According to the U.S. Bureau of Justice Statistics, between 1993 and 1999, 1.7 million violent victimizations per year were committed against people in the workplace, including: 1.3 million simple assaults, 325,000 aggravated assaults, 36,500 rapes and sexual assaults, 70,000 robberies, and 900 homicides. With such astounding statistics, the need for a thorough and comprehensive guideline to prevent and manage workplace violence is not surprising. ASIS International, the premier international organization for professionals responsible for security has recently approved such a guideline.

Since March 2005, ASIS International's Commission on Guidelines had been diligently working on creating a distinct guideline that would, for the first time, provide organization's with a comprehensive guide to maintaining a safe and secure work environment. After a lengthy review and comment period this past summer, by a wide variety of professionals in the security industry, the guideline was recently approved and accepted by the ASIS Commission on Guidelines. The variety of contributory work on the guideline has resulted in the inclusion of multidisciplinary approaches to aggressive and violent behavior in the workplace, preventative measures, practices for security officers to better respond to and resolve incidents, and also encompasses the legal aspects of workplace violence.

A major benefit of this guideline is that it applies to both public and private sector organizations and provides an overview of general policies and procedures organizations can adopt to prevent threatening misconduct and violence in the workplace. With the realistic and persistent threat of workplace violence in organizations both large and small, it is integral that this guideline be utilized by not only corporate security departments, but also human resource departments and executive level management alike.

Tip: ASIS International's Workplace Violence Prevention and Response Guideline will soon be available on their website for purchase. Please visit the ASIS International home web-site at www.asisonline.org for more information.

Source: Bureau of Justice Statistics. 2001. Violence in the Workplace, 1993-1999. Washington, D.C.: U.S. Department of Justice

---

The attorney-client privilege can be defined as the right for a client and the obligation of his attorney to maintain confidentiality of shared information. It seems rather simple with regard to an individual consulting with their attorney regarding a personal legal matter. What then does it mean for your corporation? For corporations, it entails the right to seek advice, examine alternative courses of action, and consult with counsel without fear that your communications can be disclosed. The privilege belongs to the client and may be invoked by the client or by the client's attorney on their behalf.

What do we mean by communication?

Communications could include, but are not specifically limited to: verbal conversations, phone conversations, written documents, and email.

Who is the client?

Clearly the President/CEO and Board of Directors of an organization could be deemed to be clients. The privilege can also extend to senior management in so far as the communication is within said management's direct prevue (decision-making authority). It is safe to assume that any employee without direct decision-making authority over the scope of the communication cannot assert the privilege. It is important for both the client and the attorney to discuss the privilege to uncover what is, and what may not be deemed confidential in the course of the communication.

When are we protected?

As long as the communications are between the client and the counsel only, and are involved solely in the purveyance of legal advice, confidentiality will almost always be protected. Discussing business details, not related directly to legal advice, with your attorney in most cases will not be protected. Also, disclosing the intention to commit a future act which violates the law may also void the privilege.

We will be examining more substantive instances in which privilege is nullified in Part II of this article in next month's newsletter.

The advice given in the article above is not intended to serve as legal advice.

---

Convenience is a hot commodity in today's business world, and more and more organizations are spending high dollar amounts to make their workplace more convenient. One such way of creating convenience in the workplace has been the advent of the multifunction printer (MFP), the combination copy machine scanner, fax machine, and printer. MFPs are similar to PCs in that they have processors and utilize memory. Furthermore, they create an electronic image of documents, which thus enables repagination or duplicate printing without having to scan the document multiple times. Convenient, right? Not necessarily. What many organizations don't realize is that these MFPs actually store a digital image of the document on its hard drive, which in turn could potentially be exposed to individuals outside the organization if and when the MFP is sold, or the lease is up. The money you've spent securing your organization's intellectual and proprietary data through other security means including safes and other security measures has now been wasted, and your company's most confidential information is exposed.

An additional hazard that arises from MFPs is that typically these machines are connected to an organization's main network and/or the Internet. As such, MFPs could be used to promulgate attacks throughout an organization if they are not properly secured. Furthermore, exposure may create legal liability if the MFP stores or transmits sensitive corporate, customer, or patient data that is subject to legislation including the Health Insurance Portability and Accountability Act (HIPAA) for the health care industry and other specific industry related legislative acts.

What can you do to protect your organization from exposure if you already have an MFP?

• Contact the manufacturer of the MFP or your organization's Information Technology department and inquire about the security features included on the model currently leased or owned.
• Inquire about encryption features which prevent unauthorized users from viewing images in storage.
• Ask about features that automatically overwrite the area on the machine's hard drive where a document image existed.
• Inquire about the use of address filtering, in which only certain IP addresses can access the device.
• Research the use of password authentication for MFPs, which can then provide an audit trail of any documents sent via email through the machine.

---

Quote of the Month: "In the truest sense, freedom cannot be bestowed; it must be achieved."

- Franklin D. Roosevelt (1882 - 1945), Speech, September 22, 1936

---