SEC Security State of the Industry: Could Your Security Program Fall Below Industry Standard of Care Resulting in a Finding of Negligence?

Return to Program Best Practices

Featuring: A study of recent case law involving workplace violence programs

Created by the Security Executive Council

The following is a summary of a SEC Security State of the Industry briefing


With recent, high-level civil liability cases indicating potential changes in what constitutes negligence in incidents of workplace violence, the Security Executive Council (SEC) on December 12 presented a Security State of the Industry briefing on current litigation and how it may be a harbinger for new changes and reevaluation of current corporate workplace violence programs.

Presenters included moderator Bob Hayes, SEC Managing Director; Robbie Foster, Attorney and Partner, Nelson Mullins; and Richard Hines, Attorney and Partner, Nelson Mullins. These Georgia and South Carolina ‘super lawyers,’ said Hayes, have conducted exhaustive research on the topic over the last several years, as well as participated in high-level court cases surrounding negligence and liability in the workplace.

“We have become aware of silent changes that may be headed to workplace security and safety programs, arising from civil liability cases over the last several years,” said Hayes, who has also served as an expert witness on the topic. “There is a discussion, in these cases, on negligent hiring and retention that is disconcerting and necessitates that every plan become proactive and less reactionary. The SEC sees a need for a documented, repeatable, workplace violence training program that is incorporated from top to bottom of an organization and is measured and assessed regularly.”

Unfortunately, he added, most plans fall into the reactionary category, and only a small percentage of organizations have a measured plan aligned fully with the corporate culture.

Robbie Foster, who has been working in this area for 25 years, provided a rundown of the historical basis for liability involving criminal acts or shooting on premises. Historically, when an independent third party committed a criminal act on a property, property owners were not liable as a matter of law. But that changed in 1974 when actor Connie Francis was raped in a hotel in Mineola, N.Y., he said. “The facts surrounding the case changed the law. The sliding glass door was broken, the hotel knew it was broken, didn’t fix it and there had been two attacks prior. That case law that’s been on the books since 1979 still stands. Property owners are not liable for third party criminal acts unless those acts were reasonably foreseeable. That exception has swallowed the rule in most states: reasonably foreseeable is critically important.”

He’s also seeing a rising phenomenon: an employee committing the criminal act and a shift of the criminal act premises liability to include negligent hiring and retention. “In this case, your property is not relevant. What’s relevant was the foreseeability of the employee to commit violence—the shooting or the criminal act. What was the history of the employee and knowledge by management of the employee?”

These and other concepts now arising in civil liability cases are changing the basis of the independent third-party criminal act and the responsibility and liability that flows on your property, said Richard Hines.

“Let’s assume you are a security director who has done a first-rate background check on your employees. The plaintiffs can’t claim your background check was improperly conducted. The shooter had been a model employee and maybe was even recognized as employee of the month or something similar. So, there’s no basis for negligent hiring or negligent retention claims. But now the plaintiff’s lawyers are looking for more.”

Hines said corporations that do not have a workplace violence and intervention program in place could potentially be subject to massive liability. “For those organizations with a program, that very plan could possibly be used against them in a court of law. Plaintiffs are trying to take your workplace violence program and turn that very program against you.”

He explained: “Once you have an event now you can go back through and analyze everything from the moment the employee came on the property. What are the red flags the shooter may have raised during the course of their employment? Did he have words with employees and suggest he may ‘shoot the place up’? Did he ever suggest in jest or otherwise he was thinking of committing suicide? If he made those comments, what your program intended to do and what it didn’t do gives the plaintiff’s lawyers a case against you.”

Robbie Foster said in the last three years he has noticed courts starting to change the landscape of liability for independent third-party criminal act claims. In California, for example, under an employment law statute this language emerged: “An explicit public policy requiring employers to take reasonable steps to provide a safe and secure workplace for their employees. Such responsibility appears to include the duty to adequately address potential workplace violence.”

Another case cited during the online briefing was the Washington, D.C., Navy Yard shooting in 2013. According to Foster, many of the claims under traditional premises liability negligence were dismissed, but the judge allowed the lawsuits to move forward under negligent hiring and retention. “This touches on workplace violence, but it’s more about what the employer potentially knew about the propensity for violence of this shooter. Ultimately, there was enough in the background to let the discovery go forward. That case is ongoing, and it is allowing the shooter’s victims to hold the employer liable if there were enough red flags known to management. The negligent hiring claim was dismissed but negligent retention was not.”

There are other considerations, such as OSHA standards and industry guidelines and how they measure up to this new wave of thinking. For example, the ASIS/ ANSI/SHRM Workplace Violence Prevention and Intervention Standard, (ASIS/SHRM WVP.1-2011) is used by some security practitioners and could possibly be used to prove a defendant’s program did not measure up to its guidelines. “Those who are responsible for a workplace violence program should work with an independent third party or evaluate their internal program and create their own individualized plans to avoid programs that are minimal and fluid,” said Richard Hines.

And while the courts aren’t going in this direction, it’s clear the plaintiff’s lawyers and experts are, said Robbie Foster. “We are seeing plaintiffs being very creative in attacking workplace violence programs. Make sure you have a robust program that is properly documented. The kinds of things they are looking at includes detailed employee training, orientation, annual retraining and comprehension. And workplace violence programs should encompass all employees.”

Richard Hines added that reporting and intervention are two foundational pieces plaintiff’s attorneys and their clients are looking at. “That’s the bedrock of their claims. Their theory is that the program was not robust enough, there was not appropriate training at the beginning, and the training was not tested for actual comprehension. If workplace violence programs are based on the fact that comments or actions should be reported and include those mechanisms, even that may not be specific enough. Your program should consider including basic red flag indicators that are regularly reported even if those indicators are thought to be joking comments. That’s the center of where your programs will be attacked.”

The essential point is this: Can you defend the elements of your program? Is there training for all new employees at orientation? Annual requirement for retraining all employees? Tests for comprehension after training? Does your program include behavioral indicators of violence? Documentation of every instance of training, signed by employees, and regular consistent reviews are necessary.

Every workplace violence program needs to include a mechanism for employees to report potential instances and red flags to management and supervisors. Finally, the threat management team needs a documented process for analyzing incidents to reduce potential liability.
Related Resources
Workplace Violence Continuum
Is My Workplace Violence Program Ready for the Next Generation of Challenges?
More can be found on this page

Return to Program Best Practices