Crime & Premises Liability: Assessments & Defenses

When considering how to limit crimes by third parties, or at least limit the liability exposure from such, there are three basic approaches: pre-incident assessments, post-incident investigations, and legal defenses. Each approach is distinct. Each approach, however, is interrelated to the others. For example, if there was no pre-incident assessment, then this will affect the post-incident investigation, which in turn relates to the legal defenses and theories tied to the case. Each of these approaches will be presented independently, but keep in mind that they are interrelated. This will become more obvious when combined or assessed with legal defenses and theories.

PRE-INCIDENT ASSESSMENTS

Specific security assessment techniques have been advocated for many decades. In the past few decades, however, the amount of attention paid to this issue has significantly increased. Thompson, for example, has proposed various measures for avoiding liability. These include the following:¹

1. Develop pre-employment screening procedures.
2. Maintain security personnel training standards and document these training sessions.
3. Be familiar with the neighborhood and crime data of the surrounding community.
4. Maintain close working relationships with local police.
5. Emphasize that security officers must remain active and visible at all times.
6. Develop comprehensive security plans.
7. Maintain extensive record keeping and documentation of complaints and crimes within the facility.
8. Document every step in the security process.

These factors have been cited in numerous security surveys and risk assessments. While these can be complicated endeavors, some general factors common to security surveys and risk assessments will be outlined. For starters, while there some distinctions between a security survey and a risk assessment, this analysis will characterize these as being similar tools. Probably the most defined distinction between these tools is that risk assessments tend to be more comprehensive, both in terms of its scope and its sophistication.

In general, the desire to manage risk is a baseline goal. Risk management can be defined as a "systematic, analytical process to determine the likelihood that a threat will harm physical assets or individuals and then to identify actions to reduce risk and mitigate the consequences of an attack."² The first aspect of the assessment regards the sources of threats, which can be either internal or external.³ Sources of threats can be generally categorized as human errors, system failures, natural disasters, and malicious or violent acts. This last threat is the source of the security exposures addressed in this article.

It is important to assess the assets within the organization that are subject to these threats. A typical analysis would categorize assets to include the following broad areas:

1. People
2. Money or other liquid capital
3. Information
4. Equipment
5. Finished/unfinished goods
6. Processes
7. Buildings/facilities
8. Intangible assets such as intellectual property

Once these assets are identified and categorized, the next step is to specify risk events and vulnerabilities. This assessment is designed to identify the types of incidents which could occur at a site. This typically based on a number of factors, including previous incidents at the site, incidents at similarly situated sites, incidents common to the particular industry or geographic location, and recent developments or trends.⁴ In this way, vulnerability assessments identify weaknesses that may be exploited by specific threats, and then suggest options that address those weaknesses.⁵ These risk events and vulnerabilities are further subdivided into three categories: crimes, non-criminal events, and consequential events. For the purposes of this article, the most relevant category relates to crime. In order to assess the vulnerability to crime events, there are numerous data sources that may be relevant, including the following:⁶

• Local police crime statistics and service calls
• Uniform Crime Reports (UCR) complied and published by the FBI
• Internal security incidents and crime reports
• Demographic data such as economic conditions, population density and transience, and unemployment rates
• Prior criminal and civil complaints brought against the firm or enterprise
• Data and information from professional associations related to industry specific problems or trends in criminal activity
• Other environmental factors such as climate, site availability, and the presence of "crime magnets"

Once these factors are assessed, the next step is to assess the probability and criticality of the threats in relation to the particular assets. Probability is defined as "the chance, or in some cases, the mathematical certainty that a given event will occur, the ratio of the number of outcomes in an exhaustive set of equally likely outcomes that produce a given event to the total number of possible outcomes."⁷ In essence, probability is based on the likelihood that the threat would occur. This is classified from high probability (expect occurrence), to moderate (circumstances conducive to possible occurrence) to low (unlikely occurrence). Criticality is defined as "the impact of a loss event, typically calculated as the net cost of that event."⁸ Essentially, criticality means the value of the asset and the extent of the impact of such on the organization. Criticality is further subdivided into three categories:

• Devastating-catastrophic
• Moderate-survivable
• Insignificant-inconsequential

If the asset is deemed so critical that its loss would be devastating or catastrophic to the organization, then even if the probability of the threat is low, the organization may desire to focus certain amount of security resources and personnel to keep the threat from being realized. Conversely, if the threat probability is low, and the asset criticality is insignificant, there is very little reason why an organization would devote security resources and personnel in an attempt to prevent its occurrence. This is because even if the incident did occur, it would have only an insignificant or inconsequential impact. Hence, why care about threats that do not manner?

Of course, any threat that results in harm to an employee, customer or any individual cannot be deemed as insignificant or inconsequential. Even the lowest-paid employee, who may be readily replaced by the pool of prospective employees, is a critical asset in terms of security liability. Indeed, the costs of not protecting the employee may be substantial. These include not only tort-based damages, but also public relations and reputational damages, adverse employee morale, and disruption of operations.⁹ Consequently, all people in the premise, whether employees, customers, vendors, agents, and possibly even trespassers, must be considered a critical factor in this analysis.

While it is impossible to protect all people at all times, the typical legal standard is to provide reasonable and prudent security methods based on the circumstances. Generally, the level of security methods should be commensurate with the level of risk. The greater the risk of harm, the more security methods deemed necessary. In security parlance, when security methods are implemented, it is termed "mitigation of risk."¹⁰

A more specific threat assessment tool is known as a Predatory Prevention Matrix. This matrix has four components: Policy, Control, Risk, and Phases of Attack.¹¹

1. Policy: the key is to assess all company policies in light of security exposures, or the specific incident or crime that occurred. Here the focus is on how security methods are advanced and implemented. The objectives of each policy should be communicated to all employees, as to obtain their "buy in."

2. Control: once these policies are articulated and implemented, the key here is to show the interaction between the policy and control mechanisms. Stated another way, the goal is to show that the policy was developed and revised. This is shown through the documentation and assessment measures, which include the following:

1. Documentation that explains the nature of the security problem or exposure
2. Measures used to track the problem, such as reports, surveys, audits, and liaison with policing agencies
3. An assessment of how this information is actually used, and a plan for updating the policies and procedures in light of the assessment measures mentioned above

3. Risk: with this component, it is important to show that the policies and documentation were used to determine risk and to attempt to reduce criminal opportunities. The key is to demonstrate that preventive methods were used to assess and reduce risks, including crime. In order to do this, it is important to use the logic from criminological theories summarized earlier. Specifically, there are three elements of risk:

1. Criminal intent
2. Criminal capacity
3. Opportunity (this is the only controllable factor):

The opportunity element of risk is typically broken down further into either random or nonrandom opportunity. In order to reduce liability, the defendant should show the crime was random. Conversely, if the crime was not random, a premeditated opportunity by the offender is implied. If the crime was premeditated (nonrandom), one may infer that the offender took advance notice of the security weaknesses of the environment, and committed the crime at the location because of that weakness.

4. Phases of Attack: an assessment of this helps to determine if the crime was random or premeditated (non-random). There are three phases to an attack:

1. Invitation: This is viewed as any situation that prompts a criminal to initiate the crime. Any number of factors, such as poor lighting, broken window(s), lack of security hardware or controls, and even an open door may constitute an invitation.
2. Confrontation: This is anything that makes the invitation less attractive. The logic of this factor is based on the fact that if the criminal does not face sufficient confrontation, then the opportunity will not be reduced or removed. Without such confrontation, it becomes probable that crime will occur. Here a confrontation can be something as simple as a light turning on (or being on), a security officer (or other "guardian") turning the corner, or even a locked door.
3. Time: This phase entails a time sequence. If there is sufficient time for security to intervene, then crime was not spontaneous or random. Generally, if all three phases of the attack occur within a few seconds, then it follows that there was insufficient time to prevent the event, making the crime unpreventable - and probably makes the crime considered to be spontaneous or random.

In assessing the viability of this matrix, in terms of its ability to affect crime decision making, it is important to ask certain questions:

1. Are security policies, and methods in place at the property or business?
2. If they are in place, are they fully implemented and assessed?
3. Is there documentation to support the adherence to these policies and methods, along with their continued viability?

These questions go to critical principles. For example, simply having a security policy or a security method may not be an effective defense. It must also have been fully implemented and communicated. In addition, the mere existence of security personnel is not an effective defense. Instead, the key is whether the security officers were properly trained and continuously informed, with their feedback considered. These factors must be supported with ongoing documentation.

Most security surveys and risk assessment entail extensive use of checklists. In order to get a better sense of the scope of these tools, the following items are typically assessed. Keep in mind that these items are also often assessed in post-incident assessments, because this information is critical in determining whether a property or business owner contributed to a reasonably safe environment.

One key factor in conducting a security survey or risk assessment is to think of the protected property in terms of its threats and corresponding risks to assets within the environment. In order to protect assets from known threats, it is necessary to implement controls to counter the threats. These controls typically are subdivided into three general categories: personnel management, technology and information security, and physical security. Each of these categories has its own set of applicable controls. However, as with other aspects of security, these controls must be integrated into a cohesive mixture of policies, personnel, and technology. This integration is often pictured as "layers" of security. These layers are designed to provide protection for diverse assets against different threats.

When assessing physical security, the goal is to provide layers of security. These layers can be pictured as circles that extend progressively inward from the perimeter of the property. Indeed, as the threats become more lethal, the desire may be to expand the perimeter even beyond the property line. One way to expend the outer perimeter is to employ security personnel and security technologies on the public way. Suffice to state at this point, the more the perimeter is expanded with security controls, the greater the ability to control threats to the protected facility. Hence, think of the perimeter in terms of the classical historical example: where the thick and high walls of the castle were encircled by a mote filled with water and predatory fish. While this perimeter does little to prevent crime from those who belong within the environment, such as employees, clients, customers, and vendors, it does provide the initial layer of protection for the environment. Consequently, it is often critical to expand the perimeter as far beyond the protected facility as possible, and to control access within this perimeter allowing only people who have a legitimate purpose to gain entrance.

This perimeter of the property represents the first layer or the large concentric circle. As one moves inward from the perimeter, there should be various security methods used to further control access. These security methods include security personnel and personnel policies. When considering physical security methods, the following should be considered for implementation and inspection. In this way, the condition and functionality of each aspect must be thoroughly documented.¹²

POST-INCIDENT ASSESSMENTS:

If crime or other misconduct occur within the protected facility, it is critical that proactive assessments be part of the response plan. Particularly if the crime is of a violent nature, there is often much confusion and disruption associated with the incident. This can create stress for the organization's employees, customers, and decision makers. Indeed, the involvement of police, media, and prosecutors is likely to exasperate an already stressful situation. Thus, confusion will typically rule the day. As a result, it is critical that decision makers take an active role in the response. While it is obviously necessary to tend to the needs of the people affected, it is equally vital to consider the effect of the incident on business continuity, organizational morale, and public relations, to name a few key concerns.

Unfortunately, even while these issues are being addressed, the liability exposure related to the incident must also be considered. The extent and scope of the response will depend on the situation at hand. When this response is being considered, it is useful to think in terms of what a jury would see at a trial. Some readers may see this as a rather clinical or even callous view of a response plan, particularly when the incident involves injuries or deaths. However, from my perspective, the sooner one places the matter into a civil liability context, the more professional and appropriate the response is likely to be. This assertion requires further elaboration.

Suppose that a robbery at the business results in the murder of an employee. As tragic as this event is to the employee's family, friends, and coworkers, it also represents substantial potential for liability exposure. The sooner the event is viewed as a liability, the more likely that rational thinking will prevail over emotion. Granted, it is necessary to accept and endure some measure of emotion and grieving. Emotion is indeed necessary and appropriate for the grieving process. This being said, corporate decision makers must relatively quickly begin to assess the crime from the perspective of a trial.

In this scenario, of course, it is critical that the business work closely with police during the preliminary and investigative stages of the crime. It is suggested that corporate security personnel, or even security consultants, participate with the police investigation. While the level of cooperation often depends upon the seriousness of the crime and the skill levels of the parties and agencies involved, some basic principles may help guide the response plan.

The first principle is to treat all parties affected by the event with dignity. Obviously, this entails sympathy and care for the injured or the family of those who died. This empathy should be sincere and manifested in personal, humane, and financial ways. It is important to include coworkers, customers, and others who may also have been affected by the crime. Showing empathy enhances the sense of dignity for all involved. Empathy can be shown in any number of ways: from personal visits to providing food and flowers; giving employees time off from work; paying for medical, rehabilitation, or burial costs; and by genuinely respecting and caring for the needs of those affected. This level of concern should be shown regardless of whether litigation is anticipated or even if it is threatened. In other words, do the right thing not because it may help avoid litigation, but rather simply because it is the right thing to do.

Indeed, even if the incident results in litigation, demonstrating empathy and respect to all those affected is likely to have a positive impact on the jury. The jury will know that the company cared about those affected by the crime. It is not a far stretch to connect this post-incident approach with the attitude taken by the company prior to the crime. In this sense, if you care about people after the crime, a jury will be more willing to accept that you cared about the well being of people prior to the crime. This has a positive effect on both the liability assessment and on the damage phase of the trial.

The second principle is to attend to the dignity of those involved without getting enmeshed in the cause(s) or the blame of the crime. This is particularly relevant to the victim and the family of the victim. It is inevitable that during the trauma and grieving related to the crime, emotions will turn to assign blame for the crime. Company representatives must not get involved in discussions about who was to blame, what "caused" the crime, or how it could or should have been prevented. It is critical to stay away from these issues. However, if some response is impossible to avoid, then the blame for the crime should be placed on the perpetrator of the crime. If this is deemed appropriate, it should be firmly asserted and then dropped. Do not dwell on this issue. Instead, focus the conversation and attention to the needs of the victim, and the well-being of those affected. It is unwise to dwell on the "blame game." It can be problematic to both the potential for and the implications of future litigation. Consequently, the best practice is to focus on human needs, not human emotions.

The third principle is that the response should mirror the methods and theories of the potential lawsuit. Indeed, whether or not a lawsuit is anticipated, the best practice is to prepare for one as soon as professionally possible. This assertion holds true for the company where the harm occurred as well as for the injured party. Whether the party involved is the potential defendant or the potential plaintiff, I recommend engaging a security expert to investigate and systematize the relevant facts of the incident as soon as possible. This assertion is almost the exact opposite of what is typical. More often than not, both sides typically wait until the last possible moment to engage an expert. Often, the reason for the delay is financial, since both sides do not want to spend money until they have to. The natural human tendency to hope that litigation will not be necessary may also be involved. Unfortunately, both justifications are illogical and are generally unrealistic.

The failure to engage an expert immediately after the incident almost inevitably results in a tactical and strategic failure. From a tactical perspective, a prompt and professional response strongly demonstrates that the event is being taken seriously. Ironically, when a party fails to engage professional resources to deal with the situation, this lack of response sends the worst possible message. The other party will read this message either as "you do not care how this occurred" or "you are not willing to prevent this from happening again." Conversely, the party that responds promptly and professionally, sends a message that speaks from a position of strength: If a lawsuit is filed, the defendant or the plaintiff (depending upon who is initiating the response) will have a decided advantage. This advantage is based on the evidence and analysis that will be in place to defend or prosecute the case.

From a strategic perspective, the collection and analysis of the facts and circumstances immediately following the incident is critical for evidentiary purposes. For example, the more time that passes after the incident, the less value photographs, interviews, and site inspections will be. Indeed, a direct counter to these untimely investigative techniques will inevitably be made. Even if the police use and document these same investigative techniques, the expert will be required to defend his or her opinions when based on such evidentiary material. Of course, experts are often forced to base their opinions on these secondary sources, such as police investigative material. From the perspective of the expert, and of "best evidence" practice as articulated in civil procedure,¹³ it is certainly advantageous for experts to base opinions on their own work product and on first hand observations.

Consequently, the engagement of the expert immediately following the incident will facilitate the timely collection and documentation of facts and circumstances as they existed at the time of the incident in question, or shortly thereafter.

With these principles articulated, there are numerous investigative or consultative methods that can be addressed. Depending upon the specific facts and circumstances, some of the items that follow may be irrelevant, while others may need to be delved into more extensively. In any case, these items are listed to provide more specific guidance beyond the underlying principles. Included in these techniques are the physical security measures itemized above in the pre-incident assessments. These techniques coupled with the following items should be considered:¹⁴

• Conduct title searches of the property (vehicle, real, and personal) involved in the incident. These title searches should also include inquiries into prior ownership and recent transactions, prior criminal incidents, security measures previously used, and any other information related to the property.
• Collect and analyze police reports and crime information. This entails the following:
• Police case, arrest, investigative supplementary reports
• Crime scene sketches and photos
• Dispatch logs and 911 tapes
• Witness statements
• Crime data for the location and surrounding area
• Police case, arrest, investigative and supplementary reports for prior crimes at this location and similar crimes in the surrounding area
• Uniform Crime Reports (U.C.R.) for crime data in area
• Crime reporting and trend analysis through CAP Index or a similar firm
• Policies and procedures of the company, particularly those relating to security
• Security incident reports or documentary related to prior crimes or complaints of misconduct or security concerns
• Any other relevant information and data related to the incident
• Collect newspaper articles related to the incident (headlines or news reports can be excellent and powerful exhibits for a jury)
• Obtain census data on relevant factors including the following:
• Unemployment rates
• Poverty levels
• Property values businesses and locations in area
• Demographic makeup of the community
• Obtain industry/trade journals and periodicals that contain the following:
• Crime prevention articles
• Past articles on crimes similar to the incident in question
• Industry standards for security and crime issues
• If security personnel were employed at the location, consider evidence of their security practices and standards, such as the following:
• Hiring policies and practices (including background checks and employment criteria)
• Training policies and standards (including any related documentation)
• Personnel file of security officers and supervisors present at the scene
• Company policies and procedures relating to the administration and operation of the firm (contract security) or of the security department (proprietary security)
• Post orders and other site-specific security methods (including any related documentation)
• Time and attendance policies and related documentation
• Crime and incident reporting policies and procedures (including any related documentation)
• Contract and related legal documents (if contract security firm)
• Bargaining unit agreement and related documents (if unionized employees)
• Assess whether any building or health code violations or deficiencies are present at the location or previously been filed at this location.
• Obtain blueprints, surveys, and/or aerial photos of the location
• Conduct site surveillance, recording and noting the following:
• Type and method of security measures used
• Hours and methods of security posts and patrols
• Number and appearance of security personnel
• Relative visibility of security personnel and measures in light of the traffic patterns and frequency of visitors, customers, and employees
• Presence of loitering teens, suspected gang members, or drug transactions
• Presence of disorderly conditions such as noisy individuals, loud music, reckless or excessive vehicle use and operations
• Conduct site inspection, recording and noting the following:
• Initial walk-through to gain perspective
• Photo and/or video record the property and crime scene
• Consider blind spots, hiding areas, and design features of the property
• Assess appearance of the property, including presence of graffiti, alcoholic beverage containers; containers and wrappers commonly used for illicit and illegal drugs; broken windows, trash, or other evidence of disorderly conditions
• Record the activity in adjacent and surrounding areas, including any commercial activity, any disorderly conditions, and the security measures and personnel used (if any)
• Create site plan and sketch noting all relevant features
• Interview all relevant parties including the property managers and previous owners, reporting and investigating police officers, security officers and supervisor present at time, and any witnesses and the victim(s) (if possible), seeking the following information:
• The sequences and circumstances of the crime
• Prior criminal activity
• Prior security-related complaints
• Prior security related incidents
• Knowledge of any previous lawsuits
• Information of any changes in security methods or personnel (prior to crime)
• Information of any changes in security methods or personnel (subsequent to crime)
• Information relating to former owners, tenants, or businesses at location
• Any concerns about security or personal observations prior to the crime
• Interview offender(s) if possible, asking the following questions:
• Did you act alone or with others (who were the others)?
• What factors influenced your decision to commit the crime (victim perceived as easy mark, ease of escape, remote or isolated location, site lines, lack of security, or lighting, etc.)?
• Were you loitering on the premises before crime (how long, who present, where, etc.)?
• Had you visited the location previously (day, week, month, frequency)?
• Did you notice any security measures, such as cameras, guards, cash handling, access controls, etc?
• How long did it take to commit crime, how long did you think about committing the crime?
• What is the frequency of crime in the area?
• Have you committed any previous crimes at that location?
• Have you committed any similar crime at another location?
• Is there any other relevant information that would shed light on the incident and the decision to commit the crime at this location?

In summary, the desire of this assessment is to obtain as much information about the location, the circumstances surrounding the crime and the criminal decision, including any information of previous crimes in and around the location. As this information is collected, documented, and analyzed, consider criminological theories, threat and risk assessment methods, security measures, and relevant legal theories and elements of the cause of action (or possible cause of action). The goal is to understand everything possible about why the offender decided to commit the crime and the sequence of its commission, what features and history of the environment may have contributed to the crime, how security measures may have contributed to or prevented the crime, where the offender and security measures were located, and like questions. The engagement of these questions, through documents, information and analysis, is the goal of this process.

LEGAL DEFENSES AND THEORIES:

This section will complete the analysis related to premises liability or negligent security. As articulated above, the assessment of these claims requires a pre- and post-incident analysis that considers the facts of the case in light of the legal standards used by the relevant state court to determine liability. While there is no perfectly objective way to accomplish this challenging task, the more one can articulate relevant facts to applicable legal tests, the better the chance of a successful litigation. Indeed, the better you understand the legal standards of your state, the more suitable your security methods should be. This interrelationship between the facts, the law, and security methods manifests itself throughout this article. The effective application of these principles and this interrelationship in real life circumstances requires a delicate balance between the art and the science of security law.

In this process, the assessment is as follows: Determining the applicable legal standard in relation to the crime versus the duty of care imposed upon property owners to protect those who are affected by the crime. In legal terms, this is often decided based on by the concept of foreseeability. Most people would agree that this is both an objective and subjective consideration. The objective aspect is to use one's life experiences to determine what a reasonable person would do in any given circumstance. The subjective aspect is the particular bias or "worldview" each person possesses. While the legal system seeks to limit, if not negate, subjective considerations in favor of an objective standard, it is virtually impossible to completely eliminate the bias contained in all people. Indeed, the system tacitly acknowledges the implications of subjective considerations when it allows jury consultants to help litigation attorneys select a jury. Of course, these consultants attempt to populate the jury based on personal characteristics favorable to the particular litigant (either plaintiff or defendant). Further, procedural techniques such as venue and forum can be used to steer the trial toward a particular demographic (e.g., socioeconomic, racial, cultural, etc.) that reflects characteristics of parties in the lawsuit. Finally, jury selection techniques such as preemptory challenges and jury questionnaires are also designed to screen juries with actual or potential biases from the trial. In any event, the key here is to understand that the legal system seeks to facilitate objective standards, but it cannot completely eliminate subjective considerations.

This issue of objective versus subjective often becomes relevant in security-related claims, particularly in the application of the legal standard and of legal defenses. In terms of foreseeability, which is a critical component of duty, many in urban America view crime as a natural result of human interaction. These people often see and hear of crime, particularly in new reports, on a daily basis. To those with this worldview, crime is foreseeable because it is around them every day. In terms of foreseeability, this cuts both ways. Those who see almost all crime as "foreseeable" generally view the use of security methods to counter crime from one of two extreme perspectives. Either they regard security methods as useless (since crime is inevitable) or their demand for them is limitless (in a desperate attempt to control crime). The "proper" amount of security, of course, is somewhere between none and Fort Knox. This determination is at least partly dependent on one's worldview.

Conversely, there are still people who are "shocked" when a crime occurs on their block or in their work site. These people tend to live their lives with the subjective notion that crime does not happen here. Indeed, crime is something that will "not happen to me." To these people, crime is the plight of others, typically the downtrodden, the poor, and the lower classes. While it is statistically true that crime, particularly violent and predatory crime, occurs in poor communities at a higher rate than other socioeconomic areas, the threat of crime is not limited to poor areas. Indeed, some criminals target more affluent communities and businesses because the assets are greater and are more commonplace. Consequently, the relationship between worldview and the legal standard of foreseeability must be considered.

This relationship is minimized in civil litigation because the issue of foreseeability is often a legal question for the court. This means the judge may be asked, through either a motion to dismiss or a motion for summary judgment, to assess this question as a matter of law. Hence, each of the legal standards articulated in this article can be initially decided by the trial judge. In practice, the trial judge is to assess the facts derived from the lawsuit (such as deposition testimony, affidavits, and documentary evidence) along with the assertions in the complaint in making this determination. This question is most typically determined in the summary judgment stage of the litigation. The standard for summary judgment is whether "any genuine issues of material fact exist."¹⁵ The court is to rule as a matter of law to determine whether the plaintiff has presented enough evidence to allow the case to go to the jury. This is designed to filter out cases that are not supported by the requisite amount or scope of facts compared to the legal standard in the state. In legal parlance, this is known as "surviving summary judgment." The key assessment in premises liability or negligent security cases is whether the legal standard of duty - usually through foreseeability - has been demonstrated by the plaintiff. Indeed, it is the plaintiff's burden to show this. In theory, the judge makes this determination without personal bias, and in accord with the legal standards established in the state. However, there are dilemmas that arise when one compares theory with practice.

First, as evidenced by an analysis of legal standards, the application of legal standards is somewhat fluid and artful. It is fluid because courts are still crafting standards to reflect the "public policy" of the state. In this way, the legal standard operates as a baseline for courts to determine when and how business and property owners are liable for the crimes of others. This determination encompasses a myriad of potential factors. Indeed, what constitutes "sound" public policy is a rather nebulous combination of politics, economics, education, urban planning, and a host of other disciplines. In this sense, the worldview and biases of the decision makers are inevitably attached to this policy determination.

The legal standard for liability from crime may be lower in a liberal state. In this mind-set, public policy and legal decision makers would be more inclined to accept the notion that responsibility should be shifted to others, who have the financial resources to care for others - particularly innocent victims of a crime. Conversely, in more conservative states, public policy considerations and the applicable legal standard may focus on the notion of personal responsibility and accountability. This may be extended to those victims of crimes, even if they may not have been able to prevent the crime by their own devices. From this point of view, those who have contributed to the occurrence of the crime, through their own negligence or improper decision making, are less apt to find "public policy" reasons to provide them with a legal benefit. Consequently, the appropriate application of legal standards based on public policy considerations is a very difficult assessment, replete with a complicated mixture of sophisticated disciplines and personal and judicial preferences. As will be demonstrated throughout this article, a similar combination of diverse and difficult assessments must be made on the "proper" application of security methods.

Second, the assessment of appropriate legal standards may be ambiguous because these cases are very fact-specific. As with any discipline that is fact specific, the ability to discern definitive standards is complicated by the mix of facts involved in the assessment. Since facts do not always line up clearly, they are often hard to classify according to a legal standard. By way of example, consider the question of foreseeability. Aside from the different standards used by different states, typically the answer to this question requires the court to consider the number and types of prior crimes, the extent of crime in the larger community, the difficulty involved in preventing the particular crime, the nature of the business, the security methods typical in the particular industry, and numerous other factors. Getting an accurate assessment of all these factors, and then cleanly articulating them into an objective legal standard, is an intellectual challenge for courts and for the legal system.

Going beyond this challenge, another consideration in security cases relates to legal defenses. Legal defenses are factual assertions designed to limit or negate liability. They are affirmatively pled facts that go to the existence or the amount of liability. In order to assert a legal defense, the defendant would have to plead the specific defense in its answer to the plaintiff's complaint. The timing of this assertion typically occurs at the filing of the answer, or later in an amended answer. While the procedural requirements of legal defenses are beyond the scope of this article, it is sufficient to understand that legal defenses must be affirmatively pled in order to be applicable. The most common defenses in security-related claims are contributory negligence and assumption of risk.

Contributory negligence is the failure of the plaintiff to exercise due care for his or her own safety. This defense is similar to the duty imposed on the defendant. In each instance, the actor is required to exercise the requisite care as a reasonable and prudent person under the circumstances. As we have seen earlier, the defendant has a duty to the plaintiff based on this standard. In the defense of contributory negligence, the plaintiff has a duty to exercise caution for his or her own safety, as any other reasonable and prudent person is required to do. In this sense, the plaintiff has a duty to protect him or herself. When the plaintiff fails to do so, the defense may be applicable.

In contributory negligence states, if the plaintiff is deemed more than 50 percent negligent, then he or she is barred from recovery. In making this assessment, the difficult question is how to assess the respective degrees of fault. For example, in a litigation resulting from a robbery in an isolated section of a public parking facility, the question of contributory negligence may manifest itself in various ways. In this assessment, the actions or inactions of the plaintiff may be relevant. Did the plaintiff pay attention to the circumstances as he or she approached the vehicle, or was the plaintiff blissfully ignorant of the approaching offender? Did the plaintiff have the vehicle keys ready to enter the vehicle, or was he or she fumbling through pockets or purse compartments for keys? Did the plaintiff ask for an escort from security personnel or parking attendants? Did the plaintiff park in an isolated section of the facility because that was the only spot available, or was it a decision based on the desire to keep the vehicle from being dented by others entering and existing their vehicles? These questions, and may others, illustrate that there is no "clean" way to differentiate, for example, whether the plaintiff may have been 40 percent or 60 percent negligent in any given fact pattern.

With this analysis, the degree of negligence assigned to the plaintiff is then deducted from the jury award. For example, if the jury finds liability totaling $100,000.00, with a finding of 30 percent contributory to the plaintiff, then the award will be reduced by this amount ($100,000 minus $30,000 [30%] equals $70,000). In this formula, the finding of contributory negligence of 30 percent acts as a setoff from the total damage award. Remember, if the plaintiff is more than 50 percent negligent (in contributory negligence), there is no set-off, because any degree of negligence beyond 50 percent would negate any recovery by the plaintiff. If, however, the defendant is deemed to be willful and wanton, the plaintiff's contributory negligence will not be considered, as willful and wanton conduct serves to bar evidence of plaintiff's negligence.

Closely related to contributory negligence is comparative negligence. Comparative negligence also proportions liability based on respective fault. Unlike contributory negligence, however, there is no cutoff for degrees of negligence beyond 50 percent. Here the damage award is divided based on the degree of fault assigned to the plaintiff. In this way, the plaintiff could be deemed 70 percent negligent and still recover based on this proportional formula ($100,000 recovery minus $70,000 [70%] equals $30,000 award).

Another legal defense is known as assumption of risk. In this defense, the court considers whether the plaintiff voluntarily consented to encounter a known risk. Generally, in order to assert an effective defense, three elements must be shown:¹⁶

• Plaintiff knew of the particular hazard
• Plaintiff appreciated the risk of harm
• Plaintiff willingly encountered or accepted the risk

In assessing these elements, the burden is on the defendant, who affirmatively pleads the defense, to show that the plaintiff knew of the risk, appreciated the harm it posed, and willingly accepted the risk. As is typical, these are very fact-specific assertions. There are many circumstances in which this defense is relevant. For example, consider a security firm that engages with a client to protect a property located in a high-crime area. If an employee of the security firm is subsequently injured by an armed intruder, the owner of the property would likely assert an assumption of risk defense if the employee of the security firm sued on a premises liability claim. The logic of this defense is that the security officer knew of the hazard of crime in the area, appreciated the risk, and willingly accepted such by the very nature of the employment. In essence, being employed as security to guard against known threats is part and parcel of the job. If the defendant can show this defense, this acts as a complete bar to the cause of action. Of course, in this scenario, workers' compensation statutes may also bar the tort claim.

The final aspect of a premises liability or negligent security case requires some assessment of the specific legal tests within the particular jurisdiction. For example, if the case occurred in a state with a totality of the circumstances test, then the plaintiff and the defendant are required to analyze the facts in a broad light. Since this test is designed to take into account all the factors associated with the incident, any and all factors deemed relevant should be assessed. Of course, in this analysis, the plaintiff would seek to emphasize each factor that would make the crime foreseeable and preventable, while the defendant would emphasize factors that appear to make the occurrence of the crime remote, unusual, and unpreventable.

Similarly, in a known aggressor and imminent danger test, the plaintiff would emphasize factors that demonstrate the offender posed a known danger, either by past incidents, verbal threats, criminal history, or even violent propensities. On the other hand, the defendant would seek to show that any threat posed by the offender was unknown, speculative, or unconnected to the crime. In this way, both the plaintiff and the defendant must be prepared to present the facts in accordance with their position. This is so regardless of what legal test is used.

Looking at this dynamic in a general manner, the plaintiff seeks facts to illustrate that the crime was foreseeable and preventable. The defendant, conversely, seeks facts to illustrate that the crime was not foreseeable and was not preventable. In each case, both parties must be prepared to fully investigate the facts surrounding the incident. Both parties must then articulate and present the facts in light of their respective interests. This, in essence, is the nature of the adversarial system. Depending upon the position one takes of this system, the approach can be viewed as either fortunate or unfortunate.

Regardless of your particular viewpoint, one feature that is not subject to much debate is that crime creates tragic and far-reaching implications in society. The "correct" way to remedy the impact of crime poses extraordinary legal and public policy questions. There are reasonable people and arguments on both sides of the issue. Some people desire to provide crime victims with the benefits of a liberal system designed to transfer the costs and responsibility of crime prevention to property and business owners. In this way, the costs of increased security methods are then further transferred to customers, clients, and even to insurance carriers. With this mind-set, crime victims should be provided legal remedies. These remedies, in turn, provide the incentive for the property and business owners to institute appropriate security methods. These security methods, in turn, are designed to reduce crime in and around the property or the business. The costs of this increased crime prevention, in turn, are passed on to the customer and client of the property or business. The reduced incidence of crime from these security methods, in turn, results in lower insurance claims, due to the reduction in the number and seriousness of claims. The reduction costs of insurance claims, in turn, results in lower premiums to the property and business owner. In essence, those who share this perspective believe that markets forces will serve to reduce the incidence of crime, without adversely affecting the legal and economic system. This, they would argue, is good public policy!

Viewed from a more conservative perspective, the argument against making property and business owners liable for the crimes of others rests on the notion of accountability and individual responsibility. According to this argument, the criminal is the person responsible for the crime, not the property or business owner. By imposing liability against those not responsible for the crime, the legal system is creating a perverse result - making innocent parties responsible for the criminal acts of third parties. This, it is argued, provides a disincentive for people to take steps to protect themselves. In this way, the potential crime victim may not take his or her own security as seriously, since someone will be liable for the damages created by the criminal. Furthermore, the notion that someone should "step into the shoes" of the criminal and pay for the consequences of criminal conduct simply fosters a "welfare state" mentality, in which the victims of society constantly seek people to pay for their plight. Indeed, those who oppose premises liability and negligent security argue that even government has largely disavowed liability for failure to prevent crime. If government, with its resources and policing agencies, cannot prevent crime, why should property and business owners have to pay for the failure to prevent crime?

As evidenced by these contrasting arguments, there are compelling points to be made on both sides of the debate. Notwithstanding the merits of either argument, this article seeks to present the subject of security law in an even-handed, comprehensive manner. Given my background, I tend to be more aware of the need for security than others. Indeed, many in this society have not experienced the effects and implications of crime first-hand. Many, if not most, have not studied the issues surrounding crime and security. As such, I come at this subject with a worldview and bias toward security.

This worldview, however, has been tempered by years of study and thoughtful analysis. In developed my understanding of crime and security, I have tried to deal with the issues and implications involved in a dispassionate, almost clinical manner. My use of the word dispassionate here reflects my efforts to remain impartial about security issues rather a lack of passion for the subject. In fact, I have a passionate interest in keeping people safe and secure. Nevertheless, the study of crime and security requires the ability to step away from the emotions prompted by the effects of crime on its victims and its implications for society. This clinical understanding of the issues and implications involved in security is the key to dealing with them effectively. This is not to say that the plight of the crime victims does not matter. Nothing could be further from the truth. It is to say, however, that decisions about crime and security should be made with reasoned, prudent analysis - with logic and facts - instead of emotion and fear. As will be made plain, the threat of terrorism only further emphasizes the truth of this assertion. Indeed, terrorism is designed to promote fear and emotional responses. Hopefully, this analysis will enable the reader, and a future generation of leaders, to effectively deal with the notion of security and crime, including the implications of terrorism.

1. Thompson, Michael (1986). Cutting your Security Risk. Security Management, September, at 47.

2. Homeland Security: Challenges and Strategies in Addressing Short and Long Term National Needs (2001). General Accounting Office, from testimony of Comptroller General David M. Walker, before the Committee on the Budget, U.S. House of Representatives.

3. Ahrens, Sean A. and Marieta B. Oglesby (2006). Levers Against Liability. Security Management, February.