Controlling Liability Risks pt. 2

Controlling Law Firm Risks

Controlling liability risks for your law firm is vital to ensure you avoid unnecessary claims and litigation. You may find extensive and specific information on reducing liability risk exposures from your insurance company, trade association, and the Internet for almost any type of venture. Briefly discussed here are some areas of concern that apply to many types of business. They include:
  • Slip and Fall Accidents
  • Employment Practices Liability
  • Hiring Practices and Liability Avoidance
Slip and Fall Accidents – These are one of the most common liability risks. Thousands of people are injured every year—some very seriously—in slip and fall accidents on business premises.
Employee training is critical to controlling liability risks. All employees who are likely to be around third parties on your premises should be trained about what to do should someone suffer a fall. Medical care should be quickly provided to the injured person, even if that means calling an ambulance. People who feel they were treated callously or indifferently are more likely to sue.
Elimination of slip and fall hazards should be a periodic scheduled activity. It may be helpful to use a checklist for this. Considerations for indoor areas include:
  • Lighting:  All areas should be adequately lighted, including hallways and stairs.
  • Exits:  Exits should be well marked, well lighted, and clear of obstacles.
  • Stairs:  Handrails, steps, and landings should be in good condition. Stair treads should be constructed of uniform height and width.
  • Housekeeping:  General housekeeping should be maintained, and storage areas kept neat.
  • Carpeting:  Carpeting should be tight and smooth.
  • Floors:  Any changes in floor level should be clearly marked.
  • Doormats:  Doormats should be flat, slip-resistant, cleaned, and checked regularly in bad weather.
  • Spills:  There should be an effective procedure to ensure that all spills are immediately cleaned up.
Considerations for outdoor areas include:
  • Walkways:  Walkways should be kept in good condition.
  • Lighting:  Lighting should be adequate.
  • Parking lot:  Potholes, cracks, or uneven areas should be repaired.
  • Ice and snow:  There should be an effective procedure for assuring ice and snow are removed.
If there are treacherous areas—such as an uneven area of the sidewalk or a ripped carpet—consider marking them as such, using signs to warn people away, and putting up barriers around them.
Employment Practices Liability – Federal law restricts employment decisions based on race and national origin, religion and creed, gender, age, and disability. The restrictions on race, religion, gender, and disability apply to businesses with 15 or more employees. The restrictions on age apply to businesses with 20 or more employees. An employee who feels discriminated against might sue to make such charges as extreme emotional distress or wrongful termination. It is not a defense in such cases to say you didn’t know your actions were unlawful.
Larger employers typically provide formal training to management and employees on compliance with civil rights laws. As a smaller organization, you may feel you cannot afford such programs’ time or money. There are many lower-cost ways of carrying out this training. For one, the Equal Employment Opportunity Commission (EEOC) has low-cost materials just for small businesses.
Hiring Practices and Liability Avoidance – Immature, careless, and irresponsible people are much more likely to engage in risky behaviors—from reckless driving to sexual harassment, cutting corners on safety rules, and stealing from their employers. Similarly, people who have drug and alcohol addictions are liable to present a variety of workplace dangers. The first step in cutting down on your liability exposure is to be as careful and thorough as possible about whom you hire. Failure to use a reasonable screening process for new hires could even expose you to negligent hiring liability.
Clear job descriptions and workplace rules, disseminated to all employees, and applied consistently and without favoritism, can be a tremendous help in minimizing the risk of unacceptable behavior.
Risk Management for Information Technology: The greater the role that computers, the Internet, and e-commerce play in your business, the more exposure you have to property and liability risks involving information technology.
The digitally stored information is subject to many of the same risks as any other property (fire, flood, tornado, etc.) as well as special risks (computer viruses, malicious hackers, etc.). To prevent the loss of your accounts receivables, customer orders, client records, or other such data, you should regularly back up the data and store the backup copies in a separate, secure location. Prevent data loss or corruption by viruses and hackers by keeping up-to-date antivirus software and firewalls on all your business computers.
If you rely on a Web site, either you or your Web site host should back up all critical material at least daily. To assure your Web site doesn’t go down, a real-time “mirror image” of all your site data should be maintained so that it can be transferred immediately if the original site crashes for any reason.
Digital technology also presents liability risks. You could be sued if a breach of your security and sensitive information about others is exposed or stolen. Make sure you use reputable vendors. You could face a lawsuit claiming that your Web site uses another’s copyrighted material or slanders someone. Some measures that could help control these risks include:
  • Using a “security seal” from a reputable security certification organization to encrypt data
  • Posting a formal privacy policy
  • Having your legal counsel approve your Web site content and your privacy statement

Controlling Liability

Controlling liability risks.
Controlling liability risks can be tremendously important for a law firm. A person cannot prevail in a liability lawsuit against your law firm unless he or she can convince the judge, jury, or another adjudicator that you breached your legal duty to that person. Examples of such duties include:
  • Making a reasonable effort to maintain a safe environment for the public
  • Refraining from slander
  • Warning about an unsafe condition or product
In general, to reduce liability risks, you must behave lawfully and with demonstrable responsibility for third parties’ welfare—a group that includes partners, employees, customers, and the general public. You must also implement appropriate risk management policies and procedures to ensure your law firm can avoid unnecessary claims and litigation.

Who is responsible?

If you can prove that you took your responsibility seriously and made reasonable efforts to prevent harm to others, you are much less likely to be found liable. Evidence can be in a variety of forms, depending on the nature of the liability risk. A few examples are:
  • Copies of communications with your customers or employees about safety and risk
  • Records of your efforts to verify that someone you hired was not a risk to others
  • Testimony that you provided warning signs or other warning signals regarding a hazardous condition on your property
  • Evidence from other professionals in your field that the decisions you made and the actions you took were consistent with acceptable professional standards
  • Records that knowledgeable technicians regularly serviced your equipment
Notice that in most of these examples, some form of written record is involved. Documenting your efforts to behave lawfully can be vital to proving that you are not liable. We recommend including processes for storing and retaining these written records.
In part 2, we’ll discuss some of the biggest internal liability risks and how to avoid them.

Frivolous Lawsuit Leads to Serious Damages

Many attorneys will encounter a lawsuit they believe to be potentially frivolous at one point or another. These claims often lead to frustration for the defense attorney and Client, who may face two complex alternatives: (a) settle the case to avoid defense costs or (b) expend time and money in defending a meritless claim. A recent case out of Pennsylvania may give some hope to those forced to defend weak claims and might give pause to anyone considering such a suit in the future.

A jury in Philadelphia County recently awarded approximately $2.3 million in damages in a frivolous litigation matter. Plaintiff alleged that the defendant’s attorney and law firm commenced and pursued a frivolous claim designed to extort money. Defendant Attorney represented Client in a bitter amongst Client’s family over nearly $1 million in stocks. Client, through Defendant Attorney, alleged that Client’s aunt was mentally incompetent and that Client’s brother-in-law (“Plaintiff”) was unduly influencing the aunt to take advantage of the stock windfall. That suit was dismissed with prejudice in 2013.

Subsequently, the brother-in-law (an attorney) filed a claim against the defendant’s attorney, alleging that the undue influence suit was commenced to pressure the family into a financial settlement by threatening his reputation within the legal community. The jury agreed with Plaintiff’s allegations and awarded approximately $2.3 million in damages, roughly $1.9 million attributed to Defendant Firm.

Though the threat or implication of a potential lawsuit is a widespread and predictable settlement and negotiation tactic, following through with such a lawsuit where the claim itself is not solvent creates the instant potential for retribution by way of a counter-suit based upon frivolity or vexatious litigation. Instances such as this serve as yet another reminder that those in the legal profession need to take care and exercise only the best and most prudent judgment when accepting and pursuing cases on behalf of clients, lest the potential for recovery becomes a potential for loss.

Crime Insurance – Money & Securities Coverage

Crime Insurance - Money

Even though law firms aren’t a very cash-heavy business, that doesn’t mean they don’t have some on the premises.  Surprisingly, cash is one of the items listed as “property not covered” on the standard property policy.  Not to worry, though, there is actually a specialty policy that will cover cash, but it is on a different policy than your property.  The proper way to cover cash is actually on a Crime Insurance Policy.

A Crime Insurance Policy is specifically designed for various types of claims excluded from the standard property policy, including money and securities, and computer fraud, to name a few.

What is considered money on an insurance policy? On a Crime Policy, money is defined as currency, coins, banknotes, travelers’ checks, register checks, and money orders held for sale to the public.

What types of scenarios are covered? The Crime Policy covers the following types of losses to money and securities:

  • Robbery
  • Burglary
  • Theft
  • Disappearance
  • Destruction

What are the standard limits for crime insurance?

A standard crime policy will have two limits: “On-premises Coverage” and another for “Off-premises Coverage.” The limits can be any amount you choose, but we will typically see a $10,000 limit for “On-premises Coverage” and a $2,500 limit for “Off-premises Coverage.”

Are there any major exclusions on a crime insurance policy?

Although coverage is comprehensive, there are some key exclusions contained in the coverage form to be aware of:

  • Employee theft is excluded.  A separate employee dishonesty coverage form needs to be purchased to cover the theft of money by employees.
  • Accounting or arithmetical errors or omissions as the sole evidence of loss are excluded.
  • Voluntary parting of property is excluded.
  • Unauthorized transfer or surrender of money is excluded.  This can be covered to some degree by computer fraud coverage.
  • For money off-premises to be covered, it needs to have your employee.

How much does this type of coverage cost?

Depending upon the type of policy you have and the limits required, coverage is typically very cheap, usually starting around $250 to $500 per year.  However, in some policies, insurance companies add it for no additional cost.


Premises medical liability coverage protects law firms.

Premises Medical Liability Insurance Coverage

Should your law firm have a physical location, you may be at risk for customers sustaining injuries on your property. Premises liability insurance coverage is designed to address such injuries. Typically, customers who may bring lawsuits against you and your firm for injuries on your premises may accuse you of having unreasonably dangerous conditions on your property.

Scenarios that may result in such lawsuits include spilled liquids on floors, an unmarked step or curb, a crack or hole in a floor or sidewalk, or inadequate lighting. These conditions may cause customers to slip or trip and fall. Premises liability insurance provides financial protection for these types of scenarios.

Generally, premises liability insurance provides coverage for hospital and physician visits, surgeries, other medical bills, physical disfigurement, inability to work, and pain and suffering of an individual who sustained injuries on your business property. It does not cover damage to your equipment or building, which would fall under your business property insurance policy. You may want to talk with your agent to get a clear understanding of how premises liability insurance works so that you may determine how much you need for your law firm.

Workstation ergonomics help prevent workplace injuries.

Basic Workstation Ergonomics

Overuse injuries are one of the most significant risks law firms face regarding worker’s compensation injuries. The following is a list of basic ergonomic tips to avoid overuse injuries:


Place the keyboard in a position that allows the forearms to be close to the horizontal and the wrists straight. That is, with the hand in line with the forearm. If this causes the elbows to be held far out from the side of the body, then re-check the work surface height.

Some people prefer to have their wrists supported on a wrist rest or the desk. Be careful not to extend or bend the wrist in an up position.


Adjust the seat tilt to be comfortable when you are working on the keyboard. Usually, this will be close to horizontal, but some prefer the seat tilted slightly forward.

Your knees should be bent at a comfortable angle and greater than 90º flexion. If this places an uncomfortable strain on the leg muscles, or if the feet do not reach the floor, then a footrest should be used. The footrest height must allow your knees to be bent at 90º; the footrest height may need to be adjustable.

Adjust the backrest to support the lower back when you are sitting upright. A range of chairs is available.


Avoid cradling the phone between your head and shoulder when answering calls. If you need to use your computer simultaneously, use a headset or the phone’s hands-free/speaker-phone capabilities if the environment is suitable.


Set the eye-to-screen distance at the distance that permits you to focus most efficiently on the screen. Usually, this will be within arm’s length.

Set the monitor’s height so that the top of the screen is below eye level and the bottom of the screen can be read without a marked inclination of the head. Usually, this means that the center of the screen will need to be near shoulder height. Your eyes should be level with the toolbar.

People who wear bifocal or multi-focal lenses will need to get a balance between where they see out of their lenses and avoid too much neck flexing. The height of the monitor can be adjusted using a monitor riser.

Document holder

Place the document holder close to the monitor screen in the position that causes the least twisting or inclination of the head.


Adjust the height of the work surface and the chair’s height so that the work surface allows your elbows to be bent at 90º, forearms parallel with the floor, wrist straight, and shoulders relaxed.

Place all controls and task materials within the comfortable reach of both hands so that there is no unnecessary twisting of any part of the body. Most people prefer the document holder between the keyboard and the monitor, and there are many different types of document holders available.

Cyber Security Best Practices

Law firms are the same as any other company in countering cyber attacks and protecting their confidential and proprietary data. The only difference is that law firms have ethical rules that require confidentiality of attorney-client and work product data. That does not make them unique, however, because accounting firms, engineers, and medical providers also have privileged data.

Some essential activities must be undertaken to establish a security program, no matter which best practice a firm decides to follow. Technical staff will manage most of these activities, but firm partners and staff must provide critical input. Firm management must define security roles and responsibilities, develop top-level policies and exercise oversight. This means reviewing findings from necessary activities, receiving regular reports on intrusions, system usage, compliance with policies and procedures, and reviewing the security plans and budget.

  • Set the “tone from the top” and issue high-level policies regarding the privacy and security of firm data. This includes encryption, remote access, mobile devices, thumb drives, laptops, Wi-Fi “hotspots,” clouds, Web email accounts, and social networking sites.
  • Inventory the firm’s software systems and data, assigning ownership and risk categorizing. Client data may need to be organized; not all clients are equal. Extremely sensitive matters have the highest risk and could cause the most significant magnitude of harm if breached. Firms may want to keep this data on a separate server with stronger security protections and access controls.
  • Conduct third-party vulnerability scans, penetration tests, and malware scans. Antivirus software is essential, but it detects only a small percentage of new malware. Specialized services that see sophisticated attacks may be required.
  • Deploy needed security technologies for encryption, intrusion prevention, detection, monitoring, security event management, etc.
  • Identify and document security controls.
  • Develop security policies and procedures to support the security plan and technologies.
  • Develop contractual security requirements for outsourcing vendors, cloud providers, or other entities that connect to the firm’s network, including notification in the event of a breach.
  • Conduct regular reviews of the security program and update as necessary.

Like any other business, law firms are subject to breach notification laws, and many have pre-breach security program requirements. A firm will be in a far superior position with its clients, its state bar, and any regulators that may become involved if it can show that (1) its security program is aligned with best practices, (2) its management is engaged, (3) it is complying with its policies and procedures, and (4) tools are deployed to detect malware and criminal behavior.


Having a well-rehearsed incident response plan is critical. It must specify who will be notified, within what time frame, what documentation must be kept, who is designated to speak about the incident, and who has the authority to make certain decisions about the investigation. Serious incidents require specialized assistance from cyber forensic experts and careful documentation to preserve evidence. Even if the event did not trigger a breach of law, a law firm’s decision to cover up an incident could be a dangerous strategy.


New commentary to Rule 1.1 of the Model Rules of Professional Conduct requires attorneys to “keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology.” Model Rule 1.6(c), on the confidentiality of client communications, acknowledges that disclosures can happen by providing: (c) A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.

Commentary on the Rule notes that [18] Paragraph (c) requires a lawyer to act competently to safeguard information relating to the representation of a client against unauthorized access by third parties and inadvertent or unauthorized disclosure.

Thus, Rules 1.1 and 1.6 may allow a law firm to avoid an ethics violation stemming from a breach if it has acted competently (e.g., having a strong security program) to protect its client data from disclosure.

Accordingly, a strong security program may help shield a firm from an ethics violation caused by not appropriately protecting client data, and it may help them beat a negligence charge. Still, it does not impact the Rule’s requirement to inform clients of security incidents. A good security program does, however, reduce the likelihood that such a painful conversation will have to take place. Altogether, it is clear that an up-to-date security program is the best defense that a law firm can have. Whether large or small, taking measures to establish a strong security posture is not only the right thing to do, it’s the ethical thing to do. It may help save the firm cases, clients, and reputation.

How are commercial insurance property rates determined?

Understanding Commercial Insurance Property Rates

Insurance companies use underwriting to determine how likely your business is to file a claim. The greater the likelihood of a claim, the higher the premium. If an insurance company determines that your business is at increased risk for a loss, it may decline to issue you a policy.

Fire risk is usually the primary factor determining a business’s commercial property rates—state-licensed fire inspectors contract with insurance companies to perform inspections as part of the underwriting process. Inspectors use a standard rating system and weigh five factors in determining a structure’s fire rating. The five factors for determining commercial insurance property rates are:

  • Construction materials. Buildings made of potentially explosive materials will have higher premiums, while those made of fire-resistant materials could earn a discount. Additions to an existing structure might negatively affect a fire rating, so it’s good to talk to your agent or insurance company before remodeling. Internal structural elements can also affect a fire rating. Using wood partitions, floors, and stairways in an otherwise fire-resistant building will likely nullify any rate reduction. Fire-resistant interior walls, floors, and doors can help maintain a good fire rating.
  • Location. Buildings in cities or towns with good fire protection typically cost less to insure than buildings outside a city where fire protection may be limited.
  • Occupancy. A building’s use also affects its fire rating, and an office building will likely rate better than a restaurant or auto repair shop. In a building with multiple tenants, one hazardous occupant will negatively affect the fire rating of the entire building. If your business is in a building with a more hazardous company, your premiums will be higher.
  • Fire protection measures. Automatic sprinklers can reduce a building’s fire rating by 50 percent. Buildings with fire extinguishers, automatic alarms, and those within 500 feet of a standard fire hydrant will usually have lower ratings.
  • Exposure. Nearby hazards increase a building’s fire risk, and proximity to external fire hazards, such as a lumberyard or oil storage tank, will affect a fire rating. Internal exposure risks might include cluttered buildings and grounds, heavy mechanical or electrical equipment, or on-site storage of volatile materials.

Additional insured may be required by a contract for your firm.

What is an additional insured?

We are often asked what an additional insured is and why it is required on some law firm insurance policies. Hopefully, the following definition will provide some insight:

A person or organization is not automatically included as an insured under an insurance policy that is incorporated or added as an insured under the policy at the request of the named insured.

A named insured’s impetus for providing additional insured status to others may be a desire to protect the other party because of a close relationship with that party (e.g., wanting to preserve firm volunteers performing services for the company or to comply with a contractual agreement requiring the named insured to do so (e.g., project owners, customers, or owners of the property leased by the named insured).

In liability insurance, additional insured status is commonly used in conjunction with an indemnity agreement between the insured (the Indemnitor) and the party requesting the status (the indemnitee). Having the rights of an insured under its indemnitor’s commercial general liability (CGL) policy is viewed by most indemnitees to back up the promise of indemnification.

If the indemnity agreement proves unenforceable, the indemnitee may still be able to obtain coverage for its liability by making a claim directly as an additional insured under the indemnitor’s CGL policy.

In property insurance, this status is most often used in conjunction with a premises lease agreement between the named insured as the lessee and the owner of the leased building, in which the insured tenant is required to purchase insurance on the leased building and name the building owner as an additional insured on the insurance policy concerning the leased building.

Law firms should consider umbrella insurance.

Why your firm should consider umbrella insurance.

Umbrella insurance provides liability coverage over and above the coverage afforded by your basic general liability policy. If you have also purchased commercial auto liability or employer’s liability coverage, your umbrella should also apply excess of that coverage. To understand how an umbrella works try thinking of it as a building. Your basic (primary) policies are the building floor, and the umbrella is a roof with overhangs. The height of the building represents the umbrella policy limits, and the overhangs represent coverage afforded by the umbrella not covered by the basic policies. An umbrella protects your firm against potentially devastating lawsuits. Here are some things to consider before purchasing a policy:


The limits your firm needs largely depend on the nature of your business. For instance, roofers and pharmaceutical manufacturers are subject to catastrophic losses, and thus, they are likely to need higher umbrella limits than retail stores.


The umbrella should provide coverages not afforded by your basic liability policy. The coverages your company needs depend on the type of business you operate. For example, if your company engages in print or online advertising, you might want an umbrella that affords broader coverage for personal and advertising injury than your basic policy. Some umbrellas cover humiliation or discrimination unrelated to employment as part of advertising injury.


The amount and scope of coverage an umbrella can vary widely from one insurer to the other. Thus, it is essential to shop around and compare policies. An excellent place to start is to obtain an umbrella quote from the insurer that issued your basic policy.


There are a few things to keep in mind when shopping for an umbrella. First, many umbrella insurers have replaced the old “legalese” with simplified language like that found in most primary policies, making umbrellas easier to read. However, some umbrellas are so similar to the basic policy that they do not provide much broader coverage.

A second thing to consider is that an umbrella policy may contain exclusions not found in your basic policies. Alternatively, an umbrella may contain the same type of exclusion as your primary policy, but the exclusion in the umbrella may be broader. For example, the pollution exclusion in your basic liability policy may retain some pollution coverage while the exclusion in the umbrella retains no coverage at all.

Thirdly, some umbrellas contain self-insured retention or “SIR.” It represents the amount your firm will pay out of pocket for each occurrence covered by the umbrella but not the basic policy.

Policy Period

Finally, when buying an umbrella, make sure it begins and ends on the exact dates as your basic policies. Policy dates are essential because many umbrellas limit coverage to damages resulting from injuries or damage occurring during the policy period of the umbrella.