As businesses of all sizes adjust to ongoing recommendations from local, state and federal COVID-19 guidance, there needs to be a close collaboration between legal and disaster recovery planning teams. In this article, I will answer the top six questions legal professionals have about their role in disaster recovery planning.
What is the relationship between the law and disaster recovery planning?
There’s quite a strong mutual relationship – the law supports the goals of disaster recovery planning, and disaster recovery planning helps comply with applicable law and contractual legal obligations. As a result of the close relationship, it’s critical to have legal input into the process of disaster recovery planning as well as the plan itself in order to ensure that the proper legal parameters have been considered.
What legal considerations need to be made when disaster planning?
Several key legal considerations need to be taken into account. Firstly, what is the universe of existing legal obligations to customers, employees, vendors, investors, lenders, landlords, and any other third parties? Second, what are the applicable regulatory frameworks for your business? And third, what are the existing internal policies and requirements, and do those need to be altered or amended to incorporate any disaster planning? With respect to all of these, the primary strategic determination of what risks the organization is willing to accept is the most valuable. While it is a character trait of both lawyers and risk management professionals to want to plan and prepare for all potential outcomes, that approach may not serve the business as a whole. Therefore, the calculated determination of what risk is acceptable can be extremely beneficial during disaster planning, so that if a true disaster arises, these questions are already answered. Ambiguity is the enemy in a disaster, no matter what type of event is being discussed.
What are the top legal considerations that are often overlooked?
In my experience, one major point that is overlooked are the organization’s notice responsibilities – not only those that are the legal obligation under well-known regulations, but contractual obligations, for example to a landlord or insurance broker. The risk there is that without proper notice, the organization could expose itself to either fewer protections or less coverage, or could end up in breach of contract for failing to provide notice and have an increased liability that could have been easily avoided with better planning and process mapping around the disaster process.
What do organizations stand to lose by not working closely with legal teams on disaster recovery planning?
Legal teams tend to have insight across the business as well as visibility into external factors that could impact legal obligations and are trained from the beginning of their careers to identify risk in any type of situation. By involving legal, organizations can gain comfort from the assurance that all angles have been considered cross-functionally. Further, the best legal teams are those that assist the business in limiting their liability while achieving corporate goals – once the strategic decision regarding assumption of risk is made, legal teams can provide concrete counsel into what factors influence those aims in various types of situations.
How has the pandemic changed how we think about disaster recovery?
In some ways, what hasn’t it changed would be an easier question! It’s rapidly become a cliché, but this truly is an unprecedented event in many, many ways. For example, in most force majeure clauses, there’s no mention of a pandemic – the common wisdom would be that “pandemic” is an “act of God” as used in contract law. However, the definition is ambiguous, and the litigation surrounding that term of art is going to extend for years. More tangibly, however, the pandemic has forced disaster recovery to encompass an instantaneous shift to remote operations for a time period that extends past the end of a traditional “event”. In March, I’m not sure many organizations were planning for three, six, or nine months of disruption, let alone more, but that certainly will be part of planning discussions now.
What advice do you have for legal professionals working HR, IT and across the organization on 2021 disaster planning?
To make sure to listen to the organization’s aims prior to making a determination of what’s needed. It’s easy to look at the technical requirements of a given regulation or contractual obligation and opine, but to truly provide value to your organization, you need to be ready to further your organization’s goals while protecting them to the best of your ability. For example, if the goal is to minimize the liability associated with the risk of transmission of COVID-19 among employees while maintaining employee morale and productivity, the most conservative risk avoidance strategy could be to have any employee entering the office sign a waiver of all claims against the organization. However, a similar end could be reached by working with the HR team to mitigate the number of people at the office, or to have facilities teams reconfigure office space to maximize the distance between employees while requiring that all individuals wear masks while on the premises. While the waiver could still be utilized, the latter approach will maintain goodwill among employees, which will further the organization’s end goal.