Although the SAFETY Act1 can cap a company's liability exposure at a predetermined amount of insurance, and even eliminate a company's liability exposure altogether, "it remains one of the most underreported and underutilized"2 risk management and litigation management tools for companies in any industry that uses security products, services, software, shopping center security guards, professional security certification programs, assessments and emergency response plans.
Passed in response to the massive liability encountered in lawsuits stemming from September 11, 2001,3 as well as those lawsuits that held the Port Authority of New York and New Jersey liable for the 1993 World Trade Center attacks,4 the SAFETY Act provides two classifications designed to incentivize companies to develop and deploy anti-terrorism products and services by limiting or eliminating liability should an act of terrorism occur involving those products and services.
By submitting an application to the U.S. Department of Homeland Security (DHS), a company's products, services, threat-assessment best-practices, threat response plans and control center operations, among others, can gain "designation." A designation of "Qualified Anti-Terrorism Technology" provides a company the following significant benefits:
- No punitive damage exposure;
- Claims against the seller are capped at an amount no greater than the limits of liability insurance coverage required to be maintained by the seller through DHS;
- Exclusive federal court jurisdiction;
- Plaintiff's recovery is reduced by amounts from collateral sources; and
- No joint and several liability for noneconomic damages.
A company may obtain additional protections by simultaneously seeking the second classification of DHS "certification." A certified product, service, or security plan provides a company with:
- A presumption of dismissal pursuant to the government contractor defense;
- Placement on DHS's approved list for Homeland Security Products; and
- A Certificate of Conformance.
What may be equally important to note is that under either designation or certification, the only proper defendant in any civil lawsuit is the seller of the SAFETY Act–approved technology. This, in effect, may legally immunize customers, suppliers, subcontractors, etc., which may provide a potential competitive marketplace advantage.
Recent DHS certifications indicate that not only products, but also security processes and best-practices designed to prevent, detect or deter acts of terrorism have been approved. For example, the NFL Best Practices for Stadium Security is a set of guidelines for stadium security management designed to deter and defend against terrorist attacks at football stadiums. It includes standards for non-game-day operations, game-day operations, threat assessments and emergency plans. This "Qualified Anti-Terrorism Technology" also includes the vetting, hiring and training of personnel used to provide the services.5
Designation and certification remain in effect between five and eight years, but the protections for incidents occurring within those time frames remain without limit.
Courts are likely to evaluate whether a defendant company was "on-notice" of a foreseeable attack, which is a potentially lower standard given today's widespread awareness of the issue. Thus, the steps a company takes to deter and reduce potential harm, such as best-practices, training programs, vetting and threat assessments, may indicate "reasonableness" when they are employed as an overall threat-reduction program.
Seeking and securing designation and/or certification may not only provide companies, directors and officers, and shareholders, with statutory and regulatory protections, but it may also demonstrate reasonableness in response to foreseeable risk.