Monitoring Employee Behavior

Successful businesses, even large impersonal corporations, often do take an active interest in their employees' personal problems. If unaddressed, those problems can lead to problems for the employer, as well. An employee with serious financial problems may find it convenient to steal from the employer. An employee going through a divorce or other family issue may absentmindedly produce poor quality work or accidentally injure himself or another employee. An employee with a sick or disabled spouse or family member may have to put in extra hours of care at home and be exhausted when he arrives at the workplace, resulting in poor performance.

The best approach, if an employee seems to be having a problem, is to refer that employee to whatever type of assistance may be needed. Frequently, this is referred to as an employee assistance plan, or EAP, a formal program that may include everything from addiction assistance to credit counseling.

Employee Benefits Employee benefits, or the lack of them, are a serious political, as well as business, issue. Benefits range from a variety of medical and hospitalization insurance programs to life and accident insurance, disability insurance, retirement and 401K programs, daycare, scholarships to family members, and other programs that help employees and their families avoid the personal crises that can disrupt their lives and those of co-workers and customers.

Labor Unions In the 21st century, the labor movement has evolved from what it was in the 19th and early 20th centuries, with violent strikes, lockouts, featherbedding, and similar problems, to that of more business-like negotiations or relatively peaceful picketing. Nevertheless, although labor unions may have less political clout in the nation's economy, for individual commercial entities, from baseball to governmental personnel, labor unions and labor relations are a reality. How a corporation or other entity deals with labor issues will reflect on that entity's internal and external security. If ,or when, a breakdown in relationships, whether over wage contracts or safety issues, results in a dispute, it easily can affect the public.

Potential Liability

Commercial risk entities owe a duty of care to those with whom they come into contact, whether those individuals are in the status of licensee, invitee, or simply passer-by. In some cases, a duty of care extends beyond those who are within the entity's control – employees or vendors – and extends to acts of criminals. Normally, an individual cannot be held liable for the unforeseen criminal acts of others, but when a crime may be foreseeable, a duty arises to provide at least ordinary care. For example, if a store or shopping center provides a parking lot for its customers, it may be assuming a duty of care in implying that the parking area is safe. It should be well lit at night, perhaps patrolled by private security guards, and, as now is common, monitored by remote control video cameras.

A defendant is not obligated to anticipate unforeseeable emergencies, according to the late Patrick Magarick, co-author of Casualty Insurance Claims, 4th Ed. (West Group, 1995). "His responsibility is limited to those situations that the ordinarily prudent person could foresee under similar circumstances," he stated, in Volume One, Chapter 9, ?9:15. "Reasonable foresight must be distinguished from unforeseeable consequences. Should the defendant act in a negligent manner, setting in motion a chain of circumstances that results in some unforeseen consequences, the prevailing view of our courts should hold him liable for such consequence. Here, however, we are talking about reasonable foresight before any question of negligence arises."

That can be the case with foreseeable crime. The degree and extent of security that must be provided depend on the nature of the risk. Places in which violent crimes are known to be common occurrences (banks, gas stations, liquor stores or bars, and quick-stop stores that sell beer, lottery tickets, and milk) may have a higher duty to provide security than entities in which violent robberies are far less likely to occur. Institutions such as hospitals, courthouses, sport stadiums, or centers of public transportation (e.g., bus or train stations, airports) also may have a higher degree of duty owed, as they frequently are the scenes of violent or unusual behavior, or places where potentially hazardous individuals collect. Once thought safe, even schools and colleges have become centers of violence requiring greater security.

In Peerless Ins. Co. v. Disla (999 F. Supp. 261 {D. Conn., 1998]), for example, a dispute arose over a general liability policy exclusion relating to those "in the business" of selling alcoholic beverages. The court found that the exclusion would be applicable to a grocery store that was licensed to sell alcoholic beverages. "There is nothing in the language of the policy exclusion that requires the sale of liquor to be the insured's primary business," the court noted. Similarly, a Florida coverage dispute, Ill. Ins. Exch. v. Scottsdale Ins. Co. (679 So.2d 355 [1996]), arose between a premises insurer and liquor liability insurer when intoxicated bar patrons attacked others outside the premises.

If violence caused either by an employee or by some other party results in injury or damage to innocent third parties, it can be anticipated that all entities even remotely involved will be brought into any legal actions. In joint and several states, this exposure can be significant. The basis will be that the violence was foreseeable and that the entity owed a duty to the innocent victim to provide security and, thus, at least attempt to prevent the violence.

Screening Vendors

Any commercial entity must deal with a wide variety of product and service vendors. Some supermarkets, for example, are in many ways simply in the business of leasing shelf space to product vendors who deliver and set up their product displays or, at the least, deliver their products to the store's storage area for store employees to stock on shelves. Pharmaceutical and medical device salesmen visit doctors' offices and hospitals to demonstrate and market their products, on some occasions even demonstrating the products to physicians during surgery. Vending machine lessors regularly visit their machines to restock them and collect the money. Landscaping services, security services, transportation services, plumbers, electricians, and an infinite variety of other contractors and subcontractors constantly are coming into and out of any sizable commercial or governmental premises.

Who these people are, and what business they have on the premises, is a security concern. A stranger within an office complex may be the guy from the deli next door delivering someone's lunch, or he may be a thief seeking an employee's handbag that is set beneath a desk. Unless that person is challenged, and his business on the premises confirmed, an employee whose purse or wallet is stolen or who is assaulted in a back stairway might have a valid claim against the employer or operator of the building. Whether such a claim would stand, and whether it would be covered by an entity's general liability coverage, would depend upon the circumstances. (See, for example, the Pennsylvania case, Forum Ins. Co. v. Allied Security Inc., 866 F.2d 80 [3rd Cir., 1989].)

One common method of dealing with such exposures from legitimate vendors is to require contracts in which vendors agree to hold the entity harmless and indemnify it and its employees for any loss caused by the vendor or its employees, and to back up the agreement with a valid certificate of any required insurance, including general liability, auto, and fidelity/employee dishonesty.

Data-Related Risks

Computer-related risks, ranging from privacy to data theft and manipulation, cost businesses millions of dollars annually. Many companies have avoided reporting data thefts because of the potential public relation problems that might be associated with the loss of their data, such as personal information on customers. When hackers break into systems and obtain information, there is an exposure to the entity that should have protected that information for any loss that might occur as a result. For example, if a data system contained credit-card account information, including names, numbers, expiration dates, or PINs, a hacker could use that information to steal property, and the victim might not become aware of the theft until his next billing cycle. Earlier in 2005, a similar situation was reported involving Atlanta's Choicepoint database.

This kind of scenario is difficult to prevent, despite the array of cyber-security experts, and even more difficult to prosecute. The creators of worms and viruses have been caught, but hackers often go undetected, for the system may not even indicate that it has been breached. The costs resulting from a virus' shutting down a large computer system, especially for a company in a web-based business, can be astronomical.

Security is now the most important information technology issue, according to Enterprise Technology Trends, published by IDC Research, "moving past cost control and cost containment." A survey of nearly a thousand North American companies found that security issues had increased by close to 60 percent in the year prior to the study. Computer security involves far more than just keeping track of passwords and protecting data centers. It also involves securing data within systems from any sort of outside access, including, in some cases, litigation discovery.

Security of data is much different from that of paper documentation. Paper can be shredded or burned, or filed away for later use. Data may continue to live in cyberspace for as long as a computer system exists. "When you delete an electronic file, it actually is still there," noted data specialist Toby Brown in his article, "Special Handling: How Paper and Electronic Files Differ" in The Brief (ABA Tort Trial and Insurance Practice Section, Winter, 2004). "The ones and zeros that make up the document still exist. In actuality, all deleting did was remove the name of the document from the filing index, like removing a card from the library's old card catalog system. The corresponding book is still on the shelf and accessible to those who know how to find it."

Brown warned that this can create legal problems in several ways, especially related to discovery issues in the event of litigation. He suggested managing data through policy, and said that computer forensic specialists are able to find and retrieve deleted electronic files. For discovery of information that a corporate entity had tried to destroy, this can be a very useful tool for attorneys.

As more records, ranging from medical files to personnel data, are stored on computer systems, they become more easily accessible, both by those who need to review them and by those who have no right to review them or who may use the records to an entity's disadvantage. "States have a strong policy interest in protecting the privacy rights of their citizens, and state courts, therefore, have often freely permitted litigants to defend the privacy rights of non-parties, including not only employees, but also investors, patients, and students," wrote Tampa attorneys, Donna J. Fudge and Marie A. Borland, in "Protection from Unwarranted Discovery," in the February 2002 issue of For the Defense (Defense Research Institute). They cited several cases as illustrative, including Valley Presbyterian Hospital v. Superior. Court. (94 Cal. Rptr.2d 137 [2000]), in which a medical facility was allowed to assert the privacy rights of its non-party employees, and the Florida case, Berkeley v. Eisen (699 So.2d 789 [1997]), which involved the discovery of non-party investor phone numbers.

Ken Brownlee, CPCU, is a former adjuster and risk manager, based in Atlanta. He now authors and edits claim adjusting textbooks.