Avoiding litigation: Are you covered?
Share
Helen Biggin, partner at law firm Vedder Price, considers how airports can seek to safeguard their operations from litigation.
Recent events at various UK and European airports have caused disruption for passengers and have significantly impacted airlines and other companies who use those airports.
Such events include the power outage at London Heathrow, the cyber-attack on a service provider who provided check-in and boarding systems at multiple airports, malfunctioning air traffic control systems, drone incursions and physical infrastructure failures.
These events can, if not adequately foreseen, planned for and managed, give rise to substantial claims against airports.
The most obvious claims will be from passengers seeking recompense for flight delays and cancellations. Though such claims will be against airlines and travel insurance companies, it is entirely possible that those companies will in turn seek to recover their losses from the airports and the airports may face claims directly from other third parties such as shop and restaurant owners in the terminals.
This will be a particular risk if it appears the incident was caused by the negligence or mismanagement on the part of the airport.
For example, if the airport does not have adequate systems and monitoring in place, it has lax processes or procedures when hiring sub-contractors, or it has turned a blind eye to issues, then the risk of claims rises exponentially.
Many of the events that occur are the result of bad actors such as cyber-attacks or drone incursions, and though these should be relatively rare occurrences, a prudent airport operator should be taking steps to protect itself against such risks.
If it fails to pro-actively plan and prepare for such eventualities, it will leave itself open to criticism and potential claims.
PROTECTIVE MEASURES
Airports should ensure they have robust operational plans in place. For example, they should schedule regular maintenance work and undertake regular checks on key systems and infrastructure to ensure they are fit for purpose and in good working order.
Doing so and, importantly, documenting this maintenance work and checks, will assist the airport if it has to defend itself against claims of negligence or mismanagement.
Airports should also align and work closely with sub-contractors who perform maintenance or supply goods and services to ensure the quality of the work, products and services provided.
Airport management should regularly review procurement policies. They should also undertake spot checks of key service providers to ensure that the right standards of work are being maintained and that the sub-contractors are conducting the work to the required standards and have the relevant expertise for the work they are undertaking.
Having detailed and comprehensive emergency response and business continuity plans in place is another necessary measure as these will ensure that when events happen, airports can try to mitigate their (and others) losses.
Such plans should be reviewed and updated regularly, and airports should hold practice drills implementing these plans periodically.
As part of this process, the airport should pre-identify a core crisis team spanning various competencies which can be put in place quickly if an issue arises. Ideally, such a team will include appropriate people from senior management, operations, engineering, IT, PR, risk, compliance and legal.
Who makes up this core team should also be kept under review so that, for instance, replacements can be sorted ahead of time as and when individuals leave.
The plan should ensure that responsibility and work is clearly divided upfront between the team members because when events occur the airport will be pulled in numerous directions – managing passengers, attempting to fix the issue, messaging the press and stakeholders, for instance.
Additionally, airports must regularly review and carry out risk assessments and threat modelling on their most critical systems and operations.
They should consider isolating critical systems from each other so that a cyber-attack, for instance, does not cross contaminate other systems. This review should focus on security around their critical systems, infrastructure and operations, including thinking critically about who has access to them, making software updates as needed and robustlytesting the security of the systems to try to identify and fix gaps.
Adequate training for all staff is essential. With cyber-attacks in particular, the vulnerabilities often lie with the use of IT systems by staff at all levels. Therefore, airports should ensure that all staff are appropriately trained to identify potential issues (e.g. phishing attempts) and they should assess and update policies and procedures covering IT matters, especially policies around the use of personal devices and personal email addresses.
The importance of properly documenting training, risk assessments, business continuity plans and emergency response plans also cannot be understated.
It is worth noting that during any crisis, airports should properly document decisions they have made and why. In the latter instance, this should be done with the advice of lawyers to ensure privilege is maintained as necessary.
Contracts entered in to by the airport should be scrutinised carefully, and notably, the force majeure and material adverse change clauses and also any limitation of liability clause.
If these clauses are appropriately drafted, they may allow the airport the ability to avoid or significantly reduce its liability.
Airports should also review their own insurance policies and assess carefully the exemption provisions to ensure they are adequately protected and ensure they are complying strictly with all relevant legislation and regulations.
PRE-EMPTIVE STEPS
Obviously, it will not be possible for airports to pre-empt every extraordinary event that may arise, but they should consider if there are pre-emptive steps they can take to prevent or minimise the impact of events.
For example, following a spate of protests by climate change activists, many UK airports have obtained injunctions from the English High Court preventing demonstrators from trespassing on the airport’s private property.
CONCLUSION
In order to try to minimise disruption for passengers and airlines when such events do inevitably occur, and to best protect themselves against potential claims, airports should be looking to properly and thoroughly plan and prepare for how it will address any such events and continue to assess, maintain and monitor its critical infrastructure and systems.
Being able to demonstrate that the airport had appropriately planned for emergency events can reduce its exposure to claims by showing it took all reasonable steps to avoid the event in the first place and promptly took reasonable steps to mitigate losses when crises did occur.
