Editor: Why is it important for general counsel to stay involved in the event of security crisis?
Gibbons: General counsel can serve as a voice of reason, particularly when advising those responsible for responding to the crisis, rather than directly leading the response. Those directly responding are typically going at a fast pace with a lot of emotion. Deadlines must be met, and levels of anxiety are often high. When things are going fast in an emotional environment, important tasks can be overlooked. The general counsel can keep an eye open and ask the right questions to help people be as rational as they can so that everything is covered and things are done as orderly as possible.
Editor: What can you tell us about the security issues facing the U.S. Postal Service?
Gibbons: They arise in a number of different areas. Because of the extensive media coverage in recent years, most people are familiar with security concerns about biohazard and toxins in the mail. Another security issue, which received media attention a few years ago in connection with the Unabomber, is the possibility of injurious items being sent through the mail.
With more than 700,000 employees, our security concerns include threats arising from the mailing of dangerous items or direct violence against our employees. Like every other organization, we also face security threats to our computer system, which is one of the largest in the world.
After 9/11, security concerns related to mail transported by airplane have received increased attention.
Editor: How has the U.S. Postal Service collaborated with the private sector to address security concerns?
Gibbons: To address concerns about biohazards and toxins in the mail, we have worked with a variety of government agencies and private sector companies to identify technology that detects hazards and prevents injuries to those handling and receiving the mail. We already have in place robust detection and response systems for concerns with longer histories, which we developed with the help of other government agencies and the private sector at the time the concerns first arose.
We are always looking for better ways to deal with security concerns, whether with the assistance of the Public Health Service or private sector specialists to identify and implement the best methods to educate employees on how to detect people who might injure them and how to respond and deal with their own workplace issues so they get resolved peacefully.
We buy our computers from the outside world and work with the manufacturers on the latest software upgrades to prevent threats from hackers. We, along with our Inspector General, try to hack the system ourselves so that we can identify weaknesses and, where they are found, look for a fix to protect against them.
Post 9/11, we cannot mail anything on commercial airplanes that is over 16 ounces. We are hoping for technology advances to enable us to detect any problems in mail over 16 ounces so that we again have the option of using commercial airplanes for higher weight mail
Editor: How are your controls to address security issues balanced with privacy concerns?
Gibbons: Our chief privacy officer works with various privacy organizations, professional associations, Congressional leaders, our customers, and other stakeholders around the country to identify what the privacy concerns are. We take privacy protections very seriously and have put robust policies in place.
Editor: How is your legal team organized to address security concerns?
Gibbons: With a department of 214 attorneys in 11 metropolitan areas, we usually have enough legal resources in-house to handle the legal analysis we need. For example, when our nations mail system was threatened by the mailing of anthrax spores shortly after the terrorist attacks on 9/11, I immediately organized in-house teams to assess the legal issues that might arise. Concerns ranged from labor issues related to new ways of handling mail and cleanup of contaminated post offices to Freedom of Information issues related to the medias questions about the steps being taken to prevent additional toxins from being carried in the mail. Im very proud of the way my in-house team anticipates issues so that they can be addressed before they arise.
Editor: How can general counsel help their organizations identify, assess and address security concerns?
Gibbons: Many factors impact the degree to which the general counsel might get involved. The size of the organization is just one variable. Because the Postal Service is so large, we have separate departments that handle procurement, engineering, emergency preparedness and human resources. Our in-house legal team serves as a resource to those departments rather than taking the lead.
In smaller organizations, the general counsel might have more of a lead in one or more of these areas. It helps the general counsel to have a network of experts, colleagues and outside law firms to share insights and seek advice outside his or her own area of expertise.
Whether serving a large or small organization, the general counsel should have sound processes to identify and prioritize the risks and potential solutions so that the solution used has already been appropriately vetted within the organization and outside when necessary.
Editor: In these tough economic times, what factors should be considered when dedicating resources to security issues?
Gibbons: A variety of questions can be asked, such as what is the seriousness of the impact and the likelihood that it would occur or recur? Is a remedy available to prevent the event? What is the cost associated with the remedy? Is the threat internal or external? Do employees have expertise to help assess the threat and its remedies? What other companies are facing similar issues that could lead to cost sharing relationships? Are federal or state funds available to help with costs?
The impact on the companys products needs to be considered. For example, if money is spent to implement a fix, will a surcharge on the products be needed to cover the cost of responding to the threats?
The effect on the general public, politicians and your company should also be considered. In addition, the D&O insurance should be reviewed early in the assessment to see if there is adequate coverage for what might come up.
Editor: What recommendations do you have for working with the media and public officials in the event of a security crisis?
Gibbons: Large organizations, like the Postal Service, often have a separate communications department. That department will normally take the lead in working with the media with the legal teams support. In a smaller organization, the legal department might have this responsibility. Regardless of who has responsibility a number of actions should be taken.
As soon as possible and as the crisis unfolds, it is important to get the facts clear and to help people separate facts from assumptions. The potential stakeholders should be identified, and communication channels should be kept as open as appropriate to avoid surprises through the media. Examples of our stakeholders include the U.S. Congress and our employees and their unions. We would not want them to read or hear about something in the media before we have communicated with them.
One spokesperson to interface with the media should be identified. Be as clear and precise as possible on what caused the security issue and whether it was something over which the company had control. The content and timing of discussions with the media should take into account the political leaning of the media outlet and how that will impact the communication.
Editor: What practical tips do you have for general counsel handling investigations?
Gibbons: As a security issue or crisis unfolds, someone from the general counsels office should keep a record of the actions taken. A lot of things will be going on at the same time. If later there is litigation, people might forget about things that they did or why they did them.
If other people involved in responding to the crisis are keeping notes, it is good to review them contemporaneously for accuracy and precision. The content should be based on facts, not assumptions, and the dates should be correct. Having one person in the general counsels office coordinating responses to the investigation is helpful so that one person knows all that is filtering in and can be sure that the responses going out are complete, accurate and consistent. The coordinator should make sure that the investigators questions have been understood so that the communication is responsive.
Editor: Please give an example or two of the employment issues that can arise in a crisis.
Gibbons: The safety and security of your employees and your customers must be foremost in your mind. This includes their physical and emotional safety. Depending on the nature of what is going on, you might want to be cognizant of the reactions of the employees families.
Open and clear communications should be maintained with the employees, not only with those directly affected by the issue, but also those who are not. We found that communications delivered by immediate supervisors are most beneficial. If your workforce is unionized, you also want to work with the union.
In your general employee training, include guidance on security issues that can be anticipated or that you have already had and that might recur. Training is important because the more prepared employees are, the less upset they might be.
Particularly if you have multiple facilities, it is important to coordinate with all of the relevant state and local health authorities. If the crisis could shut down your operations, you need to have contingency plans.
Editor: What resources can help general counsel learn about what other companies are doing to address security concerns?
Gibbons: There are a lot. The General Counsel Roundtable has been extremely helpful in creating opportunities to discuss issues common to general counsels. Bar associations also make a variety of resources available. Others in your organization may be members of professional organizations that provide helpful perspectives in such areas as human resources, purchasing or engineering. General counsel who have experienced similar crisis or who are in similar businesses can be helpful. Government agencies including Homeland Security, Health and Human Services, the Center for Disease Control, and state and local health authorities -- all can be helpful. Professional literature is also available. On your own staff you might have people who have experience in a particular area.