchange of information and aids in developing mutual assistance programs. Court decisions have held that local security measures do not identify the required standard of care. In other words, each facility is dissimilar in risk and more than one security measure may counter the same risk. A security officer may guard a door at one property while appropriate security devices and response procedures may provide the same degree of protection at another facility.
  • Analyzing the building design and property terrain in terms of potential hazards. Clear sight lines may influence security measures as will design features such as lengthy and winding corridors or extensive landscaping.
  • Identifying property security risks and vulnerabilities. A property utilized to manufacture hazardous materials presents a very different problem than an office building with low profile tenants. Also to be considered is the overflow vulnerabilities caused by adjacent properties. The building with low profile tenants that abuts a chemical plant may inherit the problems of their neighbor.
  • Preparing a risk assessment report. The risk assessment results must be reported to executive management. This document is the justification for security protocols and expenditures. Additionally, it is a vital defense document in the event of litigation. It will show that an effort was made to identify risk–foreseeability in legal jargon–and develop appropriate risk reduction measures.

Identifying Reasonable and Appropriate Risk Countermeasures

The next step in the process is the identification of appropriate measures to reduce risk. The probability of eliminating all risk is minimal. Risk reduction requires a composite program of personnel, policies, procedures, systems, and devices. Each component plays a unique role and the absence of one component negates the overall effectiveness of the program.

Adopting the security measures of other facilities is not the solution to your problem. Each facility is unique in design and risks and therefore, the chosen countermeasures must be appropriate for the facility to be protected.

There may be different measures of equal value to use to secure a facility. For example, providing appropriate security for a rear entrance may include various mechanical locking devices, use of a keypad or access control system, placing a security officer at the entrance, or combining closed circuit television cameras monitored at a central location with a magnetic door release. The question then arises as to the appropriate and cost effective measure to meet your particular need.

Security Officers

Security officers are one of the primary means of providing protection, however their use is not without potential problems. The quality of personnel and performance standards of the security officer, either proprietary or security vendor, are frequently questioned.

Some States do not have minimum personnel and training requirements for security officers. Therefore, it is important that standards be agreed between the parties to best protect the interests of the property owner and manager. The key to successful security officer performance is to remember an adage–”my facility, my money, my standards!”

A generic contract, frequently provided by the security service vendor, does not provide adequate protection for the property manager. It is highly recommended that the security services contract be developed for the property manager by an independent security consultant or legal counsel. Regardless of who prepares the contract, legal counsel should review it.

The contract should state in specific details your service expectations and include penalty and incentive clauses to enhance performance. Penalty and incentive clauses significantly influence service and performance levels. Be wary of hold harmless clauses that protect the vendor for acts of negligence on the part of vendor employees.

Security Trade Practices Do Not Establish Legal Standard of Care

Allen v. Ramada Inn, Inc., 778 P.2d 291 (Colo. 1989)

Allen was a guest at a motel where she occupied a garden-level room. An intruder apparently entered her room through a window from which security bars had been removed and raped the plaintiff. The motel was allegedly in a high crime area and no window stops were placed on the windows.

During trial, the defense introduced testimony concerning the security measures and features of other hotels within the city. Plaintiff did not contest the introduction of this information but asked that a jury instruction be included stating that local security trade practices do not establish the legal standard of care. The trial judge declined to include the instruction and was subsequently reversed on appeal.

Liability Significance: The notion that if the adjacent property has a particular type of protection, so therefore I must have identical protection, is incorrect. The legal standard of care is the totality of the security measures and not any one specific measure.

Security Systems and Devices

Security systems and devices must be appropriate for their performance expectations and must be periodically inspected and maintained. Once it has been decided to utilize a device or measure, there is an assumption that a need has been recognized by management for that particular level of security. Failure to ensure that the device or measure functions properly will increase liability exposure.

Access control and closed circuit television (CCTV) systems are the most commonly used systems. Access control systems include metal keys, combination locks, and most frequently, computer programmable card access devices. The advantage of the card access system is the ease and low cost of personnel access authorization. A unique identifier in the access card provides an audit trail for subsequent review and analysis.

During the decision making process considerations should be given to integrating various systems to maximize cost efficiencies. Among other things, the access control system can be used for time and attendance reporting, access to restricted areas, monitoring security officer activities, and allowing procurement of supplies and equipment from storage areas.

A CCTV system, integrated with an access card control system, allows monitoring of remote locations from a central location, thus reducing manpower requirements. The use of videotape recording of CCTV images should be discouraged because of the rapid deterioration of images through reuse of videotapes. Digital recording on a computer hard drive provides clearer images and virtually immediate image location and review of questionable activities.

Evidence of CCTV coverage provides the impression that someone is monitoring activity within a given area. Signage should be provided to indicate that monitoring is being conducted or the area may be subject to monitoring. It is important to ensure that there is not an illusion of safety and security that does not in fact exist.

Policies and Procedures

Policies and procedures are critical to proper functioning of security activities and performance of systems and devices. Policies must be developed and communicated to staff and tenants to identify management expectations. Policies are complemented by procedures outlining how the policy goals are to be accomplished. The procedures are the “how to” component of the policies. Procedures must be periodically reviewed to ensure they are current and appropriate for an environment subject to frequent change.

The human element is a central ingredient of the countermeasures program. A sufficient number of adequately trained personnel must be available to implement the procedures at all times that the facility is occupied. Procedures that can be easily and effectively implemented during normal daytime business hours may not be viable during times of reduced staffing. Therefore, the staffing level is a major consideration when choosing measures to implement a policy or procedure.

Educating Staff and Tenants

Educating staff and tenants, unfortunately for many managers, may be an exercise in futility. However, to survive a negligent security claim, you must be able to demonstrate that staff members and tenants were aware of the requisite policies and procedures. Even when a tenant is responsible for safety and security within their leased space, it is necessary to ensure that they are aware of the security policies and procedures relating to the property common areas. A tenant should be mandated through lease provisions to receive this information and training and also be responsible for providing the information to their employees.

Not only must employees and new tenants be made aware of your safety and security expectations upon their assignment to your property, it is necessary to conduct periodic refresher training. The methods used to present this training will be unique to your business environment. It may be formalized lecture style instruction for large groups or an individualized program. Regardless of the presentation format, it is necessary to prove at least three elements in your litigation defense: (1) what information was presented, (2) that the recipient received the information, (3) that the recipient understood the information.

Depending on the diversity of staff and tenants, it may be necessary to prepare policy and procedural documents in more than one language when it is determined that English comprehension is an issue. Each staff member and tenant should be required to sign a document stating they had received training in specifically identified subjects. This will suffice for two of the three elements. The third element, proving knowledge of the information, is best proven through a testing program. Not only will this show that an individual has received and understood the information but it will identify areas where additional emphasis and training may be appropriate.

Documenting Security Expectations and Activities

One of the key elements in negligent security litigation is that the property owner or manager “knew or should have known” that there was a probability of a security risk occurring that could cause injury. To combat this issue of “foreseeability”, it is necessary that security activities be appropriately documented.

Incident Reporting Standards

Lisa P. v Bingham
50 Cal.Rptr.2d 646 (Cal. 1996)

Lisa P. was a clerk in a store located in a shopping mall when an individual robbed the store of the receipts and forced her into a back room where he raped her. This incident was one of several robberies, some ending in rape, with an identical modus operandi which had occurred within a 14-day period in the vicinity of the mall. The central issue of Plaintiff’s allegations was that the defendants failed to take reasonable measures to secure the shopping center.

The court held that landowners have a duty to exercise reasonable care to discover criminal acts being committed, or likely to be committed, on their property. The defendants relied on volunteered reports of crime and did not know the actual extent of criminal actions occurring on their property.

Identifying activities to be documented should be outlined in a security manual or related document. Housekeeping activities such as opening and closing entrances, inspection rounds and personnel changes are commonly reported activities. The unusual occurrences provide an area for questions. It is recommended that, as a minimum, the following non-routine occurrences should be documented:

  • Any action or incident resulting in financial loss to any person or corporate entity in excess of a specified minimum about.
  • Any action or incident which could result in financial loss to any person or corporate entity in excess of a specified minimum about.
  • Any action or incident, which is a violation of any criminal law or ordinance.
  • Any action or incident, which could result in civil litigation on behalf of, or against your employer.
  • Any action or incident, which could result in a request for security services at a future time, e.g., potential employee violence problem resulting from spousal abuse restraining order of other actions.
  • Any termination of an employee, which could result in injury to any person, damage to property, or disorderly conduct.
  • Any irregular occurrence, e.g., significant maintenance problems, medical emergencies, personal or equipment accident resulting in a requirement for immediate or possible future medical care.
  • Any wherein the occurrence should be report to your employer of recorded for information and future reference.

Management, in consultation with legal counsel, should identify specific examples of each activity to be documented. When in doubt, document the occurrence is a wise directive.

Tenants should be required by lease provisions to report specific incidents, particularly of an actual or potential criminal nature, to property management as part of management’s legal obligation to identify risks occurring on the property. Voluntary reporting increases liability potential.

Reinforcing Requirements

Continuous action must be taken to ensure that staff members and tenants consistently adhere to the acknowledged security protocols. The most appropriate action is a combined program of periodic refresher training and corrective action when a failure to comply with requirements is noted.

While it is not within the purview of the property manager to directly discipline tenant staff members for violations, the tenant’s senior executive should be notified and requested to take corrective action. There may be limited circumstances where the property manager may take corrective action. If a staff member, tenant, or tenant’s employee fail to follow security protocols established for use of a common parking garage, parking privileges may be limited or removed. Other imaginative solutions should be considered. As with the security officer vendor contract, incentive and penalty clauses in the lease may be a consideration to enhance compliance. Regardless of the corrective proposed, legal counsel should be consulted prior to enforcement action being taken.

Reevaluating Risks and Countermeasures

The only constant in the business environment is change. In the property management arena tenants come and go, the world situation creates new threats, technological advances make security equipment more cost effective, neighborhood demographics change, and security equipment and services vendors suffer the same business crises as property management firms.

Periodic appraisals of risks and countermeasures must be conducted to make certain that the proper protection level is provided and that the most cost effective measures are utilized. At least semi-annually, meetings with staff and tenants should be held to obtain input as to the effectiveness of the security protocols. A more detailed risk assessment and analysis should be conducted annually.

Is A Risk Assessment A Genuine Business Benefit?

There are several financial and non-financial benefits gained from a comprehensive risk assessment. The primary benefit is the increase in safety and security for your staff members and tenants. This benefit is difficult to evaluate in financial terms. It is primarily a psychological benefit that increases productivity because of reduced fear for personal safety. It is a feeling of well being created by the awareness that management is concerned with people as individuals and not solely as instruments of financial gain.

The threat of negligent security litigation is omnipresent. A risk assessment with appropriate follow-up will reduce the potential of a lawsuit being filed against the property manager and owner. If litigation is initiated, it will demonstrate that a legitimate attempt was made to provide a safe and secure environment. Where the assessment was conducted and countermeasures instituted, the key issue will be whether the measures were “reasonable and appropriate.” Without an assessment, the question will be how could you initiate “reasonable and appropriate” measure if you had no idea of the actual risks to be countered?

The risk assessment may suggest the need for various security systems or devices. These measures may be expensive when viewed from the perspective of their singular use. When viewed as part of an integrated system, cost efficiencies can be expanded to cover other vital areas. Why expend funds for a separate time and attendance system or critical items security system when they can be integrated into the overall security system at an appreciably reduced cost? Viewing security as a separate entity, and not as a part of the overall loss prevention strategies, adds unnecessary costs and reduces benefits.

Using security as a marketing tool is another benefit. However, this benefit is not without potential pitfalls. The use of such words as “state of the art security” or “high security” may have some potentially costly nuances not readily obvious. They will become obvious during litigation when the plaintiffs allege that because of these or similar words, they reduced their personal vigilance for threats to their safety. It is strongly suggested that any use of security as a marketing tool be discussed with, and approved by, legal counsel. As with other issues, what you intend to say and how it is perceived by others may have completely contradictory interpretations. Don’t leave it to a jury to decide; let your legal counsel decide for you before it becomes an issue.

A benefit not normally considered by the property manager is the transfer of a portion of the safety and security liability risk to the property owner. The property owner is ultimately responsible for safety and security regardless of who actually provides building management functions. Court decisions have held that the function of providing security may be outsourced but NOT the responsibility (Rockwell v Sun Harbor Budget Suites, 925 P.2d 1175 [Nev. 1996]). Realizing that a property management firm is working with a limited budget, the property owner should be notified that risks and safety issues exist outside of the management firm’s ability to resolve them. This action puts the property owner on notice that additional exposure exists that requires redress to reduce liability potential. Again, documentary evidence of notification by property managers is necessary.

The risk assessment should never be viewed as a negative aspect of property management. It is a vital tool in providing a safe and secure environment for staff, tenants, and the public. Foreknowledge is less costly than learning the truth through litigation.

Bibliography

Blake, William F., CPP, CFE and Walter F. Bradley, Esq., Premises Security: A Guide for Security Professionals and Attorneys, Butterworth-Heinemann, Boston, MA, 1999

Allen, Joe, Assessing Risks in a Changed Environment, Securitas Magazine,
January 2002, Feltham, Middlesex, UK, 2002

Archibald, Rae W., et al, Security and Safety in Los Angeles High-Rise Buildings After 9/11, Rand, Santa Monica, CA, 2002

Bates, Norman D., J.D., and Jon D. Groussman, J.D., Major Development in Premises Security Liability II (1999), Liability Consultants, Inc., Sudbury, MA 1999

Ellis, Raymond C., Jr., and David M. Stipanuk, Security and Loss Prevention Management, 2d Edition, Educational Institute, American Hotel and Lodging Association, Lansing, MI, 1999

Fischer, Robert J. and Geion Green, Introduction to Security, 5th Edition, Butterworth-Heinemann, Boston, MA, 1992

Hayes, Read, CPP, Retail Security and Loss Prevention, Butterworth-Heinemann, Boston, MA, 1991

Lack, Richard W., CPP, Editor, Security Management, National Safety Council, Itasca, IL, 1997.

Weissenberger, Glen, Esq, and Barbara B. McFarland, The Law of Premises Security, 3d Edition, Anderson Publishing Company, Cincinnati, OH, 2001