Crime happens, and statistics show that this trend is on the rise along with the litigation associated with such crimes. For example, based on banking surveys it is estimated that ATM crimes occur at a rate of one per 3.5 million transactions. Although this is seemingly not a high volume of crime, it is likely that this estimate is somewhat understated as not all incidents are reported and the amount of ATM machines (and transactions) is on the rise.1 Additionally, a significant percentage of crimes are armed robberies, which result in physical harm to the victim.

Businesses must take a proactive approach, both in providing adequate security and in educating their customers. The result should be increased safety and reduced litigation.

Because of the variety of businesses, the unique characteristics of each business, and the crime considerations at each location, no single formula can guarantee customer security or eliminate potential litigation resulting from criminal attacks. However, criminals typically select their venue based on environmental conditions that enhance their opportunity to successfully complete the crime. It is necessary to consider the various factors concerning each business that may affect the probability of a criminal attack. Criminals may also focus on targets that appear to be unaware or unprepared for such an attack. Therefore, educating customers may also reduce the probability of a criminal attack.

The Legal Standard in Negligent Security Cases

The plaintiff's burden of proof is to show: (1) the existence of a legal duty owed by the business to conform to a certain standard of care, (2) a breach of that duty, (3) which was the proximate cause of the resulting injury, and (4) actual damages. Kayfetz v. A.M. Best Roofing, Inc., 832 So. 2d 784 (Fla. 3rd DCA 2002). Once an attack evolves into litigation, the legal battle primarily involves two issues: (1) whether the business owed any duty of care to the victim to prevent this criminal attack, and if so, (2) whether the business fulfilled this legal duty by providing adequate security at the site.

A customer is considered a "business invitee." Generally, a property owner/lessee owes a legal duty to such persons to maintain its premises in a "reasonably safe" condition. This extends to taking reasonable actions to reduce, minimize or eliminate foreseeable risks before they manifest themselves. Markowitz v. Helen Homes of Kendall Corp., 826 So. 2d 256 (Fla. 2002). The main focus in deciding whether any legal duty existed relating to a criminal attack is the determination of whether it was "reasonably foreseeable" to the business that criminal activity similar to the subject attack would occur at this location. If the criminal attack was not "reasonably foreseeable," then the business had no legal duty to the victim to provide any security to reduce, minimize or eliminate the "unforeseeable" criminal event (such as a targeted attack as a result of a personal vendetta).

How Courts Determine Whether a Particular Crime Is a Foreseeable Event

The mere fact that thousands of criminal attacks occur nationwide is not sufficient proof that future attacks are foreseeable at a particular business so as to give rise to a legal duty on the part of the business to protect its patrons from such attacks. Popp v. Cash Station, Inc., 613 N.E. 2d 1150 (Ill. App. 1st 1992). Courts have used one of three different tests to determine the foreseeability of criminal acts: (1) specific harm; (2) prior similar incidents; and (3) totality of the circumstances.

Specific Harm Test

The specific harm test is limited to circumstances where the business is aware of the probability of specific harm to the customer. For example, ATMs are unmanned, a bank could never be aware of the specific imminent danger to a specific customer. Therefore, very few courts have applied this test in ATM cases, and it is likely that these few courts will adopt one of the other two tests in the near future.2 However, where apartment complexes are aware of a specific crime and assailant, plaintiffs may argue that such a crime by that very same assailant was foreseeable.

Prior Similar Incidents Test

The prior similar incidents test focuses on the existence of similar criminal attacks at the business prior to the subject incident. In a situation where there is no history of any similar incidents in the geographic area of the business, courts have found that as a matter of law no legal duty exists to prevent an "unforeseeable criminal attack." If there is a history of at least some criminal activity at the business or in the immediate vicinity, courts typically address the following issues: (a) how "similar" do the prior incident and the subject event need to be for consideration; (b) how expansive is the geographic area in which a court will impute constructive knowledge from prior incidents; (c) the frequency and proximity in time of any prior, "similar" acts; and (d) the publicity surrounding the previous crimes. Courts have not been uniform in analysing these issues.3

As for the first issue, "similarity," courts usually require a fairly high degree of similarity in order to find that a business owed a duty to protect against a particular criminal attack. For example, prior incidents of vandalism on the property do not make an armed robbery or murder foreseeable. As a general rule, the prior incident must be sufficiently similar so that it can be said that the business was aware of a history of assaults and robberies in the relevant geographic area determined by the court.

Courts used to require that all prior incidents had to occur at the exact location where the plaintiff was injured before the event could be considered in determining the foreseeability of the subject criminal attack. See Taylor v. Hocker, 428 N.E. 2d 662 (Ill. App. Ct. 1981)(violent attack at an adjacent store was held irrelevant in determining foreseeability of the subject attack which occurred at the defendant's shopping mall. The rationale was simple. It is unfair to impute constructive knowledge to a business for an armed robbery at a convenience store which is located numerous city blocks away from the business' premises. Williams v. Citibank, N.A., 247 A.D. 2d 49 (NY App. Div. 1998) (plaintiff required to show that Citibank had notice of prior criminal activity at the particular ATM facility where plaintiff was attacked.).

However, this traditional approach is being eroded to the point that courts are permitting evidence of criminal activity in the "immediate vicinity" to impute knowledge, and there is little uniformity among the courts in defining the scope of "immediate vicinity." In Florida, at least one court has determined that crimes committed within a 12-block radius of the subject premises may be sufficient to impute knowledge to the owner. Larochell v. Water & Way Limited, 589 So. 2d 976 (Fla. 4th DCA 1993) (reversing trial court's limiting of the relevant geographic area to a 4-block radius). In a similar liability expanding trend, courts have allowed evidence of crimes committed at similar businesses to be considered in the foreseeability inquiry. For instance, in Torres v. U.S. National Bank, 670 P.2d 230 (Or. Ct. App. 1983), the victim was robbed and shot at the defendant's night depository.

The court held that the jury could consider evidence of robberies at other night depositories in the area.

The frequency and recency of prior similar incidents usually requires at least several incidents in the fairly recent past in order for "foreseeability" to be met. Courts have held that knowledge of two prior armed robberies at the same business was insufficient to determine that the armed robbery of the plaintiff while at the business was foreseeable even though one of the prior robberies occurred only nine days earlier. Williams v. First Alabama Bank, 545 So. 2d 26 (Ala. 1989). Similarly, a New York court held that two similar robberies within two years did not make the subject robbery at the business foreseeable. Golombek v. Marine Midland Bank, 598 N.Y.S. 2d 891 (N.Y. App. Div. 1993). A Colorado court determined that 10 armed robberies at a particular Taco Bell restaurant in the three years prior to the disputed incident was sufficient to establish foreseeability by the defendant. Taco Bell v. Lannon, 744 P. 2d 43 (Colo. 1987).4

In summary, a court's application of the "prior similar incidents test" to determine foreseeability of criminal activity at a business for purposes of assessing whether a legal duty was owed to the victim by the business is on a case-by-case basis. Trial courts have discretionary power in this decision, and appellate courts have not yet established any set formula to be applied for predicting the outcome unless the history of criminal activity is either extensive or practically non-existent.

Totality of the Circumstances Test

This test further expands the definition of "foreseeability" of a criminal event. In jurisdictions that apply this test, courts look beyond previous similar criminal activity in determining whether the subject incident was foreseeable to the business. The plaintiff may be allowed to present evidence of: (a) level of crime in the neighborhood; (b) criminal activity at other locations; (c) adequacy of lighting at the business; (d) maintenance of the landscaping near the business; (e) use of surveillance cameras and mirrors; (f) location of the business on the property; (g) visibility and openness of the area; and (h) posted security personnel. Therefore, a business location which never experienced any criminal activity in the past may not be "litigation safe" when the first attack occurs.5 This broad approach nearly rises to the level of strict liability in certain instances.6 It also masks the difference between first determining whether a legal duty exists before evaluating the adequacy of the security measures.

The "totality" test was first applied in California. Other states have also recognized this approach, but not on a consistent basis.7

Collecting the Relevant Evidence

Upon first learning of an incident, steps should be taken to collect the relevant evidence. The following discusses what evidence may exist and the reasons it may be important.

The crime history of a location may indicate that certain assault/robbery crimes are foreseeable by the mere fact that they occurred previously, frequently, and within a relevant time period.

Police departments typically keep computerized records known as crime grids from which printouts can be generated that classify crime records by date, location, crime type, and case number. The classifications are relied upon by plaintiffs' counsel, but are usually too general to determine whether an event is sufficiently similar to a specific attack. A copy of the actual police reports can be obtained and will usually provide more detailed information of each offense (i.e., victim, witnesses, police officers, facts of the crime, etc.) to enable the business' attorney to make a determination as to whether the crime is similar in nature to the subject attack.

The initial report and all supplementary reports of the police investigation into an attack may also provide crucial information, such as, witnesses, written statements, narratives regarding the plaintiff's account of the attack, and photographs of the scene immediately after the attack. In many instances, the assailant is never apprehended by the police, and the only witness to the attack is the plaintiff. As such, the plaintiff's account of the attack to the investigating officer immediately after the event may provide additional information which may not otherwise be discovered.8

Not all crime is preventable. If the perpetrator is identified, his prior criminal record can be obtained through the Autotrack" database. If the perpetrator has a significant criminal history, it is reasonable to assert that regardless of the business' precautions, this criminal would have tried and been able to commit this crime, particularly if the victim had been stalked for some period of time. If the criminal case is resolved, the assailant may be able to provide information regarding the event without the concern of self-incrimination. Additionally, if the plaintiff did not act reasonably with regard to his own safety, a basis for comparative fault may be established. Some local police will provide area businesses, upon request, a crime safety study or perform a "stake-out" of a business' parking lot if there is a recent increased trend of a specific type of crime – e.g., automobile burglary. A study performed prior to an incident may provide useful information.

A business' own documents may establish the frequency and type of crimes that have occurred at a particular location. The business' security department should have incident reports depicting prior incidents at the particular location. As there is some legal support for expanding the definition of "foreseeability" in negligent security cases there is a risk that incidents at other locations of the business may be deemed admissible evidence. Therefore, reports that track/trace criminal incidents by type (i.e., robbery/assault) may need to be reviewed and analyzed.

Some businesses employ professional management companies and security companies that also maintain incident reports, and in the case of a security company, additional documents such as daily activity reports, post orders and schedules, and procedures for the guards at the business location. In addition, the basis for business decisions as to when and where to hire and post security guards may also be important.

The business should maintain documents depicting the location and types of lighting fixtures used at a particular location, along with lighting surveys which test lighting sufficiency. Records usually exist identifying the security hardware (i.e., surveillance cameras and mirrors) used at the business. The number and positioning of surveillance cameras, or lack thereof, may also affect the foreseeability/ adequacy analysis.

Criminals typically select targets based on the opportunity to complete the crime without getting caught. The business should have site plans/architectural designs of the remodelling or construction of the particular business location. These plans should show the positioning of the business on the property for purposes of evaluating the visibility and openness of the business. Photographs of the business will also be a valuable source of information in this regard. Photographs should be taken immediately after the incident for documentation purposes before any changes or modifications are made at the business.

After all of the above-mentioned documents and data have been compiled and reviewed, the legal issue of "foreseeability" of the criminal attack (and therefore the existence/non-existence of a legal duty imputed on the business) can be reasonably evaluated. Although this analysis will be on a case-by-case basis, in a situation where there have been no previous criminal attacks at a business located in a "low crime" neighborhood, the court may be convinced to enter a summary judgment in the business' favor based on the unforeseeability of the criminal attack.

How Juries Determine Whether the Security Measures Were Adequate

If the particular crime is determined to have been foreseeable and therefore a legal duty exists, the next inquiry is the determination of whether the security measures in place at the time of the criminal attack were adequate.

Jurors recognize that not all crime is preventable, but they will want to be assured that the business acted reasonably and responsibly in connection with providing safety and security for its customers. Keep in mind that nearly every juror could also be a customer and invitee of many types of businesses.

Numerous factors impact or influence the jury's decision on whether or not the business provided adequate security measures.

There are likely federal statutes or regulations that directly apply to security as it relates to patron safety. California has the most comprehensive state legislation regarding ATM security standards. It requires banks to: (1) evaluate the safety of all ATM locations, including the landscaping and other obstructions, the access and parking areas, and incidents of ATM crimes;

(2) comply with minimum lighting standards; and (3) and provide ATM users with basic safety tips when using ATMs.9

Most states have adopted standards relating to lighting and landscaping maintenance at and around the ATM area. In Florida, for instance, a bank is required to maintain a minimum of 10 candlefoot (FC) power at the face of the ATM and extending five feet outward in an unobstructed direction. Additionally, the lighting must provide a minimum of two FC power within 50 feet in all unobstructed directions from the face of the ATM. Florida law also requires that surrounding shrubbery is maintained at a height of three feet or less. See Fla.Stat. § 655.962.

A business' compliance or non-compliance with statutory requirements is admissible in evidence and may result in shifting the burden of proof. In addition, for night incidents, the level of lighting can be reproduced for the jury by sophisticated photography that reproduces the actual lighting conditions that existed at the time of the incident.

Documents relating to the applicable lighting and landscaping requirements, such as site plans/architectural designs, maintenance work orders, site inspection reports, lighting surveys, general maintenance records, list of subcontractors, and incident reports should be collected.

The site plans and architectural design not only depict the placement of the lighting fixtures and landscaping, but also show the overall layout of the business. A business that is improperly located (based on security and safety literature) will be open to criticism by the plaintiff's security expert. Research has found that most predatory criminals are rational decision-makers when considering whether and where to commit a crime. A business can become a target if the criminal determines that nightly, cash businesses such as restaurants have a routine practice of using a certain night deposit box at a set time (i.e., at the close of business).

Concealment issues arise when landscaping and shrubbery is not maintained as required by most statutory schemes. A business obstructed by concrete walls or building recesses associated with walkways leading to the business' entrance or other blind spots may provide hiding places for attackers. Criminals are more likely to choose a business which they believe gives them the best opportunity to commit the attack without being viewed by third parties who may either assist in thwarting the attack or identify them later to police investigators.10

In summary, the evaluation of whether a business provided adequate security will involve issues of location on the property, lighting, landscaping, viewability, deterrence equipment and customer safety tips.

A comparison of the business' security measures to others in the area also forces the plaintiff's expert to either criticize every other business or to acknowledge that certain features of the business make it safer and set the standard in the industry. It is much harder for an opposing expert to take on an entire industry than to pick on one location in a vacuum.

In summary, showing a jury that the business was thoughtful in its decision making, that the business complied with all regulations, that it met or even exceeded the industry standard for that type of business, that it considered industry and safety literature and a visual presentation depicting the actual scene, even if it requires reproducing night-time conditions will all be factors which increase the chances of success at trial.

Documents Necessary for the Defense

The following is a list of documents and other evidence which should be gathered following a criminal incident:

  1. The Business
    1. Corporate policies and procedures manual
    2. Corporate security manual
    3. All training manuals relating to security
    4. Landlord/Tenant lease agreement
    5. Property management agreement
    6. All maintenance records, work orders, and lighting surveys
    7. Photographs of the property
    8. Site inspection reports
    9. Site plans/architectural designs
    10. All security incident reports
    11. List of employees for subject business (at time of incident)
    12. All contracts with outside security companies
    13. Documents shedding light on decisions on whether and where to provide security guards
    14. Description of security hardware
    15. Surveillance videotapes and logs
    16. Maintenance records
    17. Internal security inspections or surveys
    18. Security related complaints from customers or employees
    19. Safety tips or warnings to customers
    20. Crime studies or security plans generated by outside security consultants
    21. Records of other users of the same business to find out about their perceptions of safety.
  1. Local Law Enforcement
    1. Crime grids
    2. Criminal incident reports
    3. Police investigation report, complete with written statements from witnesses, photographs, etc.
    4. Crime studies performed in the area
  1. Property Management Company
    1. Maintenance records
    2. Contracts with subcontractors
    3. Work orders
    4. Site inspections
  1. Security Company
    1. List of guards
    2. Incident report
    3. Daily activity reports
    4. Post orders and schedules
    5. Guard policies and procedures
    6. Communications with the business
  1. Other
    1. Safety and security literature
    2. Business association crime prevention literature
    3. Plaintiff's expert's publications
    4. Industry standard publications on security recommendations for that type of business.
    5. Competitor business policies and procedures

Duty to Warn

In many cases, victims are making an argument that the business did not provide adequate notice of prior criminal activity or proper safety precautions. This duty to warn theory requires a finding that the business' knowledge of the danger is superior to that of the customer. Portal v. Asencio, 824 So. 2d 1041 (Fla. 3rd DCA 2002).

The goal is to educate customers on the risk of criminal attacks at the business and provide them with reasonable steps to avoid such a confrontation. The task of effectively communicating common sense warnings to customers should be the subject of further discussion. Knowledge of these common sense tips is also relevant in questioning potential jurors, the victim, and plaintiff's security expert.

General Defense Strategies

The following is a list of several general defense strategies:

  1. All crimes cannot be prevented, and random criminal attacks are no exception. Neither are targeted criminal attacks by a determined, nondeterrable assailant.
  2. The business complied with all statutes, regulations, and ordinances concerning business safety. Basically, the business was playing by the rules.
  3. The business complied with and even exceeded the security standards in the industry.
  4. The plaintiff was aware of the risks and acted unreasonably, e.g., got into an altercation with the assailant.
  5. Others had responsibilities to provide adequate security measures (e.g., mall owner, maintenance company, security company).

Conclusion

This primer addresses some of the legal and factual issues that arise during the course of a security case. Although our analysis is primarily focused on defending a pending lawsuit, it also provides ideas for security policies and procedures to aid in reducing the probability of a criminal attack at a business and avoiding exposure to future litigation. Because this primer is not intended to be an "all-inclusive" work, we welcome all suggestions, additions, and ideas.

Defending Negligent Security Cases In Florida

Footnotes

1 It has been estimated that in reality tens of thousands of ATM-related crimes occur across the US annually.

2 Courts in Tennessee and Michigan have applied this test by rationalizing that sudden intentional criminal acts of unidentified assailants, which could not have been prevented or deterred by the exercise of reasonable care by the business, was the sole proximate cause of harm to the plaintiff. Page v. American Nat'l Bank and Trust Co., 850 S.W. 2d 133 (Tenn. Ct. App. 1991); Fuga v. Commercial Bank of Detroit, 509 N.W. 2d 778 (Mich. Ct. App. 1993) (court declined to hold that a business had a duty to protect a customer from a third party criminal act.)

3 For example, if the court determines that the "geographic" factor is limited to the subject business and there was no previous criminal activity of any type at the subject business, then the "frequency and proximity in time" factor is not important. However, if the court decides that the "geographic" factor is a 10-city-block radius, then the likelihood that there was previous, similar criminal activity within the relevant time period is substantially increased – thus increasing the business' liability exposure.

4 See Butler v. Acme Markets, Inc., 445 A.2d 1141 (N.J. 1982)(evidence of seven muggings in the past year at the subject store was sufficient to establish foreseeability); Foster v. Winston-Salem Joint Venture, 281 S.E.2d 36 (N.C. 1981)(twenty-nine criminal incidents in mall parking lot in year prior to assault was sufficient to establish this duty element.); Daily v. Kmart Corp., 458 N.E.2d 471 (Ohio 1981)(allegations of 49 incidents of serious crime at subject store was sufficient to present issue of breach of duty to jury).

5 Whereas, under the previous two tests, the court would presumably determine that the business did not owe any legal duty to the victim as this sudden, criminal attack was legally unforeseeable to the business – thus no liability.

6 In California, the court found that a restaurant patron who was assaulted in the well-lit, chain link fence enclosed parking lot located in a low-crime area where there had been no criminal activity on the premises for over six years prior to the attack was a "foreseeable" event (applying the "totality of the circumstances test"). Onciano v. Golden Palace Restaurant, 219 Cal.App. 3d 385 (Cal.App. 2 Dist. 1990).

7 Other states that have used other relevant factors and circumstances in evaluating whether a criminal attack was foreseeable include: Colorado, Florida, Hawaii, Idaho, Illinois, Iowa, Louisiana, Minnesota, Missouri, Ohio, South Dakota, Texas, Utah, and Wisconsin.

8 A victim's account of the robbery to the police officer immediately after the attack may provide information such as the victim's lack of care in noticing his surrounding or failure to comply with the attacker's demand for the money, thereby resulting in a struggle and bodily injuries.

9 Other states have passed similar statutes – Oregon and Washington.

10 In cases where a business inherits a location (e.g., through a corporate merger), corrective measures should be implemented.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.