Wednesday, January 31, 2007

What Is the "Security Industry?"

There is no common public perception as to what “security” really is. And that’s because the industry is so large and diversified. When the term “law enforcement” is used, there is little doubt as to its meaning: it refers to public agencies that uphold the law. Pretty simple and straightforward. The more informed understand that there are differences in jurisdiction (local vs. county vs. state vs. federal, etc.) and in general function (ordinary policing vs. investigations vs. transportation enforcement vs. protective services, etc.). But when the ordinary citizen hears “law enforcement,” he or she pretty much knows exactly what is meant.

On the other hand, there really is no simple definition of the security industry (other than “providing protective services,” which is so all-encompassing as to be nebulous and non-helpful). Here is just a partial list of the “security industry:” proprietary security departments; contract security services; private investigations; guard and patrol services; armored courier services; alarm and equipment installers; security consultants; private information/intelligence services; auditors; risk management services; contingency planning services; business continuity services; special event specialists; bodyguards/personal protection specialists; etc.

And each of these categories has its subcategories: some proprietary security departments provide overnight guard patrol, some provide full security and law enforcement-like services; some contract security companies provide services to a variety of industries, some specialize in one; some alarm and equipment companies provide home burglar alarms, some provide integrated security systems that are literally global in scope; etc.

So when the term “security” is heard, should the ordinary citizen think of the night watchman-slash-boiler operator, or the corporate security executive who is responsible for $500 billion worth of company assets, or the bodyguard protecting Britney from a stalker, or… what should the ordinary citizen think of?

Coupled with the vast diversity of services encompassed by the “security industry,” there are other issues of disparity that make it difficult for the ordinary citizen to understand what we do and who we are:

· There is a Police Officer on duty at the publicly-owned hospital, while there is just a “security guard” on duty at the private hospital across the street – and both are performing the same basic job function.

· Public law enforcement agencies, because they are public, are subject to public scrutiny, in everything from their budgets to their activities. Private security operations, because they work for private enterprises, are subject to virtually no public scrutiny (until something newsworthy – usually meaning “bad” – occurs).

· The high-speed police pursuit of a speeding motorist makes the nightly news because the media camp out on the Police Department’s doorstep. The 2-year investigation by the team of corporate investigators which results in the break-up of the international theft ring resulting in the recovery of $3 million worth of MP3 players goes unnoticed because there are no media present, because the company doesn’t want the publicity to jeopardize the three other investigations that are going on simultaneously.

· The company that installed the home burglar alarm may not be the proper responder when the alarm is activated.

· The “event staff” personnel are seen as being overly aggressive in removing the “…poor drunk guy…” from the concert – after he had just started the fight that knocked over the ten-thousand-dollar amplifier and injured 4 patrons.

In other words, the ordinary citizen cannot really know or understand the “security industry” because the industry is so vast and because “security guards” have such a diverse range of duties and responsibilities. And if you add into the mix the fact that many security strategies rely on unobtrusiveness to be successful……

Tuesday, January 30, 2007

The Fallacy of Liability Avoidance

We hear it everywhere: “…We better be careful or we’ll get sued” or “…We have to avoid liability.” But if you really analyze those two phrases (which are frequently used interchangeably), you’ll see that they are not necessarily the same, especially as related to the loss prevention or security function in the real business world.

“Getting sued” is not the same as “being liable.” In fact, “getting sued” is not even the same as “getting sued successfully.” But those concerned about true liability avoidance in our companies – the bean counters and attorneys – frequently take the path of least resistance and make an error when they equate avoiding lawsuits with avoiding liability.

We are a litigious society. Virtually anyone can sue virtually anyone else for virtually anything. And until limits are set on frivolous lawsuits, such will continue to be the case. So there is almost nothing that we can do in the area of assets protection that will not come under someone’s scrutiny at some point, to the extent that we will be sued.

A prime example of companies being so concerned about any lawsuit (as opposed to legitimate, successful lawsuits) is their internal policies that have no substantive basis in law. One of those areas in which company policies usually do not directly equate to law is the hiring process.

How many times have you heard that asking for a date of birth is an "illegal question" under EEOC guidelines, presumably because it could lead to age discrimination? A show of hands, please. Ahh….I see that almost everyone has raised a hand….

EEOC does NOT...I repeat NOT...stipulate that ANY hiring practice or strategy is inherently bad or unlawful; it simply requires that there be a LEGITIMATE AND DEMONSTRABLE BUSINESS REASON for a particular practice or strategy.

So back to the question of asking for a date of birth: It is a common misconception that it is an illegal question. In fact, under EEOC guidelines, THERE IS NO SUCH THING AS AN "ILLEGAL QUESTION." Rather, the USE of the information is what may be considered illegal if the information is gathered and used for the wrong reasons.

Case in point: In most states, a full background investigation of employees (especially employees in positions of trust, such as LP employees, persons handling large sums of money, etc.) is perfectly legal and may in fact be required. In some of those states, pertinent background information (such as criminal records) is filed by both name and date of birth – in order to do a background investigation, a date of birth is necessary. So....if a business can demonstrate a BUSINESS NEED (like assuring the integrity of employees in certain positions) for performing a LEGITIMATE AND LAWFUL BUSINESS FUNCTION (like conducting a background investigation) and that lawful function requires gathering SPECIFIC INFORMATION (like a date of birth) in a MANNER CONSISTENT WITH COMMON PRACTICE (like the records are filed requiring a date of birth), then gathering the date of birth is perfectly legal, acceptable and allowable under EEOC guidelines.

Now....this does not mean that these types of questions (date of birth, gender, etc.) should appear on every company application – that would not be appropriate because the information would probably not be needed during the hiring process for every company employee. But the questions can and should be asked and information gathered during the hiring process in situations in which the information is necessary.

As noted in another posting on this blog, company lawyers frequently take the path of least resistance when reviewing or recommending policies – they feel that it is easier to promulgate universal policies that will apply to most employees than to have a more complex policy that allows for legitimate (and necessary) exceptions.

For security professionals, it's frustrating to be subject to internal policies that restrict legitimate activities under the guise of "legal" when in fact the policies may have no foundation in law. Getting those kinds of “convenient” policies changed should be the job of senior security management – that should be why they make the big bucks.