On 29 June 2012, Steven Dennis, an employee of the Norwegian Refugee Council (NRC), was injured and kidnapped, along with three other colleagues, following an attack during a VIP visit to the IFO II refugee camp in Dadaab, Kenya. Four days later the hostages were set free during an armed rescue operation carried out by Kenyan authorities and local militia. Three years later, Dennis submitted a claim at the Oslo District Court against his former employer, the NRC, for compensation for economic and non-economic loss following the kidnapping. The Court concluded that the NRC acted with gross negligence in relation to this incident and found the NRC to be liable for compensation towards Dennis.
The purpose of this paper is to reflect on the court case and what lessons can be drawn from the Court’s ruling for the international aid sector. In order to achieve this, the paper reviews the Court’s legal reasoning and highlights the interrelation between the ruling, the concept of legal duty of care and security risk management. The paper concludes by providing an overview of some of the wider implications this case has for the international aid sector.
Dennis pursued three legal claims against the NRC. With a focus on determining negligence in relation to the incident, the Court considered and reached conclusions on the following: the foreseeability of risk, mitigating measures to reduce and avert risk, gross negligence, causation and loss.
The Court found that the risk of kidnapping was foreseeable. It also found that the NRC could have implemented mitigating measures to reduce and avert the risk of kidnapping. The Court furthermore found that the NRC acted with gross negligence and that the NRC's negligent conduct was a necessary condition for the kidnapping to have occurred. In summary, the Court found that the legal requirements for compensation for injury, as well as compensation for pain and suffering were met.
The Court ordered the NRC to pay Dennis approximately 4.4 million Norwegian Krone (approximately 465,000 EUR).
Although the terminology and approach used by the Court differ from a standard security risk management approach, the ruling refers to elements familiar to security experts and uses some of the evidence of failings in these areas to find that the NRC fell short of meeting due care standards in this instance. For example, in terms of context and risk analyses, the Court found that there was an insufficientunderstanding of the security situation in Dadaab by the NRC decision-makers, which resulted in the risk of kidnapping not being properly analysed shortly before the VIP visit. The Court also found weaknesses with regards to the identification and implementation of mitigating measures, particularly in relation to the decision to not use an armed escort, which was contrary to existing practice and security recommendations for Dadaab at the time.
A number of lessons can be derived from the ruling with implications for the international aid sector. The fundamental conclusion that can be drawn from the court case is that duty of care is a legal obligation that organisations in the international aid sector must adhere to and that they must do so to the same standard as any other employer. The ruling does not argue, despite the context, that operating in Dadaab was contrary to the law. The case instead highlights that mitigating measures must be proportionate to the risk. Therefore, the ruling should not cause organisations to become more risk averse but rather cause them to institute stronger security risk management procedures in line with the context they are operating in. The ruling furthermore highlights that an essential component of duty of care in high-risk environments is ‘informed consent’. The Court found that informed consent was doubtful or entirely absent in some instances leading up to the incident.
Some additional issues raised by the court case that the paper reflects upon are: legal duty of care for non-employees, documentation and liability, organisational ‘culture of security’, armed rescue operations, the role of security advisors, human resources management, and finally, why this case went to court.
The case of Dennis v NRC highlights the legal repercussions organisations could face in the event that they do not meet adequate duty of care standards towards their employees before, during and after a security incident. For an organisation, it is essential to take account of the mandatory nature of duty of care. However, this goes beyond legal responsibility and the wish to avoid court cases with all their negative effects. More importantly, due consideration of duty of care has wide-ranging positive impacts on an organisation. It makes sense for an organisation to embrace and invest in duty of care rather than expend efforts to avoid it; in fact, embracing duty of care leads to a better org