The public library is exposed to a wide variety of risks in the course of conducting its business. These include natural disasters such as fires and storms, patron accidents of various kinds, negligence, willful misconduct, cybersecurity breaches, active shooter events and other criminal activity. Risks can also include economic downturns, civic unrest, technological disruption, and public health crises. It is the Board's responsibility to reduce risk to a manageable level so that the service program or even the survival of the library is not threatened. A poorly managed incident, lawsuit, personnel action, or judgment against the library can have consequences far beyond the immediate impact of the event.
Trustees should keep an eye on trends impacting other libraries in the region, state, and nation to ensure policies and procedures are in place to protect your library. For example, record-setting censorship attempts, First Amendment Audits, and other social movements were all spotted in other parts of the country before reaching New York. These types of issues, if mishandled, expose the institution to legal action, unanticipated costs, as well as poor public perception.
The impact of climate change on our communities cannot be understated. More severe and frequent storms, increasing heat waves, rising sea levels, and the threat of wildfires are all very real concerns for New Yorkers. Adaptation of library facilities, policies, insurance coverage, staff training and public services all need to take this into consideration today for the future of the library.
Library boards and trustees can be held liable for infractions of laws and regulations by the library, although considerable immunity is granted if the Board is acting in good faith in carrying out its responsibilities. New York State Not-for-Profit Corporation Law (§720-a) and Public Officers Law (§18) afford individual trustees some degree of immunity from liability, but that does not prevent library boards and individual trustees from being sued for any reason, or seemingly for no reason at all.
The best way to reduce risk is to be sure that the library is operating in a safe, legal manner according to carefully written policies and thoughtfully implemented procedures. It is always better to protect against or prevent harm than to rely on insurance to pay for a loss. (See Policies Chapter)
Boards should also engage in scenario planning that enhances a library’s Emergency Action Plan, Continuity of Operations Plan (COOP), Health Emergency Plan, and general disaster preparedness. While you will not be able to anticipate every possibility, there are many common scenarios that you can prepare for in advance.
Risk management is an ongoing process of identifying, assessing, and responding to potential risks. It has several key components. The most obvious is insurance. The library must carry property and general liability insurance appropriate to the size and scope of its operations. Errors and omissions insurance, also known as directors and officers (D&O) liability insurance, insures the library and the Board against real or perceived errors of judgment. Such insurance will usually cover legal costs and judgments against the library. Workers' compensation insurance is required by law. Cybersecurity insurance should be considered mandatory in light of ransomware attacks on a number of libraries in the state. Other coverage, such as flood insurance, may be appropriate in some situations. The library's entire insurance package should be reviewed thoroughly and regularly for cost, comprehensiveness, and adequacy of coverage.
Careful record keeping, inventory management and valuation are important in the event of a loss. In addition to the traditional inventory list, a video of the library and its contents can be useful, especially if the library houses artwork or other items whose value might be questioned. Inventories are also required to comply with generally accepted accounting procedures for public entities.
Another critical component of risk management involves attention to personal safety, physical facilities, and loss prevention strategies. Does the library have a viable security system and a fire suppression system? Has the heating and air conditioning system been inspected and properly maintained? Is the building maintained free of safety hazards? Is the staff familiar with emergency procedures? Are practice drills held? Are security procedures in place? Is there a business continuity plan for valuable papers, critical materials, and data?
Remember that risk management is a continuous process involving the Library Board, administration, staff, and insurance professionals.