Owners, operators, and insurers of businesses, including commercial and residential properties of all types, take little solace in news reports that suggest a decline in the nation's crime rate. The focus of their concern is more likely to be the growing volume of incidents of violent crime, diminished law enforcement assistance, and the related risk of premises security litigation.
Just in the two-week period preceding the February 27th Ohio high school shooting where three students died, for example, a supervisor was shot at a California Federal Building; two were killed and two injured outside of a New Jersey market; and two were shot at a Connecticut hospital. Less than two weeks later, two people were killed and seven injured at a Pittsburgh health clinic shooting.
Beyond the loss of life, what's peculiar to many business owners is the lack of sustained media coverage and law enforcement focus of events such as these, suggesting that random violence is now commonplace and viewed as an inevitable risk that may not be possible to manage. When the Columbine High School tragedy occurred in 1999, for example, the nation's attention was focused on that event for many months. In contrast, this year's Ohio school shooting remained in the national news for less than a week. Brazen robberies, senseless shootings, and other horrific acts of workplace violence now occur with such frequency that they often go unreported, even at the local level, on a busy news day.
For corporate security professionals who are understandably focused on shrink reduction and other types of physical losses, the nation's frequency and growing acceptance of violence may serve to divert attention away from protection of their company's human assets—employees, customers, and suppliers. However, there is a substantial price to pay for not paying adequate attention to premises security. The stakes and odds are stacked heavily against any organization that does not take necessary steps to protect their employees, customers, and others who might expect security measures minimizing the risk of physical harm.
Multimillion dollar settlements and jury verdicts against owners and landlords continue and are now commonplace, not only for physical and psychological injuries suffered, but also involving punitive damage awards against corporate entities for negligence. Increasingly, the underlying message is clear—demonstrate reasonable preparation in advance of violent crime or face significant financial consequences.
Beyond reduction of financial liability, however, companies that properly manage premises security stand to benefit in many other tangible ways. A secure physical environment, for example, serves to attract and retain better employees who are likely to deliver higher levels of customer services. In turn, customers who feel secure and receive better service will shop and buy more frequently, and both of those factors can also have a positive impact on shrink. Management of premises risk not only drives revenue, it also benefits a company's internal culture, overall brand reputation, and shareholder value.
The Significance of Foreseeability in Litigation
The most critical circumstances driving premises security lawsuits are related to failure to assess risk factors and to adjust security measures accordingly. Risk factors can be measured by reliable crime and risk data, prior incidents or complaints, risks inherent to the industry, and the frequency of assessments. In 2009, for example, a Mississippi jury awarded $2.5 million in a premises liability case involving an elderly woman who was attacked in the parking lot of a major grocery store chain. The defendant was found to be negligent for failure to provide proper security in light of several prior purse snatchings and assaults in the same parking lot.
Premises security litigation always involves looking into the "retrospectoscope" and micro-analyzing events and decisions that have occurred long before a violent criminal event takes place. The key inquiry in these cases is whether a premises owner may be held liable for failing to protect people from the results of reasonably foreseeable criminal conduct. Foreseeability of a security threat may be established by proving that a retailer or property owner either had actual knowledge or should have known of a particular assailant's inclination toward violence, or by proving that the defendant had actual or constructive knowledge of a dangerous condition on the premises that was likely to cause harm to a patron or employee.
A dangerous condition may exist if, based on past experiences, there is a likelihood of criminal conduct by third persons in general or if security conditions are inadequate. Generally speaking, jurors are more apt to punish a defendant for outright ignorance and failure to investigate and proactively address known security risks. Jurors may also react to poorly reasoned decisions, such as concluding, contrary to evidence, that additional security measures are unnecessary.
Most state courts conclude that the type and extent of prior crimes will supply admissibility to establish foreseeability of criminal activity, and the radius from the business and the time period of prior crimes are key issues of relevance that are determined on a case-by-case basis. Evidence relating to the nature and likelihood of any future crime has a direct bearing on whether the preventative measures taken by the property owner were reasonable in light of all the other relevant facts and circumstances in the case.
Because of that, most state courts will not exclude evidence of similar, relevant criminal activity at surrounding businesses. In a Florida lawsuit involving a woman murdered during a robbery at her apartment complex, the building's management company settled for $5.3 million for failure to provide adequate security measures based on the high crime rate in the surrounding area. The court's rationale is that isolation of a particular property from its surrounding area forces a jury to decide the question of foreseeability in a vacuum.
The importance of forseeability in litigation makes it essential for premises owners to have a security plan in place that's been designed by a security professional, that's based on reliable data, and that's updated on a regular basis. The most effective tool in a defense counsel's arsenal is the ability to introduce evidence at trial detailing the rationale and the steps taken by a defendant to reasonably ensure the safety of its customers and employees.
Security Program Assessment and Resource Allocation Provide Additional Defense
A well-researched and comprehensive corporate security plan must be properly implemented and documented, or it will provide little protection in court. Regardless of a defendant's economic circumstances, juror reactions are particularly adverse when evidence is introduced that there had been a reduction of necessary security due largely to costs or budget cuts. If optimal security solutions are cost-prohibitive, then security plans must explore viable alternatives and must weigh the consideration of losses related to those alternatives.
Allocation of security resources should be based on any unique circumstances at the location, the loss trends
and/or crime experience for the premises and the surrounding area, and the security plan should evaluate and articulate the associated risks those trends reveal. In any reallocation of resources, for any reason, planned documentation should also identify the security measures that remain in place to protect customers and employees. It's critical for premises owners to illustrate that the security of customers and employees is their uppermost priority. Anything less than a demonstrated and well-documented level of commitment to that goal will likely result in a significant adverse verdict, if and when a third-party criminal event occurs.
The foundation of a defensible security plan must include several components, including:
- Up-to-date, objective security surveys of the business location and immediate vicinity,
- Relevant internal written policies and procedures,
- Employee training on those policies and procedures,
- Periodic awareness programs to reinforce that training, and
- A schedule for ongoing review and updating of the overall plan.
One of the most significant obstacles to a successful defense of premises security is when an employee testifies that there was no training from the owner on customer safety. Even more damaging is when the employee cannot even explain the physical security measures that were in place, given the level of risk.
Most of the time jurors will accept that the legal standard in a negligent security case does not require perfection, but they do expect premises owners will do what is reasonable, given the specific circumstances and available resources. That's why regular training, designed to educate employees on the security plan and the measures in place, is a key aspect of loss prevention as well as litigation defense.
Other key factors can influence the outcome of litigation, including whether:
- Security guards, where applicable, were appropriate, available, and effective,
- Physical devices, such as security cameras and appropriate lighting, were properly installed and operational, and
- Policies regarding employee safety were in place and applied.
In some cases, taking partial security measures can backfire. For example, a state appellate court determined that a defendant who had no security cameras, employed no guards, had no windows that looked onto the parking lot of the restaurant, but did have a policy of requiring employees to be escorted to their cars in the parking lot at night, raised sufficient questions on foreseeability, so that the jury found the restaurant owner negligent following an assault despite enhanced security measures.
In some states, such as Florida, statutes mandate very specific security conditions, such as an unobstructed view of the cash register area from outside the establishment for certain types of businesses with a high potential for crime, notably convenience stores.
Several Security Factors to Address
Decades of improvements in premises security techniques and tools, a higher level of communication among security professionals and business owners, and a lower level of public tolerance for negligent behavior have resulted in an environment in which violation of accepted industry standards and best practices can place a corporate defendant at risk of an adverse verdict. Additionally, failure to adhere to internal policies and procedures...intentionally or otherwise...will often subject a corporate defendant to a finding of negligence. Some states conclude that violation of internal policies constitutes outright negligence, while most states simply place such violations in the category of "evidence of negligence."
Premises security negligence can be based on many factors. Broken, inoperable, missing, and insufficient security equipment, as well as out-of-date technology, can make litigation defense difficult. Very often a corporate defendant faces additional peril in litigation for the failure to preserve evidence, particularly surveillance video. Intentional destruction of evidence is uniformly viewed by most states as a basis to strike a corporate defendant's pleadings or, at a minimum, to prevent the defendant from being able to contest liability. In many states, even negligent destruction of evidence, or failure to preserve it, subjects the defendant to a shifting of the burden of proof. This involves the imposition of a rebuttable presumption of negligence against the premises defendant. When this occurs, it forces that defendant to essentially disprove the proverbial negative. Alternatively, some states have a slightly less draconian punishment under certain circumstances, concluding that an "adverse inference" instruction to the jury is sufficient.
An adverse inference instruction can also be damning, however, because jurors are told that they can assume the evidence would not have been disposed of if it was favorable to the evidence. Therefore, it is of critical importance to preserve all evidence. In some cases, the defendants have even been penalized with sanctions for failure to preserve video that did not show anything. The rationale behind this is that it requires one to conclude that the corporate defendant is correct in its description of the contents of the surveillance video.
All of these challenges, involving planning, implementing, and maintaining a security plan, are increased considerably when multiple locations are involved, and increased exponentially when franchisees are involved. For large companies, consistency, communication, and control are paramount issues, and their financial resources, regardless of actual balance sheet conditions, often make them a perceived rich target for plaintiffs and juries.
Although size and complexity are not viewed by jurors as a legitimate basis for improper security planning or implementation, consider, for example, the significant security challenges faced by large retail companies who operate from thousands of company-owned or franchised locations across all fifty states on a 24-hour, 7-days-a-week, 365-day basis.
At one of the 2,000 North American locations of the Super 8 Hotel (a division of Wyndham Hotel Group), for example, a jury awarded more than $500,000 to a victim who was assaulted by a hotel employee who had entered her room with a master key. The hotel was sued for failure to conduct a criminal background check and for entrusting the master key to an employee who had been arrested on multiple occasions prior to and during his employment at the Super 8 Hotel.
Whether operating 2,000 locations or two, the unique risk assessment-related challenges for multisite owners include:
- Staffing required to conduct regular on-site visits to facilities,
- The application of inconsistent crime data,
- The lack of event history at new locations,
- Varying asset requirements and local laws, and
- The cost, feasibility, and effectiveness of differing countermeasures.
Regardless of the complexity of situation, premises owners must understand and accept that the unique challenges to be confronted must occur within the entire organization, and not solely reside within the corporate security department.
Building an Effective Security Risk Matrix
Protection against premises liability is established most effectively through development of a risk security matrix, which represents a comprehensive and integrated picture of an organization's risks and the solutions to address them. A company's security risk matrix is built on its underlying security strategy, which address four basic questions:
- What are we attempting to protect? This question requires greater exploration and insight than simply identifying "employees and customers" as assets that require protection. Intangible factors, including "goodwill" that's identified as an asset on most corporate balance sheets, is based largely on a firm's internal and external reputation.
- What are the internal accountabilities? What roles will various departments or people play in the development, implementation, and ongoing evaluation of the security plan? Who is responsible for program effectiveness and how will results be reported and measured? Regardless of internal disciplines, in the eyes of the public, accountability for premises security ultimately is borne by a company's senior management.
- What is the cost justification? Measuring a return on investment that's largely intended to avoid or offset a liability claim is far from an exact science. However, it is possible to estimate, with a fair degree of accuracy, the potential impact of a negative premises security event, including jury or settlement awards; loss of business and revenue related to the incident; employee recruitment, training, and turnover; and similar items.
- How will we articulate this program? Typically, there are a number of audiences that will require different explanations. Senior management will need insights focused on the program's risk management strategy and cost-effectiveness. Employees will need a tactical explanation of goals, roles, and responsibilities. Legal counsel may require all communication regardless of audience. The underlying goal is to establish program awareness that creates transparency within the organization at all times, and not wait for a violent crime to be the catalyst for the company to focus on premises security.
A company's security risk matrix should consider a variety of risk factors, and ideally, designate appropriate weightings. Each situation is unique, but as an example, a company might apply the following weightings:
- 25 to 35%—Nature of the business, including inherent risks, operating hours, and cash on hand, specifically for each site.
- 30 to 40%—Event history at the specific location.
- 20 to 30%—External crime risk or the level of "social disorganization" in and around the immediate vicinity.
- 10 to 20%—Subjective input from site management or law enforcement (unique circumstances).
In weighing risk factors, it's important to recognize that premises owners are not absolved from liability simply because a particular criminal activity had not previously occurred on or near the property. In other words, a plaintiff's contention that no duty to secure premises can arise until there is evidence of similar prior criminal activity will not warrant a dismissal of the case. Conversely, inherent risks and prior experience weigh heavily in jury decisions, such as in the landmark $102 million negligent security verdict in 2007 against a corporate owner/manager of a shopping center where an adult cabaret patron was shot. In this case twenty-six violent crimes had been previously reported at the club, and the owner had failed to illuminate or patrol the parking lot.
By combining objective and subjective crime data/forecasts, risk ratings should be developed for each location. The risk matrix survey tool should collect and evaluate information on event history, security countermeasures, industry and local practices, staff experience, law enforcement intelligence, and even the likelihood and potential crime-related impact of natural disasters.
The site selection process plays an important role in security risk evaluation. If properly managed, it can limit construction-related capital costs and eliminate the need for retrofitting. Depending on the risk-related classification designated to a particular location, a set of minimum security countermeasure thresholds can be allocated. Once a location's risks are identified, security countermeasures must be designed and implemented with the understanding that security is not a one-size-fits-all undertaking.
To accommodate differences in risk classification, and to provide for any changes in risk that may arise, a risk matrix should include a menu of appropriate countermeasure options. The underlying goal is to establish flexibility that will provide alternative countermeasures that are considered reasonable under a broad range of circumstances, increasing or reducing security resources over time as the situation warrants. However, this system is effective and defensible in court if there is an established protocol for regular reevaluation of risk and countermeasure effectiveness.
Preparing for Security Premises Security Litigation
Even the most sophisticated and dedicated risk management program will not entirely eliminate the likelihood that some unfortunate event will inspire litigation. Early investigation is a key component of any successful defense. Although every situation is different, there are a number of basic steps that can increase the likelihood of a positive legal outcome. In advance of any litigation, these measures include:
- Ensuring that statements from employees and witnesses are thorough and accurate and that all evidence (notably video tapes) are properly preserved.
- Involving legal counsel as soon as possible in order to protect your investigation with attorney-client privilege.
- Putting boots on the ground as early as possible to ensure a first-hand understanding of the environment and the incident. Second-hand reports or interviews conducted long after the incident are typically unreliable. If internal security personnel are unavailable, consider engaging an outside security professional to assist in the investigation and to serve as liaison with the local police.
- Analysis of the security measures in place at surrounding businesses and examination of area crime grids.
Having been served in connection with premises security, pre-emptive steps can include:
- A careful re-examination and scrutiny of all the information collected following the incident,
- Investigation of the security credentials of the plaintiff's expert witness, and
- Initial steps to explore alternative dispute resolution in advance of a trial.
Weigh the Full Impact of Premises Security Liability
The process of creating and articulating a security risk matrix takes time and patience. It can't be constructed overnight and requires a disciplined, data-driven approach to protecting the assets of the company and demonstrating a return on investment. In premises security litigation, "reasonableness" is the standard, rather than perfection.
Corporate cultures that are comfortable with rolling the dice and living with high levels of risk or that base decision-making solely on immediate ROI, are prone to shortcuts in assessing premises risk and to avoiding necessary security expenditures. Those risk calculations, often driven by worst-case scenarios of a catastrophic event and a related jury award, often fail to take into account the substantial damage that's unrelated to economic loss.
Increasingly, employees, customers, shareholders, and the general public hold all companies accountable for irresponsible behavior, whether that involves product integrity, quality of service, or premises security. The cost of crime in a court of law for any company that has not managed that risk in a responsible manner is limited to financial loss. The cost of crime for an irresponsible company, in the court of public opinion, however, is unlimited.
Intangible factors that drive a company's long-term success, including reputation and good will, as well as its ability to recruit, retain, and motivate employees, are also damaged as a result of inadequate management of premises risk. The loss of brand equity and public confidence that's driven by premises security negligence, however, is the biggest price that's paid.