Because stores frequently are victims of shoplifting, security more often is aimed at theft prevention rather than customer safety. Traveling gangs of clothing thieves have been known to steal thousands of dollars of merchandise at a time, costing merchants and their honest customers more for the products legitimately sold. Thus, security is constantly being increased to new levels. In 2004, the CBS news program, 60 Minutes, reported on the loss of thousands of dollars of clothing due to roving illegal Latin American gangs.

Such security may involve uniformed or plain-clothes guards, video camera surveillance, alarm systems (activated by devices in products), locks (for example, furriers often run locked cables through the sleeves of their coats), and similar devices.

Security Hazards

Every type of security provides a risk to someone. Certain types of mechanical detectors may interfere with medical devices such as heart pacemakers, and subjecting visitors or customers to devices might trigger medical incidents. Guards, armed or otherwise, may make mistakes, arresting innocent customers or having the wrong people arrested, exposing security services and stores to charges of false arrest, imprisonment, or malicious prosecution and other personal injury perils.

A perceived need to act can exceed the need to think first. Many private security guards may not be provided sufficient training in crime detection, evidence securing, weapons, and arrest procedures. In a worst-case scenario, an armed guard may shoot someone, exposing the guard service and the store to a wrongful death action and, subsequently, to a potential dispute with an insurer over coverage.

The Hawaiian case, CIA Service Corp. v. W.T.P. Inc. (690 F.Supp., 910 [D. Haw., 1988]), addresses claims arising out of the use of firearms by insureds or insureds' agents. Many courts place the burden of showing that policy exclusions apply to losses on insurers. See, for example, Auto Owners Ins. v. Harrington (212 Mich App. 682, 538 N.W.2d 106 [Mich, 1995]), or USAA v. Sorrells (910 S.W.2d 774 [Mo., 1995]).

Guards who are provided vehicles for their security patrols likewise create liability exposures for their employers. An additional exposure arises when a guard is absent and a loss — a break-in, assault, or other crime — is committed that might have been prevented had the guard been present or more alert.

Mechanical alarms also can be problematic. One New York City study regarding false alarms outlined the tremendous cost and confusion caused by defective fire alarm systems (reported by Barry Furey in the March 1984 issue of Firehouse Magazine). At one time prior to Sept. 11, 2001, more than 1,000 false alarm runs a year were made to the World Trade and Rockefeller Centers. The same is true of malfunctioning burglar alarms that trigger police investigations when no break-ins had occurred. Many cities now are responding by fining home or building owners for false fire and burglar alarms.

Privacy Issues

Invasion-of-privacy allegations often accompany improperly conducted background investigations or claimant surveillance. Badly handled investigations by independent contractor private investigative firms for insurers or self-insurers are a frequent source of litigation. In one case known to the Iconoclast, an investigator misrepresented himself and appeared at a claimant's home late at night to conduct an interview. On another occasion, private investigators trespassed on private property to conduct surveillance of claimants. In a third, the investigator following the claimant was so obvious that she believed that she was being stalked and had the investigator arrested.

In perhaps the most blatant case, an insurer learned that an injured claimant was going to be married and advised the investigative service of that fact. A female operative was sent to the wedding. She was very conspicuous in taking video pictures both during the wedding ceremony and at the reception, to which she was an uninvited guest. The investigator also became intoxicated at the reception and created a scene. Finally, after filming the bride and groom dancing, she departed with one of the waiters.

When viewing the official photos from the wedding, the husband commented, “That cousin of yours sure made a scene.” The wife replied, “My cousin? I thought she was your cousin.” When they found out who the intruder was, they sued the insurer and detective service for the entire cost of the wedding. The case was settled out of court.

One common, and criminal, stunt occasionally pulled by investigative firms intent on filming subjects doing labor when they are claiming disabling injuries is to stage scenes. This may include letting the air out of subjects' tires so that they either change the tires or get someone to change them, or to drop heavy items in the subjects' driveways so that the claimants must lift them out of the way. Besides being unusable evidence in any court of law, the danger of such practices is that if the person truly is disabled, the required activity may exacerbate the injury, resulting in a separate injury claim against the insurer, the investigator, and, perhaps, the insured. It may also result in a punitive damage demand.

Typical of the type of invasion-of-privacy suit that can result from investigation of claimants, newly hired employees, vendors, or customers is that of a California case, Jeffrey H. v. Imai, Tadlock & Keeney (1087167 [Cal. App. 1st Dist, Div. One, 2000]). The plaintiff was injured in an auto accident and sued the tort feasor. A law firm was hired to defend, and it subpoenaed the plaintiff's medical records from a hospital. Within the records that were copied and delivered were several marked, Confidential: Do Not Copy Without Specific Authorized Consent. These included the results of the plaintiff's HIV tests, which were positive.

The plaintiff demanded that all the confidential documents be delivered back to him but, when the matter went to arbitration, two confidential documents were included in the defendant's file. The plaintiff sued for invasion of privacy, and the trial court sustained a demurrer to his complaint. On appeal, the court ruled that California's constitutional guarantee of privacy is broader than that of the federal Constitution, and that it extends to the details of a person's medical history. The fact that the plaintiff was seeking compensation for injuries sustained in an auto accident, said the court, did not obviate his expectation of privacy relating to his HIV status.

A number of privacy suits under the Freedom of Information Act have been instituted against the Department of Homeland Security, the Federal Bureau of Investigation, and others, arising from the way that they have handled privacy issues. One involves the means by which federal agencies sought information from various airlines regarding their passengers and later disclosed this information to a defense contractor and to Transportation Security Agency contractors.

Legislation has been introduced in Congress to consider the use of biometrics in airport access control. This would include factors such as fingerprint or hand geometry reading. Suits involving the Justice Department also specify the Patriot Act and the TSA's Computer Assisted Passenger Profiling System. See, for example, Electronic Privacy Information Center v. Dept. of Homeland Security (Civ. No. 04-0944 [D.D.C., 2004]), and other EPIC cases.

Other privacy suits involve challenges to the Maryland DNA Collection Act, which allows the state to collect DNA samples from committed felons and even those guilty of certain misdemeanor offenses, and a similar suit from a parolee whose DNA was destined for inclusion in a nationwide DNA data bank (Maryland v. Raines, Sept. Term, 2003, Case 129, [Md., 2004], and United States v. Kincade [rehearing granted] 02-50380 [9th Cir., 2004]).

“Not since the 1968 Banking Law enactment have we seen such scrambling … to establish security procedures,” wrote Darrell Wilson, security director for Truliant Federal Credit Union in Winston-Salem, N.C. (“Developing an All-Inclusive Security Program,” Security Director News, July 2004). “With the 9/11 attack, terrorist threats, and the newly enacted Patriot Act, credit unions and other financial institutions have scrambled to make sure that they have the necessary security in place to comply with the new laws.

“Many institutions are finding that the old attitude of just appointing anyone as a security director or hiring a law enforcement officer is not the answer,” Wilson continued. “Security programs are built by professional and dedicated individuals who have expertise in many areas [including] IT, alarms, access control, digital video operation and installation, as well as extensive investigative experience.” He suggested that financial institutions plan at least five years in advance for what they will need in terms of security procedures and technology.

However, another commentator believes that corporations are doing too little in the wake of the 2001 terrorist attacks to prepare for better security. In the June issue of the same publication, Todd C. Vigneault, general manager of InterTech Group in Elmhurst, Ill., noted that, although budgets for security have increased by 10 percent since Sept. 11, 2001, many organizations have decreased their security postures. “Security management positions are part of reduction-in-force packages or are being subcontracted due to economies and corporate policies,” Vigneault said. “Budgets for the bulk of corporate America are not increasing in the areas of disaster recovery and asset protection. The response to depressed profits and an over-adjusting market has been placing protection needs on hiatus.” The time and energy spent by corporations preparing for the Y2K crisis, “a catastrophe that never occurred,” should be duplicated in anticipation of potential disasters, such as terrorist attacks.

Managing Exposure Risks

For any firm with a security exposure, how it handles that exposure will determine whether it can succeed in avoiding a security loss or resulting litigation. Good risk management offers many options. Commercial entities often can transfer some of the risks associated with security to independent contractors or others, who then may become responsible if losses occurs. Contractual agreements shifting the exposures, whether for liability to third parties, injuries to employees of either the contracting security provider or the entity retaining the service, should be drawn carefully to avoid any ambiguities. For example, if an employer uses a temporary employment agency that is fully insured and bonded, to include workers' compensation, many of the risks to or from that employee are transferred to the employment agency.

In these situations, however, the entity using such a service must be certain that the contracts provide the protections needed, and that these are supported by valid and collectible insurance on which the entity is named as an additional insured. Any insurance coverages also should be reviewed by the hiring entity, as special endorsements may be needed to assure that the coverage will apply to security-related situations. For example, although a commercial general liability policy almost always includes “personal injury” perils, such as false arrest, not all types of public liability contain such coverage. A policy that covers only bodily injury and property damage may lack the specific type of coverage that would be needed for a security risk.

Hold harmless and indemnification agreements must clearly spell out the risks being transferred by one party and assumed by the other. Mere exculpatory language (“X will not be responsible for …”) may prove insufficient, as it is simply an agreement that one party does not assume liability. Hence, in a loss, it can be argued that the other party had assumed such liability. It also is necessary to watch how clauses such as waivers of subrogation may function, for, as noted in the cases cited above, if a security contractor's policy must respond to a situation, it may retain a right of subrogation against any other tort feasors involved in that situation.

Ken Brownlee, CPCU, is a former adjuster and risk manager, based in Atlanta. He now authors and edits claim adjusting textbooks.