Latest News

Why Directors & C-Level Officers ARE Legally Liable if a Disaster or Disruption Occurs

Why are Directors & C’s liable when there is an Emergency or Disaster, and how can they defend themselves?

Jay N. Rosenblatt, Partner, Simpson Wigle LLP

Much has been written in the last few weeks about the catastrophe known as Katrina, but not much has been focused on the legal responsibilities of directors and C-level officers related to Disaster Management & Business Continuity.

Everyone talks about how to RESPOND to an emergency, and that indeed is important, but is a jury going to be satisfied with that kind of response? Likely not, but why not?

To me, disaster recovery plans are important, but business continuity plans are everything! A DRP is reactive and only helps to minimize the loss AFTER the event. A BCP is proactive and is designed to minimize the loss BEFORE THE EVENT OCCURS.

The legal issues are all about: (1) negligence; (2) due diligence.

There are ramifications if a director and C-level officer is negligent.

Simply put, negligence is a failure to do what a reasonably careful and reasonably prudent person would do in the given circumstances. The relation is such as to produce a risk of foreseeable harm to a stakeholder, creating a duty of care, and the degree of care is not taken.

Business can ‘Ignore it (the risk) or deal with it’. Remember: inaction is a decision, and inaction is negligence! Directors and C’s must stop behaving like an ostrich with its head in the sand.

There is a duty to all the stakeholders to keep the business running!

Everyone is aware that business is exposed to risks. Those risks are on a continuum: inconveniences (traffic delays), disruptions (local fire, flood), disasters (earthquakes, SARS, West Nile Virus, terrorist attacks) , catastrophes (9/11, Tsunami and Katrina).

Any of these risks will affect the ability of that business to continue operating, limiting or eliminating access to its critical data, applications and facilities.

Failure to manage and mitigate those risks is negligence, and will result in legal exposure to the directors and C’s.

Business has a duty and obligation to all its stakeholders: employees, shareholders, investors, regulators, customers and suppliers, just to name a few; employees will sue if they are endangered while on the job or can’t get back because the business fails to continue after an emergency; existing investors may lose confidence and not continue to fund the business; potential investors may decide to invest in a business that is more proactive; regulators will be laying charges for non-compliance of legislations such as Sarbanes-Oxley, NYSE and SEC regulations (just to name a few); customers may find an alternate source of supply of services and materials if they feel their existing business is not reliable; suppliers will not be comfortable knowing one of their customers may not be in business and therefore not be able to pay its bills!

But what is the defence to a charge of negligence?: it’s due diligence; due diligence is simply doing what the ‘reasonable man’ would do; doing it right for all the stakeholders. It’s all about good corporate governance and best practices!

What should directors and C’s do in order to exercise due diligence?

In today’s world, there is no justifiable defense in stating that you weren’t expecting SOME disruption/disaster. Today’s world is such that we know these events will occur, but we just don’t know the timing or the type of event. For that reason, directors and C’s must be proactive. One excellent element of that is to have a business continuity plan in place. We can be like the ostrich, or we can be like Noah; Noah had warning of the flood, planned for it, and implemented his plan. Business leaders must be more like Noah.

Remember: you can’t ELIMINATE risk, but can at least MANAGE it!

Everyone reading this article is aware of the key elements of a business continuity plan or can use the resources available to prepare one.

Here are some basic components to a business continuity plan:

Safety of family and employees;
Communication with employees;
Communication with customers and suppliers;
Off-site data storage and recovery;
Security of home and business facilities;
Remote access to your facility, data and software applications by way of a vpn, etc.;
Alternative workplace facilities;
Alternative sleeping accommodations;
Business recovery centre.

On the topic of ‘Communication,’ I feel that it is crucial that a national Emergency Communication System be established, whereby there is a clear instant, effective communication between first responders, and with employees, families, suppliers, customers. As we have seen with Katrina, communication is critical. That communication can be by a special text messaging service, or an emergency bandwidth reserved for and available to first responders, and others. With all the technology available today, such an initiative is not so difficult to implement.

What is required is to determine:

What level of government initiates it;
Who activates it;
Who implements it;

By way of summary, remember:

Be prepared, but not scared;
Directors and C’s are liable;
Your only defence is due diligence (besides, it is only a good business practice);
Manage and mitigate your risks;
Assess the risk;
“Worry a bit now, or worry a lot later!”

Jay N. Rosenblatt, Partner, Simpson Wigle LLP

If you are interested in registering for our upcoming Disaster Management seminar, or arranging for an on-site training house call, please contact me at: rosenblattj@simpsonwigle.com.

About the Author

Jay N. Rosenblatt

Jay is a partner in the law firm Simpson Wigle LLP, located in Hamilton, Ontario, Canada, and is engaged in a Business and Technology law practice. He counsels companies from early stage start up to maturity through each phase of their growth, and assists them in enhancing enterprise value.

Many of his clients view Jay as their general counsel, with whom they consult regarding their legal issues and business matters that may have legal implications. Due diligence and disaster management are key elements to his Risk Management guidance. Jay has provided such input to vulnerable mid sized companies as well as very large corporations.

Jay provides a wide range of technology law services to technology start-ups, to companies active in this field, clients expanding into the high-tech arena, and businesses requiring the services of these companies.

In this role, Jay has spearheaded the establishment and is Chairman of a new Technology Venture Forum in the Golden Horseshoe in Ontario: The Golden Horseshoe Venture Forum (www.ghvf.org), that brings together both technology businesses at various stages of growth in search of funding, and sources of capital - traditional and non traditional. As a result of this ongoing involvement with technology and technology enabled companies, Jay has become a leading legal resource in the fields of E-Commerce and venture financing.

Jay is a sought after speaker and most recently spoke at Continuity Planning Management 2005 Las Vegas, on Corporate Due Diligence and Risk Management for C-Level Executives and Directors, presented at the InfoSecurity Canada Conference, June, 2005. He has been invited to present at the CPM Canada Conference in December, 2005, and will be a Keynote Breakfast Speaker at the Emergency Preparedness for Industry and Commerce Council (EPICC) Forum, 2006.

Jay is also a member of the Board of Directors for the Canadian Centre for Emergency Planning: www.ccep.ca.

His community involvements have included over 15 years with Crime Stoppers of Hamilton-Wentworth and the Ontario Association of Crime Stoppers, having served as Chair of the Local Program for 2 years.

Barristers & Solicitors
400-21 King Street West
Hamilton, ON, L8N 3R1
www.simpsonwigle.com/j_rosenblatt.html
E-mail: rosenblattj@simpsonwigle.com
Phone: 905-528-8411 #301;
Fax: 905-528-9008
Website: www.simpsonwigle.com