Duty of Care in Action

Written by Søren Bisgaard Vase, Head of Analysis

Let’s be honest: there are very few casual readers of these articles. Most of you have a vested interest in duty of care somehow, either through your profession or studies. Moreover, I suspect that most readers are from the Nordic countries. By extension, most of you will be familiar with the most high-profile case we have had in our part of the world, Dennis vs. Norwegian Refugee Council from 2015. We have mentioned it several times already in the previous articles. So why spend more time and effort on it? Well, because we use it all the time, perhaps we should stop a moment and remember what the case was actually all about. It may surprise some readers, for example, how little actual information, the case provides about the content of duty of care. And then again, there could be a few of you out there asking yourselves: “What is he talking about?”

Full disclosure: the following has been taken from my own master’s thesis, in which I was probably making an argument in favour of the employer. Not NRC in the specific case, but employers more generally, who have very little guidance in how they should behave to live up to their duty of care. The idea to this whole series of articles actually came out of this knowledge gap. I found it interesting that the court ruling in the most talked-about duty of care case in Scandinavia did not contain any forward-looking points for the worried employer, who just want to be compliant. Unfortunately, mere compliance doesn’t really exist when it comes to duty of care. But first, let’s take a look at what happened. I have based the case study on the court ruling from Oslo District Court and a review of the case by Kemp & Merkelbach from the European Interagency Security Forum (EISF). Some details have been taken from various news articles.

Due to a sudden influx of Somalian refugees to Kenya, the NRC decided in 2012 that the secretary general should visit the Dadaab area, where several camps were placed, to garner attention to a growing humanitarian catastrophe. The VIP was travelling in a three-car convoy towards the camp when armed men opened fire on the cars, killing one of the drivers. Steve Dennis was shot through the thigh and abducted together with three other hostages. Four days later, the group was rescued by a pro-government militia. After the incident, Dennis has been diagnosed with post-traumatic stress, and his leg has never fully recovered. Upon returning, Dennis was given insurance payments as well as his normal salary from NRC during the rest of 2012, where he was on sick leave. In February 2015, Dennis brought three claims to the Oslo District Court. The first claim related to the Compensation Act and was concerned with NRC’s liability for Dennis’ economic losses after the ordeal. The central question here was whether NRC were guilty of negligence by failing to act on a foreseeable risk and implement the necessary measures to control the risk of injury. Finally, there should be a direct line of causation between the incident and the economic loss. The second claim was also under the Compensation Act, but concerned the pain and suffering sustained by Dennis. Here, the plaintiff must prove that the defendant acted with intent or ‘gross negligence’, which is simply a worse form of negligence – there is no clear dividing line between the two. The third claim went even further and charged NRC with ‘strict liability’, i.e. assigning the responsibility even without proof that it was at fault.

There are some further details of the incident that need special attention in order to understand the court ruling. First, Dennis argued that that there was a causal relation between the visit of the Secretary General and the attack. The assumption is that, due to poor information security practices in the NRC, the attackers had learned about the VIP visit and therefore set up the ambush. This causal relation was acknowledged by the defendant, although with the additional condition that the “concrete failure happened at the office in Dadaab and cannot be linked to the regional office in Nairobi or the head office in Oslo. Consequently, the information failure does not constitute a basis of liability pursuant to the rule of liability for the actions of managing bodies”. Second, the convoy did not have an armed escort, as is sometimes the case during high-profile visits. It had been the original plan, but the decision was changed in the last minute. According to NRC, the reason for the change of plans was a desire to keep the visit low-profile in order to minimise the threat of IEDs and kidnapping. The lacking information security and the omission of proper mitigation measures were central in the plaintiff’s claim of gross negligence.

On the question of whether a non-profit aid organisation can be held responsible for damages incurred in high-risk areas, the EISF Review distinguishes between moral and legal duty of care and emphasises its own focus on the latter. This means that we here deal with “an obligation imposed on an individual or organisation by law requiring that they adhere to a standard of reasonable care while performing acts (or omissions) that present a reasonably foreseeable risk of harm to others”. In its essence, the Court concluded that there were no examples from case law or legal theory that exempted NRC from complying with the same obligations as other employers. While it is “natural that field workers assume a conscious risk” while staying in high risk areas, the Court was of the opinion that the organisation “should be conscious of the risk situation, implementing necessary and reasonable security measures to limit the risk to the extent possible”. The ruling specifically mentions the obligation to inform employees of existing risks and lacking security measures.

As it turned out, the court found both negligence and gross negligence in the conduct of NRC, and thus did not make a decision on the strict-liability claim. In the ruling, the Court analyses post-factually the risk of Dennis’ kidnapping and injury. It was widely known, the ruling states, that the risk of kidnapping was very high in Dadaab (4 out of 5 on the UN risk level ladder). In addition, international staff were being targeted directly by kidnappers, who saw them as highly rewarding targets. Lastly, the Court concludes that the risk of serious injury from a kidnapping is very high. Together, all of these things are presented as adding up to a highly foreseeable kidnap risk from Dennis posting in Dadaab. With such a high risk in the area, NRC should have provided proportionate measures of mitigation. The court calculated Dennis’ compensation to an amount of almost NOK 4.4 million (EUR 465,000) plus legal costs of around NOK 1.2 million (EUR 127,000). I will not here go into the details of this amount, but simply state that NRC ended up paying Dennis a sizable compensation, which also caused a lot of stir in the global aid sector. The amount was, however, less than half of what Dennis had claimed, as the court found the projections of his future earnings to be overly optimistic. Since the claims were made under the Compensation Act (and the non-statutory rule of strict liability), the ruling only includes the economic reparation pay, and does not subject NRC to implement concrete risk mitigation strategies or self-regulative actions.

The Dennis case has been significant in pushing duty of care up on the agenda of employers in the Nordics. In addition to the direct financial ramifications of negligence, it should serve to remind us of the associated costs of having a lawsuit from a former employee running for years. Even now, seven years after the incident, it still clings to NRC’s name and reputation. However, the case has not defined duty of care in the literal sense of the word. Whatever definitions have come out of it have been made by professionals working with the concept, such as the experts from EISF, and generally rely on the term ‘reasonable’, which is – to say the least – flexible. On the one hand, this puts the employer in the uncomfortable position of not knowing when enough is enough. On the other hand, maybe it is positive that there is a conscious questioning of the reasonability of risk and protective measures, rather than a one-dimensional focus on compliance.

If you have questions or comments, please contact Søren Bisgaard Vase (sbv@guardian-srm.com), Head of Analysis at Guardian-srm or Isha Pinto (ish@guardian-srm.com), Consultant.