Year 3 - Week 15.
ISSN 2603 - 9931
Duty of Care as a principle is present in most of developed countries. It involves aspects such as legal compliance, but mostly it points out companies’ duty of taking care of their employees in and out the companies’ facilities, that is, during routine work at the office and during associated business travels. It includes from onsite security measures to a Travel Risk Management program, and from a safety work program to an evacuation plan in case of natural disasters. When an armed individual enters in the facilities and opens fire over workers, something in the Duty of Care system has failed. Last Tuesday April 3, Nasim Najafi Aghdam entered in Youtube Headquarters in San Bruno, California, armed with a 9 mm. semiautomatic handgun, and shot three workers before taking her own life. Aghdam was a vegan and pro-animal rights activist with a website and Youtube embedded videos, but some time ago Youtube changed the searching policy and her visibility and number of followers had gone down. That meant the construction of a grievance for her, who started to develop an increasingly violent behavior against the company. After three days missing, her family was afraid of her doing something in Youtube headquarters and, even though police was informed, they couldn’t do anything unless she actually commited any kind of offense, as it happened.
Even though Aghdam didn’t have a physical connection with the company, she was a user of Youtube services, so her attack might be considered included in the category of “workplace violence”. A working definition provided by the ASIS/SHRM WVPI de 2011 is “A spectrum of behaviors, including overt acts of violence, threats and other conducts that generates a reasonable concern for safety for violence, where a nexus exists between the behavior and he physical safety of employees and others (such as customers, clients, and business associates), on-site, or off-site when related to the organization” [1], when the perpetrator has any kind of nexus with it. According to the Organization of Safety and Health Administration, four types of violence may occur at a workplace depending on motivation and target:
Type I. incidents with no relationship between organization, victims or target and the perpetrator, but the ideological motivation of this last one for targeting that facilities. It would be the case of terrorist attacks or robberies with violence, where the ideological motivation is substituted by a prospective benefit.
Type II. A legitimate business relationship existed or exists between the perpetrator and the organization, as it is the case of customers, clients, patients, students and other forms of users of services from an organizations, as it seems to be the case of Najafi Aghdam.
Type III. The perpetrator has or had any kind of employment relation with the organization. This factor makes that every organization might be a potential target for workplace violence.
Type IV. The perpetrator has or has had an intimate relation with one of the organization’s members or workers.
Prevention against these different possibilities of violent acts targeting the organization falls inside the concept of Duty of Care, both a moral and a legal obligation. It is the organization, thus, who must carry out a risk assessment and to take preventive and mitigating measures to minimize the possible threat over its workers. This assessment, in the case of a company as Youtube or Google, with a global impact and global users, customers, supporters and detractors, probably will represent specific patterns to consider beyond the mere workers and former workers, in a globally interconnected world, from data protection to management of threats.
Prevention means to evaluate aspects such as workers’ profiles and physical security measures. The first part of the equation could be based on the creation of a Threat Management Team (TMT), a body created specifically to gather and analyze possible violent or threatening profiles in the organization and, in case of need to consult experts for advice. The TMTs are also key inner structures in acting as liaisons with law enforcement agencies, so it may raise red flags to be managed by police regarding suspect behaviors and in case of moving from prevention to management of an ongoing incident, there could be a centralized entity providing information to the police regarding the suspect perpetrator.
Second part of equation depends on the security department and focuses on an assessment on the effectiveness of physical security. Najafi Aghdam entered inadvertently into Youtube Headquarters through the parking garage and started shooting from the courtyard over the company’s workers in the area, raising questions about the security of lavish tech campuses in Silicon Valley even though she couldn’t enter the building [2]. San Bruno police arrived to the scene in just two minutes, but questions as unauthorized entries, secure parking, or visits remain open.
But it is also a security department responsibility, but in a global involvement with the rest of organization’s stakeholders to train the whole of the workforce in response protocols against active violent incidents. Again, the implementation of protocols as Run-Hide-Fight in an effective way, the celebration of periodical exercises and drills in cooperation with police departments, and the training in techniques such as massive bleeding control may mean the difference between life and death during the response police gap. In San Bruno it took first responders only two minutes to arrive, but most of time victims are not so lucky. Immediate responders, that is, potential victims on the spot are vital on that period of time.
The lack of implementation of all these available measures, from the legally mandatory ones included in security procedures and standards to the non-mandatory but morally needed to protect organization’s members could involve a legal issue in matter of compliance but also a reputational damage for the company which may affect the business continuity. Even in terms of costs, the management of psychologically affected workers, the need for trauma recovery and defusing programs and time-off to achieve all that represent a risk to be prevented too.
As a conclusion, it seem obvious that organizational duty of care responsibility goes far beyond unilateral factors and it needs a systemic and integrated addressing. It needs to involve legal departments, human resources to deal with and detect possible workers warning behaviors and gather needed information and background checks and follow-ups, security departments to provide accurate and operative physical security, but also training and protection for organization’s members during an ongoing incident, and the involvement in the whole process of public stakeholders such as police departments and medical emergency services. Duty of care is more than just legal compliance, it is a commitment with safety and security.
[1] ASIS/SHRM Workplace Violence, 2011, p. 5.