Can You Be Sued if a Terrorist Attacks?
from
July/August 2002
by Susan Lahey
When goofy French movie detective Inspector Clouseau asked a man, “Does your dog bite?” the answer was no. The pooch in question nevertheless chomped Clouseau, and the man dismissed it with a line that has become a cinema classic: “That is not my dog.”
Directors, take the cue: You’d better know whether your dog bites.
Protecting a company’s property and people has always been a concern of officers and directors, but since September 11, worries about security have dramatically expanded. As if computer piracy and theft of intellectual property weren’t problems enough, now as never before there are threats that can take lives. How responsible are companies for any harm that might come to their employees or customers as a result of terrorist activity? What are the legal consequences? And what preventive action can companies take? Those are key questions that are being struggled with in executive suites and boardrooms today.
“Because of September 11, everyone is put on notice,” says Dan A. Bailey, a partner in the Columbus, Ohio, office of Arter & Hadden. “A lot of things previously thought unimaginable are now imaginable. This will raise the bar, I fear, on what things directors and officers are supposed to anticipate and try to prevent. No one knows where the lines are drawn, but they are drawn closer to personal liability than before September 11. It’s the old one-bite rule. If your dog bites someone, the first time you’re not liable. On the second bite, you’re liable, because you were put on notice after the first time.”
Some companies have been on notice for quite a while: airlines and other transportation outfits, chemical manufacturers, nuclear plants, food-production companies. Because of prior threats and problems, they are expected to have more rigorous safeguards against terrorist activity than what Bailey calls “plain vanilla” companies—and, in the event of a mishap, are more likely to be hit with liability penalties. But nearly everyone needs to be alert.
“Although few if any direct D&O lawsuits have emerged from the September 11 events . . . directors and officers should take no comfort from that fact in evaluating what they should be doing now [in security matters],” Bailey wrote in a recent report for Ace Insurance Co. “Absent comprehensive and effective planning, directors and officers may face severe legal, public, and moral criticism if the unimaginable happens again.”
Bailey says that lawsuits could be brought by employees and others who suffer bodily harm, property damage, or other injury or economic loss resulting from a terrorist attack. Suits could also be filed by creditors and others who incur damage as a result of a company’s becoming incapacitated. And they could come from shareholders who believe that a company failed to disclose material information regarding its exposure to risk and level of preparedness.
“In any such litigation, potential allegations could focus on the extent to which the D&Os adopted adequate precautions, implemented effective response plans, and appropriately reacted to actual or threatened incidents,” Bailey says.
To protect themselves, companies must first determine what risks they face, says Bill Brumund, who chairs the bioterrorism committee at Business Executives for National Security, a Washington, D.C., nonprofit group that describes itself as a “do-tank.” Brumund is a principal of Atlanta’s Golder Associates Corp., an international consulting engineering firm. Other do-tank members include such corporate heavyweights as Amazon.com founder and CEO Jeffrey Bezos and Citigroup chairman and CEO Sanford Weill. The organization works to encourage public-private partnership on national-security issues like the tracking of terrorist funds.
Basically, risk falls into two main categories. First, there is the need for security in the workplace—protecting your employees and matériel. Then there is the responsibility for security in the marketplace—making sure people are not harmed by your goods and services.
Safety on the job
Obviously companies can’t expect employees to walk around in gas masks all day, says Brumund. But boards should be sure that there are policies for dealing with the risk of terrorism, just as there are policies for dealing with environmental risks. For example, even if a company doesn’t believe it’s likely to be targeted, Brumund says, it needs to have a plan to evacuate and aid employees. John T. Horn, a vice president of Pinkerton Consulting & Investigations, says that many companies are bringing in experts to design drills that give people practice in coping with emergencies.
Attorneys say that companies cannot be expected to provide for every contingency. You won’t be held negligent if you set up offices near the top of a skyscraper, say, even though ground-floor quarters would be easier to evacuate. And it’s not necessary to install an anthrax-detection device merely because you have a mailroom. “The standard generally is that directors and officers are expected to perform as a prudent person would perform,” Bailey says.
One prudent measure, says Edward J. Krill, an employment attorney with the firm of Carr Maloney in Washington, D.C., is to take employment screening seriously. In fact, Krill says, employment-screening firms are so backlogged that companies might get more careful results by doing some of the work, such as checking references, themselves. The aim is to protect a company and those who work for it from people who may be dangerously unstable or may slip into jobs with intent to cause harm.
If an incident does occur and there is legal action against the company, says Krill, the board should be able to show that it acted responsibly by overseeing the establishment of safeguards in advance. He recommends that directors inspect the company’s employee application and evaluation forms to be certain that the information requested is sufficient to ensure thorough background checks and adequate scrutiny of workers on the job. He says the board should also meet with human-resources management and other executives to be sure that policies are in place to protect company personnel and products—and that they’re being followed.
Safety in the marketplace
Each industry has its own set of risks and standards, but all share a responsibility to provide reasonable care for the public. We’ve heard a lot about stricter security at airports and reinforced cockpit doors on airplanes, but the need for action has been recognized well beyond the transportation business. And board members must make sure their companies comply.
Immediately after the September 11 attacks and the subsequent anthrax deaths, Interstate Bakeries Corp., which makes Wonder Bread and Hostess cakes, reviewed its security policies. “There was an awful lot of concern about white powder, and we’re in an industry that deals with an awful lot of white powder,” says Mark Dirkes, the company’s senior vice president of marketing. “We very quickly went through our checklist to see just how tight our security is and how strong our food-safety procedures are.” Those procedures include making certain that the huge tankers of flour shipped to Interstate are unsealed only by authorized company employees, and that there are regular mock product recalls to ensure that a real recall of contaminated goods would be swift and smooth. During the anthrax attacks, in fact, the company had to respond to frequent calls from frightened retailers reporting that white powder was leaking from its product packages. The powder was simply sugar used to coat doughnuts, but Interstate always pulled the products off the shelves.
Companies that work with explosives or other material that might be stolen for use in a terrorist attack must be especially vigilant in protecting their property, says Krill, because they can be subject to “absolute liability if someone gets hurt.” One of the higher-risk industries is chemical manufacturing, and the American Chemical Council is drafting a new, tougher security code. It calls for members to tighten security and use independent third parties to review their efforts. Sandia National Laboratories, for example, is developing a vulnerability-assessment tool that will evaluate a facility’s worst-case scenario on the basis of the difficulty of an attack, the potential severity of the consequences, and the facility’s attractiveness as a target.
