Tuesday, January 30, 2007

The Fallacy of Liability Avoidance

We hear it everywhere: “…We better be careful or we’ll get sued” or “…We have to avoid liability.” But if you really analyze those two phrases (which are frequently used interchangeably), you’ll see that they are not necessarily the same, especially as related to the loss prevention or security function in the real business world.

“Getting sued” is not the same as “being liable.” In fact, “getting sued” is not even the same as “getting sued successfully.” But those concerned about true liability avoidance in our companies – the bean counters and attorneys – frequently take the path of least resistance and make an error when they equate avoiding lawsuits with avoiding liability.

We are a litigious society. Virtually anyone can sue virtually anyone else for virtually anything. And until limits are set on frivolous lawsuits, such will continue to be the case. So there is almost nothing that we can do in the area of assets protection that will not come under someone’s scrutiny at some point, to the extent that we will be sued.

A prime example of companies being so concerned about any lawsuit (as opposed to legitimate, successful lawsuits) is their internal policies that have no substantive basis in law. One of those areas in which company policies usually do not directly equate to law is the hiring process.

How many times have you heard that asking for a date of birth is an "illegal question" under EEOC guidelines, presumably because it could lead to age discrimination? A show of hands, please. Ahh….I see that almost everyone has raised a hand….

EEOC does NOT...I repeat NOT...stipulate that ANY hiring practice or strategy is inherently bad or unlawful; it simply requires that there be a LEGITIMATE AND DEMONSTRABLE BUSINESS REASON for a particular practice or strategy.

So back to the question of asking for a date of birth: It is a common misconception that it is an illegal question. In fact, under EEOC guidelines, THERE IS NO SUCH THING AS AN "ILLEGAL QUESTION." Rather, the USE of the information is what may be considered illegal if the information is gathered and used for the wrong reasons.

Case in point: In most states, a full background investigation of employees (especially employees in positions of trust, such as LP employees, persons handling large sums of money, etc.) is perfectly legal and may in fact be required. In some of those states, pertinent background information (such as criminal records) is filed by both name and date of birth – in order to do a background investigation, a date of birth is necessary. So....if a business can demonstrate a BUSINESS NEED (like assuring the integrity of employees in certain positions) for performing a LEGITIMATE AND LAWFUL BUSINESS FUNCTION (like conducting a background investigation) and that lawful function requires gathering SPECIFIC INFORMATION (like a date of birth) in a MANNER CONSISTENT WITH COMMON PRACTICE (like the records are filed requiring a date of birth), then gathering the date of birth is perfectly legal, acceptable and allowable under EEOC guidelines.

Now....this does not mean that these types of questions (date of birth, gender, etc.) should appear on every company application – that would not be appropriate because the information would probably not be needed during the hiring process for every company employee. But the questions can and should be asked and information gathered during the hiring process in situations in which the information is necessary.

As noted in another posting on this blog, company lawyers frequently take the path of least resistance when reviewing or recommending policies – they feel that it is easier to promulgate universal policies that will apply to most employees than to have a more complex policy that allows for legitimate (and necessary) exceptions.

For security professionals, it's frustrating to be subject to internal policies that restrict legitimate activities under the guise of "legal" when in fact the policies may have no foundation in law. Getting those kinds of “convenient” policies changed should be the job of senior security management – that should be why they make the big bucks.

No comments: