How Security Companies Can Protect Themselves from Litigation
No one wants to consider the unthinkable: a mass shooting, a violent coworker, a mentally ill patient violently attacking his or her caregiver. Yet the world we live in requires all businesses to plan for such crises, and security firms are often retained to create and maintain these plans.
Three types of facilities have been particularly hit by security-related litigation against not only the owner or operator of a site, but also against the security company hired to protect the people on the premises. These sites include hospitals or healthcare facilities, event venues, and retailers.
Healthcare Security
Concern about security in healthcare settings coincides with a broader trend of increasing workplace violence at these facilities. Healthcare workers’ risk of injury due to workplace violence is five times greater than that of workers in other industries, according to 2018 statistics from the U.S. Bureau of Labor Statistics. The number of injuries sustained by healthcare workers due to workplace violence increased 86 percent from 2011 to 2018. Despite this growing threat, by 2022 only 60 percent of hospitals had implemented workplace violence prevention programs, according to an American Hospital Association survey.
Some U.S. state legislatures—specifically Colorado, North Carolina, Ohio, Oregon, Texas, and Virginia—recently enacted or are considering bills requiring hospitals to have armed security and a security plan. These new state laws require (or would require) hospitals to create detailed security plans, develop systems for reporting violent incidents, and provide adequate workplace violence training for staff. Other states have laws that require hospitals to employ armed security guards.
At the federal level, members of Congress introduced the Safety from Violence for Healthcare Employees (SAVE) Act, which provides protections for healthcare workers similar to the protections afforded to airline flight crews. The bill, or similar legislation, has been introduced in at least the last three sessions of Congress. Currently the bill sits in the House Judiciary Committee. If enacted, it would criminalize assaulting or intimidating hospital personnel, such as doctors and nurses, when such actions would interfere with or limit staff’s ability to carry out their duties. The legislation would also create grants to fund efforts to reduce violent incidents at hospitals.
Hospitals often hire security companies to protect their workers, patients, and visitors. But if an act of violence results in an injury or death during a security company’s watch, recent cases indicate that the company may find itself named as a defendant in a resulting lawsuit.
For example, in 2018, a gunman killed 24-year-old pharmacy resident Dayna Less and two others at Mercy Hospital and Medical Center in Chicago, Illinois. Less’s family filed a wrongful death lawsuit against the hospital and its security contractor, SDI Security, Inc. The suit claimed the hospital and the contractor failed to follow their own protocols in response to an active shooting and were negligent for failing to raise an alarm and secure the building. The case was settled in January 2024 for $20 million.
In April 2024, a hospital nurse working in Rhode Island sued the hospital’s security firm after he was attacked by a psychiatric patient. The nurse accused the contracted security officers of negligence for failing to prevent the assault and delaying intervention. (Scott Amaral v. Universal Protection Service, LLC, et al., Superior Court of Rhode Island, No. 02013, 2024)
Another lawsuit was filed in 2024 in response to a 2022 shooting that left four dead at a Tulsa, Oklahoma, hospital. The widow of one of the victims, Dr. Preston Phillips, sued St. Francis Hospital and its security contractor, citing negligence regarding various security issues.
Event Security
Ensuring the safety of guests and staff at large events requires navigating a host of issues, such as negative fan behavior, weather issues, cyberattacks, and even rogue drones.
Lawsuits involving shootings at music venues have proliferated, and security companies could find themselves named as defendants in these cases. Plaintiffs may claim that companies failed to implement appropriate safety precautions, failed to follow their own policies or procedures, implemented negligent training or hiring practices, or failed to intervene in an incident.
For instance, in 2022 Isaiah Lee tackled comedian Dave Chappelle while Chappelle was onstage at the Hollywood Bowl. Two years after the attack, Lee filed a suit against the Hollywood Bowl and its security team, alleging negligent security and battery. Lee claimed that security failed to intervene when members of Chappelle’s entourage assaulted Lee, and that some security company employees even participated in the assault. The suit also alleged that although the Hollywood Bowl and the security company were aware of Chappelle’s tendency for making offensive jokes and remarks, the venue and the company failed to prevent or mitigate the potential harm of Chappelle’s material.
Retail Settings
Retail security professionals report that shoplifters have become more aggressive and violent, according to the National Retail Federation’s 2023 annual survey. In addition, nearly 80 percent of U.S. retailers stated that store violence and organized retail crime continue to rise.
Court cases in the retail sector illustrate that security companies have been sued not only for alleged failures in practices, procedures, and actions, but also for negligent hiring.
In the Dallas, Texas, area, hidden video cameras were discovered in restrooms used by employees and customers of a luxury watch retailer and a Starbucks in a Highland Park Village retail complex. Law enforcement arrested a contract security guard, Ronnie Smith, and charged him with four counts of invasive visual recording and one count of evidence tampering. Two women employed by the watch store filed civil suits against both Smith and St. Moritz Security, which was responsible for hiring Smith.
Along with filing a civil suit against Smith, the two women also sued the security company, claiming the contractor negligently hired Smith despite a criminal history that included domestic violence and involvement with drugs.
Best Practices to Mitigate Liability Risk
Security companies aim to protect others, but it’s time to ensure that security companies are also protecting themselves. The primary vehicle to do so is a thorough incident response plan and a system of auditing compliance.
To help mitigate these types of situations, companies need to have response plans before an incident occurs—this includes both the company that contracts for outside security services and the contracted security group. The security contractor should also review the company’s plan and ensure that it is comprehensive, addressing any identified lapses.
Incident response plans for security companies providing security services should include certain elements, including an incident management team, a threat management team, established safe areas in the event of an attack, a chain of command for reporting a threat or emergency, a backup or emergency communications program, a list of nearby healthcare facilities, and advocacy programs to support employees after a crisis.
Security companies should also consider implementing other elements of prevention and planning. These can include drills on implementing an incident response plan to address any failures, periodically auditing and updating the plan, and tracking instances of violence in similar settings, as well any resulting litigation. Companies may also want to conduct thorough and periodic background checks on personnel, audit facilities’ compliance with security protocols, confirm the appropriate installation and functionality of surveillance cameras, ensure that training and periodic refreshers are completed, conduct risk assessments, and collaborate with law enforcement.
Jessie Zeigler is a member at Bass, Berry & Sims PLC, where she chairs the Products Liability & Torts Practice Group and works closely with clients facing claims related to crisis management, products liability, environmental, health and safety, or general business litigation. Zeigler has successfully defended class action claims, multidistrict litigation, and single-action claims for various types of product and mass tort cases across the country. She can be contacted at [email protected].
Bass, Berry & Sims summer associate Andres Martinez contributed to this article.