The Legal Perspective on Duty of Care
Part III: The Legal Perspective on Duty of Care
‘Is duty of care a legal requirement?’ This is a simple question that we frequently encounter. However, the answer is slightly more complex than just yes or no. While there is no law describing duty of care required by employers, they are still legally liable for injuries sustained by their employees as part of their work. In the following, we will explain and discuss this paradox in more detail.
First off, we must distinguish between two legal systems, the common and the civil. Civil law, primarily used on the European continent and in formerly French and Spanish-dominated regions, is characterised by a codified body of legislation. Judges play a more active role here and cases are settled based on resolutions found in legal codes. Common law, on the other hand, is built on precedence, i.e. previous rulings by judges rather than codified law. Predominantly practised in Anglo Saxon regions of the world (UK / US), lawyers are the primary drivers behind interpreting the law and judges can use their discretion to determine an appropriate remedy in each case.
This distinction is exceedingly important in an examination of the legal perspective on duty of care. While there are standards, related laws, and societal expectations, there is no law that dictates the content of duty of care. Therefore, in terms of the legal perspective, court cases are the only thing we have to look to. Perhaps for this reason, there is a larger body of duty of care-related cases in the United States and the United Kingdom than we have in continental Europe. Without a codified body of legislation, lawsuits against alleged ‘duty of care’ violations are more likely to be taken up by specialised lawyers, as the chances of getting extraordinarily high compensations increase dramatically.
In civil law societies, there is a distinct expectation of codified rules that define what to do, both in terms of how to act, as well as remuneration in the event of a dispute or breach of contract. This doesn’t exist in terms of duty of care, meaning that cases are the only thing we have to look to in order to define the legal dimension.
One of the more spectacular rulings in recent years was the $41.5m verdict against the prestigious boarding school Hotchkiss for failing to warn student Cara Munn about the risks of tick-borne encephalitis while she was on a study trip to Mount Pashan in China in 2007. Munn contracted the disease and subsequently suffered brain damage, leading to a complete loss of speech and partial face paralysis. She was awarded compensation for the estimated economic losses from her disability, which amounted to approximately 25% of the total compensation, as well as pain and suffering, which made up the remaining 75%. The school appealed the judgment, as they challenged that the condition of foreseeability was met in this specific case: Munn was the first known foreign traveller ever to contract the disease in China. Munn’s lawyer argued that a number of experts habitually warned about the risk, and that the school should have actively found and disseminated this knowledge. Last year, the Connecticut Supreme Court sided with Munn and upheld the original verdict.
There are several things to learn from the Munn case. First, the school’s invocation of lacking statistical evidence was not enough to challenge the foreseeability criterion. This shows that, from a judicial point of view, ‘it hasn’t happened yet’ is not a satisfactory reason not to act on known risks. Second, it established that an educational institution has duty of care for its students. And third, the consequences (monetary and otherwise) of failing to live up to the organisation’s duty of care can be quite substantial, not least for pain and suffering, at least in the common-law system.
So how does it look in countries with civil law? Here, judges must look to codified law as the basis of their verdicts. The case of Steve Dennis versus the Norwegian Refugee Council (NRC) was a significant milestone in this regard. As part of his work for the NGO in Kenya, Dennis and a VIP visitor from the NRC visited a refugee camp in Dadaab in 2012. Their convoy was attacked along the way, and Dennis was shot through the leg and abducted. Four days later, the group was rescued by a pro-government militia. After the incident, Dennis was diagnosed with post-traumatic stress, and his leg never fully recovered. In 2015, Dennis sued the NRC for alleged negligence, failing to act on the known security risks of operating in the area. One of the central points in the case was the poor information handling around the VIP visit and the late decision not to bring an armed escort, as was customary for visits in Dadaab. Dennis was awarded compensation of almost NOK 4.4m (EUR 465,000) and the NRC had to pay legal costs of an additional NOK 1.2m (EUR 127,000).
The court ruling was based solely on the Norwegian Compensation Act. As the court found gross negligence from the employer, it did not rule on the strict liability of NRC towards Dennis. The ruling sent shockwaves through the aid sector, 3
which some had regarded as immune to the liabilities of ‘normal’ businesses. NGOs frequently operate in high-risk areas, and their work necessitates a higher risk appetite. Perhaps for this reason, they didn’t expect to be held to the same standards of duty of care. Another lesson from the case was the direct responsibility attributed to the NRC headquarters for the lacking security procedures. The defendant argued that the blame for the incident should be put on its local Kenyan office, which was responsible for the information leak. This was dismissed by the court, which upheld the responsibility of the headquarters in its ruling. If anything, the Dennis case marks the emergence of a duty of care discourse in continental Europe. Not only aid organisations, but also businesses and governments reacted by examining their own legal liabilities.
The new interest in duty of care, in many instances, feeds into the existing risk management structures. However, it is also an uneasy fit. Risk management has traditionally been heavily reliant on quantitative and statistical methods, which presuppose a linear trajectory of history and a large number of similar, or at least comparable, incidents. Whilst effective in managing work-related injuries, fire, or health issues, these methods are not well suited to cover contingencies, intentional harm, or extreme events. As both the Munn and Dennis cases show, history is not always a reliable guide when it comes to managing security risks and duty of care responsibilities. Where policy decisions were once based on history, and risk management largely based on the law of large numbers, this is no longer sufficient. To live up to their duty of care, employers must make a thorough assessment of the potential harm that may come to their employees and act in a cogent manner to mitigate it. Liability becomes highly context-dependent.
In terms of duty of care, risk is non-transferable; therefore, it will be of growing importance to ‘own the risk’. Due to the contextual nature of risks, it will be important to analyse the situation and subsequently make a conscious decision as to the level of mitigation that the risk requires. Post-incident lawsuits such as the two mentioned above will likely be based on negligence. This means that compliance will be assessed based on the level of care provided by the employer, taking into account all safety measures that have or should have been implemented to ensure employee well-being.
In order to respond to the growing responsibilities duty of care presents, it is necessary to understand that formal structures and compliance is not enough. Despite not being legislated, as the above cases have demonstrated, there is a legal expectation that you employ genuine, context-sensitive care for those in your charge.
Duty of care is something that has to be built into an organisation; it is not something that can be inspected in. Businesses need to appoint a security focal point for the organisation – an individual in the company or an outside agency – who has the responsibility of analysing risks and collecting best practises, and who’s expert judgement is used to inform decision making. In order to legally demonstrate duty of care, it is imperative to document your activities, including policies, procedures, and instructions. Finally, an integral element of duty of care is to plan for crises, so that if an incident occurs, your organisation is capable of responding quickly and effectively to protect employees and limit the fall out, legal and otherwise.