Meet the Experts

Worry & Spend A Bit Now, Or Worry & Spend A Whole Lot More Later!
What Are Your Legal Risks & Solutions In Your Disaster Management & Business Continuity Planning?

By Jay N. Rosenblatt

Businesses face legal risks related to disruptions and disasters: how can they be addressed?

I know you think about risks related to employees, supply chain management and YOUR brand, but HAVE YOU ever thought about the LEGAL risks? Businesses ‘know what they know’ about the business risks and benefits related to disaster management and business continuity, but the large percentage of businesses ‘don’t know what they don’t know’ about the legal risks and solutions related to disaster management and business continuity.

What if:

Your electricity is disrupted for two days, OR
Your computer network fails and is out of service for a number of days, OR
A key supplier fails to fulfil its supply chain obligations, OR
Your neighbour’s building has burned down and you can’t get access to YOUR building?

By being aware of legal risk and the solutions, you will be in a better position to protect your assets: people, revenue, cash flow and resources. The ‘solution’ is the implementation of Due Diligence. Due Diligence is simply following best practices, but those best practices have special meaning when dealing with the legal risks.

Legal risks
There ARE legal risks to your business. Those risks impact not only the business itself, but also its directors and senior management. It’s all about legal vulnerability, mostly due to the real possibility of lawsuits and the related costs.

However, there are legal tools to utilize in order to manage and minimize those risks and vulnerabilities; the major defence is ‘due diligence’. There are solutions, provided you follow the Due Diligence guidelines in this article.

Solutions
You have managed and mitigated your risks by taking control through proper management, prevention, preparation, response and recovery related to those risks to the operation. Legal risk is no different. The required approach is to assess your legal risk through a process of evaluation, followed by implementing measures to safeguard against those risks. This assessment should both be carried out by an enterprise team within the business along with a multi-disciplinary team outside the business, including a lawyer experienced in the field of disaster management planning. By implementing this process, you will be able to accomplish many or all of the usual business continuity principles: mitigation, prevention, preparation, response and recovery.

The critical legal issues requiring attention are:
1. Contracts
2. Negligence
3. Employment
4. Workplace health and safety and regulatory compliance
5. I.T./Technology & Security

Contracts
The main contractual concerns relate to breach of contract and end-to-end supply chain fulfillment failures. You have to be concerned with your Supply Chain Management, Just-in-Time Delivery and Outsourcing, whether it be regional or global, but how many businesses carefully review their Supply Chain Management contracts, especially where they relate to contract fulfillment in the event of a disaster. What about your suppliers and sub-suppliers: do THEY have effective and tested business continuity plans in place? How many businesses have provisions in their contracts to ensure that a supplier is required to fulfill the terms of its contract due to a disruption or disaster occurring at its plant? Has the business reviewed its insurance policy coverages, and especially the exclusions in its insurance policies? What happens when a subcontractor goes up in smoke? What about actually setting up contracts for contingencies? What if your customers can’t pay your bill?

Negligence
Negligence involves a failure to do what a reasonably careful and reasonably prudent person would do in the given circumstances. Simply put, it is a situation that produces a risk of foreseeable harm, creating a duty of care; liability occurs where care is not taken.

In many countries there is an increasing duty to prepare for a disruption or disaster. The failure to do so makes a business vulnerable to lawsuits for negligence. The result is a great deal of hard and soft costs to the business. Inaction is an act of negligence.

Employment & H.R. Issues
Your employees are your greatest resource, but also your biggest risk.

Businesses have to be able to protect their employees from the impact of disruptions and disasters. These obligations come not only from court actions related to breach of contract and acts of negligence, but also from regulatory compliance issues. Other related issues relate to security and safety. You have to establish appropriate policies and procedures based on best practices and standards and enforce those policies and procedures.

On the other hand, businesses have to protect themselves from their employees and their acts that can cause disruptions and crises. How long could a business carry on if a key employee/manager steals and sells critical intellectual property to a competitor; for example critical reports, data, information? What would the impact be if that employee left and took with him or her the customer lists, employees, or clients of the business?

Consider the legal issues related to teleworking during a disruption or disaster and policies in order to protect yourself and your business from lawsuits.

Workplace Health and Safety and Other Regulatory Compliance Requirements
As businesses are undoubtedly aware, there is an abundance of laws and regulations that set out a business’ health and safety compliance obligations to its employees (e.g. OSHA). Other regulatory compliance obligations relate to privacy, intellectual property and financial statement integrity, just to mention a few. A disruption or disaster is no excuse to non-compliance, and non-compliance will have a severe impact on your business.

Security
As indicated earlier, employee security is one of the many obligations a business has to its employees. Add to that the requirement for plant and inventory security and the protection of critical technology infrastructure, and you have a growing list of concerns related to security during a disruption and disaster. Have you ever thought about I.P. theft from the inside or by outsiders?

Pandemic Preparedness
Although many people feel the topic of Pandemic Preparedness is fear-mongering and over blown, it is my opinion that this is an important area of legal risk for business. Pandemic risks will probably last a lot longer than those of a ‘normal’ disaster. Just because it is way off the ‘radar screen’ is no reason to ignore the possibility of its occurrence. There are special solutions that can be implemented during a pandemic and you would be wise to include Pandemic Preparedness in your plan.

So, Now What to Do?
Most businesses are not able to carry out a complete evaluation of their legal vulnerabilities and the required solutions without assistance. To assess your legal vulnerability satisfactorily and implement proper Due Diligence, retain the services of a lawyer. Check first if he or she is experienced in advising on legal risks and solutions related to disaster management and business continuity, and not just a competent business lawyer. There are real nuances in the process that the average smart lawyer may not fully appreciate unless he or she has been immersed in this field. The risks are not just related to cash flow, some of which can be insured. The cost impact of your resources and your all damaged brand and reputation may not be insurable.

If you own or manage a business you have a choice:
“WORRY & SPEND A BIT NOW, OR WORRY & SPEND A WHOLE LOT LATER!”

About the Author
Jay N. Rosenblatt, LLB, is a business lawyer at the law firm Simpson Wigle LLP, with a focus on counselling businesses on how to identify, manage and mitigate legal risks related to disaster management and business continuity by identifying the legal risks and finding the appropriate solutions to those risks.

Jay regularly addresses these issues at international conferences, participates on Business Impact Assessments, table top exercises, and also delivers corporate ‘lunch and learn’ sessions on the subjects discussed in this article.