Welcome to the Reuters.com BETA. Read our Editor's note on how we're helping professionals make smart decisions.
Skip to main content

In-house counsel must ensure that their company is prepared to handle an emergency

5 minute read

A patient receives their coronavirus disease (COVID-19) vaccine booster during a Pfizer-BioNTech vaccination clinic in Southfield, Michigan, U.S., September 29, 2021. REUTERS/Emily Elconin

The old saying that “failing to plan means planning to fail” is never more true than in corporate emergency response planning. Recent domestic and global events — such as the global COVID-19 pandemic, natural disasters, cyberattacks, infrastructure failures, and civil unrest — highlight the potential disruptive consequences of an emergency and the need for companies to be prepared well in advance of any emergency.

Given the legal and business continuity risks to their company, in-house counsel must have a central role in ensuring that their company (and, if necessary, the corporate law department) has an emergency or disaster recovery plan in place before an emergency arises. This plan must be flexible to cover any probable emergency that may arise.

Developing a company’s emergency response plan

In-house counsel typically serves on their company’s emergency response team and often have a significant role as a leader in creating their company’s emergency response plan, even though the law department may not be directly responsible for managing or owning the plan. In particular, in-house counsel is exceptionally situated to help prepare and provide feedback on the emergency response plan because of their knowledge, experience, and ability to identify red flags and analyze “what if” situations. For example, in-house counsel must apply their knowledge of applicable data privacy laws and determine the best course of action if there is a risk of a cyberattack that could compromise sensitive information stored by the company.

A starting point in emergency response planning involves identifying the possible risks to the company. Planning must account for general risks and those risks specific to the company based on its geographical footprint, industry, and workforce. In addition to ensuring business continuity and minimizing risks, a company needs to consider critical questions, such as:

      • Whether it should use a one-size-fits-all approach for all emergencies and company sites, or customize the plan to specific emergencies and sites?
      • Who has access to the plan?
      • When does the plan activate?
      • Who will execute the plan in the event of an emergency?
      • Who will the plan affect, both internally and externally?
      • What critical functions, systems, and activities are central to the company?
      • What external and internal resources exist for responding to an emergency?
      • What actions should the company take as part of its post-emergency response?
      • How should the company handle an emergency that may affect only part of the company?

As part of its planning, a company must also account for emergencies when all or part of its workforce already works remotely from different locations — a common occurrence resulting from the corporate response to the pandemic. Therefore, the emergency response plan must address information technology systems, security, and employee safety for a fully or partially remote workforce.

Once the company develops a plan, it should then inform the emergency response team. The company should also train key personnel and hold drills to test the plan.

Ensuring the law department’s preparedness

A company’s law department must have the ability to function during and in the aftermath of an emergency. Depending on the company, the law department may require its own emergency response plan. As a result, the law department should know the company’s emergency response plan and ensure consistency with the department’s own emergency response plan, if any.

The department should follow a similar approach to emergency response planning, consistent with the company’s overall planning. This includes assessing possible threats, determining overall preparedness, creating an emergency response team, drafting a written plan, conducting drills and training, and identifying post-emergency legal priorities (such as evaluating contractual obligations and notifying insurance carriers).

Among other impacts, an emergency may require the law department to take additional actions to preserve legal privileges, protect trade secrets, and maintain confidentiality of information. For example, the law department must continue to maintain the confidentiality of attorney-client privileged communications throughout any emergency.

Further, the risk of inadvertent disclosure and waiver rises when the law department or other company personnel work remotely. To help protect against the inadvertent waiver of the attorney-client privilege, the law department should adopt procedures and take appropriate proactive security measures if the emergency requires the law department or company personnel to function remotely.

Updating the emergency response plan

Finally, emergency response plans must be dynamic, rather than frozen in time. In-house counsel must work with their company to regularly review and update their existing emergency response plans. If an emergency occurs, a company should also consider conducting a post-emergency audit of the company’s actual response and address any deficiencies in the existing plans.

For example, a company should update its plan to reflect relevant organizational and other changes. This includes changes to key personnel, technology, the company’s office locations (or remote workforce), relevant laws (such as environmental standards), possible threats, and the organization’s culture.

While an emergency creates the potential for disrupting business operations and creating legal liability, a prepared company and its law department can minimize these risks. To ensure preparedness, in-house counsel must actively participate in the company’s emergency response planning and play a strong leadership role in its development, execution, and update.

Opinions expressed are those of the author. They do not reflect the views of Reuters News, which, under the Trust Principles, is committed to integrity, independence, and freedom from bias. Thomson Reuters Institute is owned by Thomson Reuters and operates independently of Reuters News.

Brandon Moss joined Practical Law from Murphy, Hesse, Toomey & Lehane, LLP, where he was a partner. His practice focused on civil litigation, appellate practice, employment law, and public law. He also served as a judicial law clerk with the Atomic Safety & Licensing Board Panel of the U.S. Nuclear Regulatory Commission.

More from Reuters