There is no question that part of a sweeping tort reform bill signed into law by Georgia Governor Brian Kemp on 21 April will make it harder for injured parties to plead a successful civil case of security negligence against a business or property owner. But will the new law have a positive impact on security?

Security Management interviewed two attorneys who are frequent contributors to ASIS International and have given several presentations on legal matters at previous GSX conferences, and they have diverging views in answering that question.

We’ll lay out both of their cases, but first, a few specifics of the law and its background. The law itself comes in at a tidy 19 pages, but it amends a sprawling set of Georgia state laws in a variety of ways. Kemp made the bill one of the centerpieces of his legislative agenda and said one of the primary needs for the law was liability insurance bills for businesses and property owners that had spiraled out of control.

Background

One specific case highlighted as an example of out-of-control legal awards is Georgia CVS Pharmacy, LLC v. Carmichael. In the case, a man was shot multiple times in an Atlanta CVS parking lot. The jury decided that CVS was liable for the man’s injuries and ordered the company to pay almost $43 million. The award was upheld by the Georgia Supreme Court based on the current understanding of what “reasonably foreseeable” meant under current law and precedent. In concurring opinions, some justices noted the potential negative ramifications the decision could have on businesses, but said the legislature would need to address the issue.  

This article focuses primarily on Section 6 of the law (which begins on line 176 for anyone downloading the PDF from the link above), which amends Georgia laws to provide an explicit definition of the term “negligent security” and how injured parties must prove that an owner is guilty of negligent security, which starts by establishing if an act is reasonably foreseeable.

‘Reasonably Foreseeable’

One way the reasonably foreseeable condition is met is if the owner had “particularized warning of imminent wrongful conduct by a third party.” The law provides an explicit definition of this odd legal term, which boils down to a situation in which the owner knows a particular situation is likely to cause an injury and makes a conscious decision to take no action to keep it from happening.

Most injury-related lawsuits in this area are likely to fall under the second way the law defines acts that could be reasonably foreseen by an owner. In this definition, an owner would have to know that a third party was reasonably likely to engage in wrongful conduct because one of the following conditions was met:

(i) Prior occurrences of substantially similar wrongful conduct upon the premises of which the owner or occupier had actual knowledge;

(ii) Prior occurrences of substantially similar wrongful conduct upon the property adjoining the premises, or otherwise occurring within 500 yards of the premises, of which the owner or occupier had actual knowledge; or

(iii) Prior occurrences of substantially similar wrongful conduct by the third person whose wrongful conduct caused the injury, if the owner or occupier knew or should have known, by clear and convincing evidence, that such third person was or would be upon the premises and if the owner or occupier had actual knowledge of such prior occurrences of substantially similar wrongful conduct.

Importantly, the term “prior occurrences of substantially similar wrongful conduct” also has an explicit definition in the new law:

‘Prior occurrences of substantially similar wrongful conduct’ means prior occurrences of wrongful conduct which are sufficiently similar in nature and character, degree of dangerousness, proximity, location, time, and circumstances to the wrongful conduct from which a claim of negligent security arises to lead a reasonable person in the position of the owner or occupier to apprehend that such wrongful conduct is reasonably likely to occur upon the premises, to understand the risk of injury to persons upon the premises presented by such wrongful conduct, and to understand that a specific and known physical condition of the premises has created a risk of such wrongful conduct on the premises that is substantially greater than the general risk of such wrongful conduct in the vicinity of the premises.

Additional Aspects of Negligent Security

In this way, the law sets a high bar to proving an act was reasonably foreseeable, but that is just the first step in proving an owner had negligent security. Injured parties must also prove that the injuries they received were a likely outcome of the foreseeable conduct, that the person perpetuating the injury was exploiting a physical condition of the property that the owner knew existed, that the owner did not use ordinary care to remedy the physical condition in question, and that the failure to provide that ordinary care was likely the reason the injury occurred.

One additional point the new law makes is to say security firms providing security to owners of a premises have the same protections as the owners. The law also has several additional facets that even in the event that negligent security is shown to exist, a $43 million judgment is highly unlikely in the future.

So what does this all mean for security in practice in Georgia? Eddie Sorrells, CPP, PSP, PCI, the CEO of DSI Security Services (formerly the firm's COO and general counsel as well), says the law provides necessary protections and provides a needed roadmap for businesses, and security contractors, to provide necessary security.

Why the Law is Good for Security

Sorrells comes at this question from the viewpoint of a security services firm, though most of his insights for security firms are just as applicable for in-house security departments.

Sorrells points out that Georgia had notoriety as a state that provided jackpot verdicts—as seen in the CVS case—in premises liability cases. Furthermore, he says, the state’s supreme court found that evidence of nonviolent crimes on a premises meant that violent crime at the premises was reasonably foreseeable.

“SB 68 formally defines negligent security claims, requiring plaintiffs to prove foreseeability through specific warnings, prior similar crimes, or the perpetrator’s criminal history,” Sorrells explains.

Prior to the law, businesses and their security departments had to use their best judgment about what threats were likely and what security mitigations were necessary—and they had to hope their decisions aligned with the judgment of the courts if an incident led to injury.

“With standardized criteria,” Sorrells says, “security firms can focus on implementing measures like targeted patrols or enhanced surveillance in high-risk areas, reducing the risk of being held liable for unforeseeable criminal acts.”

Those in charge of providing security, particularly in the state of Georgia, would do well to align themselves to the new law’s definitions.

“To meet the bill’s foreseeability standards, security firms must enhance employee training to document and address potential risks, ensuring compliance with legal expectations and minimizing liability,” Sorrells says.

Furthermore, he says the law encourages more—and more modern—security.

“SB 68 encourages property owners to invest in professional security to mitigate liability, boosting demand for risk assessments, security audits, and technologies like AI-driven cameras or access control systems,” he says.

Sorrells also thinks the law could be a boon for security services firms operating in Georgia. For one, the law codifies that security services firms are held to the exact same responsibilities as the premises owner or occupier, rejecting any notion that they should be subject to higher standards. In addition, firms have the opportunity to “differentiate themselves by educating clients on SB 68’s requirements, offering tailored security plans to help property owners meet foreseeability standards and avoid litigation,” he says.

In conclusion, “The bill supports public demand for safer environments, enabling security companies to market services as essential for compliance with state law and community well-being.”

Why the Bill is Bad for Security

“It’s going to make people less safe, it’s going to increase crime, and insurance premiums are not going to go down a bit because they never do,” says Michael Haggard, managing partner of The Haggard Law Firm, who clearly has a different take on the Georgia law. Among his specialties are representing clients that bring negligent security, wrongful death, and unsafe premises cases.

Yes, he’s an attorney that argues cases that attorneys like Sorrells and corporate security directors must defend against. However, those security directors should not dismiss what Haggard has to say. He says he actually shares a goal with those security directors: the goal of businesses deploying security measures that eliminate as much potential for serious injury as practically possible. And he walks that talk by being a frequent speaker at conferences such as GSX, and when contacted by Security Management for this article, he replied within a couple of hours.

So, what else does Haggard have to say about what the Georgia law means to security?

He starts with the terrorist attacks of 11 September 2001, which he says was a demarcation line for security.

“September 11 changed everything,” Haggard says. “Prior to September 11 you might have a hotel case and you’d ask somebody what’s the industry standard and there wasn’t one. …Since September 11, we’ve seen the security industry [grow much bigger] and what happens then is companies have guidance. They have rules. They have standards to follow. And you know, ASIS has come out with the gold standard: How do you do a security survey? How do you do a proper security assessment?”

The standards are important, he says, because they give everybody the same understanding. And it’s these standards that should inform how courts examine negligent security cases.

“The truth of the matter is, when businesses have good security they don’t get sued,” he says pointedly.

Haggard points out his numerous experiences bringing negligent security cases, saying, “I’ve never had a case where a defendant says, ‘Well, Mike, here’s all my crime analysis. We have it all written out. We’ve always gotten crime reports [and] statistically looked at it. And we increase guards. We have a security plan and we’re proud of it. Our stuff works, our gates work.’ I’ve never had that case because if I see that, I’m not taking the case” because they have taken the security actions they could reasonably be expected to take.

When it comes to GSX, he knows he’s “usually preaching to the choir. When businesses send representatives to a security conference for three or four days, they’re the people doing the right things.”

His point is, by making it harder to for the injured to win a case of negligent security, Georgia has disincentivized good security practices, and it has the potential to diminish security’s importance in an organization (as well as diminishing the need for the expertise that security firms offer organizations).

“If you lessen the standard of someone [being] held accountable, you think they’re going to take any other option than to go with less security for less money? That’s exactly what they’re going to do” as a result of the Georgia law, Haggard says.

He also says that ultimately the bill is bad for businesses as well. The logic: the definitions in the bill that create such a high bar essentially lowers the standards of the level of security needed. This will lead to less security: “Why do businesses need security guards? …Why do you need heat-activated security cameras? …Or anything like that?” he says. Less security means the likelihood of tragic events increases. Sure, the law may shield a company from paying a big judgment for negligent security, but tragic events have far-reaching effects on a business beyond legal judgments, including significant reputational and productivity damage.

“Good security is good business,” Haggard says. “I think it’s important to do everything you can to incentivize business to invest in security.”

 

MOST POPULAR ARTICLES

1. Fast Facts: How to Stay Safe in a Crowd

2. What to Add to a Rules of Engagement Document

3. Recruitment Red Flags: Spotting DPRK IT Remote Workers