Legal Trends

By Kevin Lindsey Aug 1, 2006

HR Magazine, August 2006Organizations that still think an emergency management plan is a nice-to-have rather than a must-have could be in for a rude awakening if victims of workplace crises haul them into court for negligence.

Catastrophic terrorist attacks. Violent crime. Ravaging hurricanes and floods. A global influenza pandemic.

Remember the good old days--when business-continuation planning focused primarily on figuring out what to do if key executives were incapacitated?

Today, companies need to broaden their emergency planning to encompass a wide range of potential catastrophes, first and foremost to protect their people but also to preserve their property and profits. Moreover, failure to plan may expose organizations to legal liability.

Unfortunately, many organizations are not prepared. In August 2005, AT&T reported in its fourth annual survey--Disaster Planning in the Private Sector: A Look at the State of Business Continuity in the U.S.--that on average a third of companies in the country do not have a disaster recovery plan. Among the companies surveyed that do have plans, approximately 25 percent of them had neither updated their plans nor tested them within the previous year. Seventeen percent said they had never tested their plans. Only 11 percent said they change their operational methods when the federal government raises its terrorist alert level.

Companies need to overcome their reluctance to think ahead and plan. With terrorist attacks and reports of avian flu cases capturing headlines, now is the time to prepare for the unimaginable.

Today: Liability For Outsiders' Criminal Acts

Many business leaders erroneously believe that they do not risk legal liability for criminal activity committed by individuals they do not manage. In reality, employers may be held liable for criminal acts committed by third parties under the "general duty clause" of the federal Occupational Safety and Health Act (OSH Act) and on theories of negligence under state law.

The general duty clause requires employers to provide workers with a place of employment free from recognized hazards that cause or are likely to cause death or serious physical harm to employees. Over the past two decades, the Occupational Safety and Health Administration (OSHA) increasingly has relied on the general duty clause to impose potentially significant penalties and fines on employers. Last year, for example, OSHA levied a record fine of $20 million on a company for an explosion at a petroleum refinery based in part on a violation of the OSH Acts general duty clause.

As for state law negligence claims, several states have expanded the scope of employers legal duty to protect customers and their employees from criminal activity in the aftermath of known criminal activity at or near their places of business.

In Claxton v. Atlantic Richfield Co., 108 Cal. App. 4th 327 (2003), for example, a gas station customer who was robbed, beaten and stabbed by a gang member filed a lawsuit alleging that the station lacked adequate safety measures for its customers. Atlantic Richfield argued that it owed no duty to Claxton to protect him from criminal acts. The California Court of Appeals in 2003 held that the case should proceed to a jury because there was evidence of prior violent crimes at the store and in an adjacent park that could have created a duty for Atlantic Richfield to take steps to protect its customers. The case subsequently settled.

Workers' compensation laws limit the remedies available to employees for injuries sustained at work, but most such statutes have an intentional tort exception. Over the past 10 years, courts have been more open to finding that an employers violation of safety rules is an intentional tort. For example, the New Jersey Supreme Court in Mull v. Zeta Consumer Products, 823 A.2d 782 (2003), upheld a lower courts decision allowing an employee to bring a negligence claim directly against her employer for OSHA violations.

Also, in Ursua v. Alameda County Medical Center, 2004 U.S. Dist. LEXIS 22925 (N.D. Cal. 2004), a physician was fatally injured while examining a disorientated woman with known violent propensities. The State of Californias Division of Occupational Safety and Health previously had directed the medical center to install surveillance cameras and to increase the number of security personnel because violent patients had inflicted injuries on employees. The court first denied the hospitals motion to dismiss, relying on the hospitals failure to increase the number of guards as directed. Although, after discovery, the court ultimately granted the hospitals motion for summary judgment, the legal proposition from the first decision still stands; the court did not overrule itself on that point.

These cases highlight three emerging trends. First, in certain instances employers arguably have a legal duty to protect people (both employees and customers) from criminal acts by outsiders. Second, the defense that workers compensation is the exclusive remedy for workplace injuries will not always prevail. Third, there is a growing, if tempered, willingness among courts to expand employers liability for criminal acts committed against their employees.

Tomorrow: Liability For Terrorist Acts?

More recently and significantly, there is increasing public interest in imposing an even broader duty of care on employersa standard that not only would cover companies operating in high-danger areas or in light of known risks, but also would apply to anyone running a business in todays disaster-prone world. The days of private businesses operating with complete immunity from liability for injuries resulting from acts of terrorism or natural disasters seem to be numbered.

Noting that the private sector owns approximately 85 percent of the nations critical infrastructure, the National Commission on Terrorist Attacks upon the United States, also known as the 9/11 Commission, in 2004 issued a report titled National Planning Scenarios. The report urges both the private and the public sectors to develop plans for catastrophic events such as hurricanes, terrorist acts and the plague.

The commission later retained the American National Standards Institute (ANSI) to develop a national standard for preparedness for the private sector to be regulated by the Department of Homeland Security (DHS).

ANSI recommended that DHS recognize as the national standard the National Fire Protection Association Standard 1600 (NFPA 1600)--a voluntary code that sets forth a comprehensive process for devising and implementing a crisis management plan. Although, historically, compliance with NFPA 1600 has been voluntary, there are three reasons to believe it will become mandatory and lead to greater legal exposure for employers.

First, in the Intelligence Reform and Terrorism Prevention Act of 2004, Congress urged DHS to promote adoption of voluntary national preparedness standards for the private sector.

Second, the 9/11 Commission report urged insurance and credit-rating industries to rate companies based on NFPA 1600 compliance.

Third, the 9/11 Commission report clearly and strongly suggested that companies failing to comply with NFPA 1600 are operating their businesses in a negligent manner. "We believe that compliance with [NFPA 1600] should define the standard of care owed by a company to its employees and the public for legal purposes," the report said. "Private-sector preparedness is not a luxury; it is a cost of doing business in the post-9/11 world."

Even if Congress does not enact NFPA 1600 as the statutory duty of care for private employers, employers still should be mindful that courts ultimately may adopt that standard in negligence suits as the measure of what can be expected of the reasonable employer.

Not Quite an Emergency

If your organization is behind the curve with respect to implementing NFPA 1600, dont be too alarmed. You are by no means alone. Most likely you have at least a rudimentary plan for dealing with workplace emergencies. You may be able simply to modify your program, incorporating NFPA 1600 into current business practices with the help of guidance available on the Internet or through training.

NFPA 1600 requires steps that are common to any broad-based organizational initiative:

  • Develop an executive policy.
  • Appoint a program coordinator.
  • Create an advisory committee.
  • Conduct a risk assessment.
  • Develop a plan.
  • Continually evaluate and modify the plan in response to emerging risk factors. (The NFPA 1600 framework is adaptable to developing policies and protocols for responding to a pandemic influenza outbreak or to currently unforeseen types of emergencies.)

If your existing program for business continuity and disaster management does not contain any of these elements, seriously consider including them.

The DHS web site ( provides employers with a very straightforward, NFPA-compliant sample emergency plan. It outlines practical steps and common sense measures for businesses, and it includes easy-to-use templates to help companies plan for emergency situations. The web site provides links to additional resources offering detailed information on business continuity and disaster preparedness.

Information about NFPA 1600 and NFPA workshops can be found on the organizations web site, at NFPA also offers workshops on NFPA 1600 on a regular basis. Specific information on how businesses can respond to pandemic influenza can be found at and www.cdc .gov/business.

HR Front and Center

HR leaders play a vital role in the successful planning and implementation of NFPA 1600-style emergency management planning. HR professionals will be called on to understand and strike the proper balance among myriad federal and state laws regulating employee leave, wages and hours, privacy, and benefits. Application of the Worker Adjustment Retraining and Notification Act may become an issue, in addition to policies and practices governing quarantine, absenteeism and termination. Whats more, HR will have to anticipate and deal with the emotional toll that crises can take on a workforce. Emotional issues arising from a crisis can emerge days, weeks or even months after the event.

Apropos of the latter, consider the recent experience of a large national retailer. A store employees disgruntled spouse, in a drug-induced rage, drove his vehicle through the front door of the store shortly after midnight, narrowly missing an employee. He exited the vehicle with his hand in his pocket in a way that suggested that he was carrying a weapon.

Adhering to protocols and prior evacuation drills, the store manager led an evacuation to the designated safe location and contacted the police. The police arrived promptly and arrested the spouse before anyone was injured or more damage was done. Surveillance video of the damage caused by the individual was forwarded to the police within 24 hours of the incident. Management immediately dispatched additional resources to make repairs and open up the store. By the following afternoon, there were no visible signs of the substantial damage.

Problem solved, right?

Not quite. Some of the stores employees were having difficulty coping with the stress and anxiety caused by the event. Some said they felt powerless, others said they experienced a sense of impending danger and constant anxiety. No two employees responded to the situation exactly the same way.

Fortunately, HR staff members had engaged in crisis management role-playing before the event occurred. As a result, they had taken several proactive steps and were able to respond promptly with counseling services and had a plan for managing leave and privacy issues. The stores sales volume and profitability were unaffected. Clearly, HRs role in the crisis management team served the company well.

Living with the Plan

We cant live our lives in a constant state of fear. We all know that. Succumbing to fear and attempting to anticipate every imaginable danger should not be the goal of the emergency management planning process. On the contrary, emergency management planning seeks to strike a proper balance between our going about our normal business and appropriately managing potential risk.

Remember when we were children? Most of us thought nothing of participating in fire drills, tornado drills or earthquake drills during school hours. How many of us, however, have participated in such drills at our place of employment? As natural disasters and the attacks on the World Trade Center and the Pentagon attest, emergencies can occur while we are at work, yet as discussed above a significant proportion of employers fail to conduct such exercises.

Emergency management planning didnt interfere with our ability to function at school when we were kids. With just a little more responsibility and preparation, emergency management planning neednt interfere with our ability to conduct and enjoy business either.

Kevin Lindsey is special counsel to Minneapolis commercial law firm Halleland Lewis Nilan & Johnson, providing employment counseling, risk management and litigation services to a wide range of organizations.

Job Finder

Find an HR Job Near You
Post a Job


Find the Right Vendor for Your HR Needs

SHRM’s HR Vendor Directory contains over 10,000 companies

Search & Connect