Dennis vs Norwegian Refugee Council: implications for duty of care

April 18, 2016
Kelsey Hoppe and Christine Williamson
Aerial view of Ifo 2 refugee camp in Dadaab, Kenya

In this two-part article, Kelsey Hoppe explores the significance of the much-debated Steven Patrick Dennis vs. the Norwegian Refugee Council case. The first part of the article summarises the case, discusses the reception it has received and outlines how negligence by NRC was determined. The second part of the article features an interview with Christine Williamson, an HR and duty of care specialist, who discusses how organisations should approach duty of care in light of this case.

On 25 November 2015, an Oslo District Court delivered its judgement in the case of Steven Patrick Dennis vs. the Norwegian Refugee Council (NRC). The case was covered widely in mainstream media and discussed at length by aid workers and organisations in different forums and analytical reports. It was described as: a ‘landmark case’, ‘precedent-setting’, a ‘game-changer’, and a ‘wake-up call’ for the aid industry.

International organisations that have followed the case are inevitably asking what the case means for them – this article aims to answer some of their questions.

The terms surrounding the case should first be untangled to differentiate between media headlines and the court’s judgement. It is indeed a ‘landmark’ case, being the first of its kind to reach a court judgement. Other similar cases have been settled out of court. It could certainly be a ‘wake-up call’ and ‘game-changer’ for organisations who have insufficiently considered or implemented security policies and procedures in their duty of care to staff.

In the purely legal sense, however, lawyers are divided as to whether the case is ‘precedent-setting’ as it might not be applicable in other countries or those with different legal systems. For example, Norway has a civil legal system whereas the U.S. and UK have common law. National courts would also have discretion about whether to allow judgements of foreign jurisdictions in cases brought in their own country. That said, given the lack of precedent in cases of these sort it is likely the case would be presented for consideration, though not necessarily accepted.

In articles highlighting the lack of duty of care received by Dennis, the issue of post-care is often mentioned. However, while the issue of post-care might have been involved in Dennis’ decision to sue, the case itself does not mention or relate to post-care.

The court is also clear that it is not passing judgement on NRC’s overall security management or how the aid industry’s security management systems operate. The court is clear that its decision is about negligence in this specific case. Organisations must be careful in extrapolating conclusions, related to overall security management and duty of care, not necessarily intended by the court. Just because NRC was found negligent in this case does not mean that they, or any other aid organisation, is necessarily negligent more generally. Just because the negligence verdict referenced the fact that the NRC did not use armed escorts does not mean the case should be seen to recommend the use of armed escorts.

Case Summary:

Understanding the specifics of this case is critical for organisations wanting to understand the implications for their own work. The following summary draws directly from the legal case, which has been officially translated from Norwegian and is not based on any commentary.

Dennis, a Canadian, submitted (i.e. sued) a claim for compensation following his kidnap in June 2012 in Dadaab refugee camp, Kenya. Three other NRC staff were also kidnapped and one driver was killed. Dennis suffered a gunshot wound to the thigh. The group was held for four days before they were released in a rescue operation led by Kenyan authorities and a local militia. The staff were flown to Nairobi for medical treatment and debriefing before different arrangements were made for their post-care including compensation through NRC and insurance.

An investigation of the incident was launched by NRC and two reports were initially issued. One of these was reviewed externally by an independent consultant and a final review/report of NRC’s security systems was conducted by an external group.

In February 2015, Dennis submitted a claim to the Norwegian court for additional compensation from NRC. There were two requests for judicial mediation, one from each claimant, but neither was accepted by the other party. Throughout, both parties agreed that injury existed and an expert witness was called to testify to this. Both agreed that compensation should be paid but there was disagreement about the amounts and costs allowed to be covered as well as NRC admitting gross negligence.

The case proceeded and the court found NRC to both: be liable for compensation and have acted with gross negligence.

Establishing negligence:

The establishment of negligence is the crux of the case. In order to do this there had to be personal injury (which both parties agreed on), evidence that NRC could have acted differently to avoid the kidnap, and that there was a relationship between NRC’s actions and the injury. The court could also choose between simple negligence or gross negligence. For a decision of gross negligence to be made, there needed to be evidence of conduct representing ‘a clear deviation from responsible conduct’.

The court found that there was no intent by NRC, or any of their employees, to harm but that since the NRC had the same duty of care as any other Norwegian employer operating in a high risk area responsible security measures were required. The risk of kidnapping was high at the time of the incident and made higher by a VIP visit. The decision to not use armed escorts violated recommendations made by NRC’s security managers and normal local security measures used previously. NRC could have chosen not to conduct the visit, better controlled information about the visit, made the visit lower profile, or visited another camp. Additionally, staff were not given information about changes to security procedures and did not have time to discuss or decide to participate in the visit or fully understand the risk to themselves.

The court consequently decided that there was legal causation between the injury and NRC’s actions. Given that there was a ‘clear deviation from a responsible course of action’ and ‘several practicable and alternative courses of action present’, the court decided to judge gross negligence and ruled that NRC should pay Dennis cumulative compensation of approximately 5.5 million NOK (around $650,000 USD)

Implications for international organisations:

The key question for organisations looking at the case is the one posed by the court when they were examining liability and negligence. The question was: could NRC have acted differently to avert the risk of kidnap occurring?

As the court pointed out, NRC did not act with intent, however violating their own security measures demonstrated a deficiency in their duty of care and therefore gross negligence towards the affected employees. But what is duty of care and how can organisations apply it to give themselves confidence they are protecting their employees to the extent possible and avoiding potential lawsuits? Christine Williamson, a specialist in this area provides some insight:

Q: Following this case, organisations will likely be asking themselves ‘how robust is our duty of care?’ and ‘could we be sued?’ Are these the right questions?

A: In most jurisdictions, law dictates that employers must exercise a reasonable standard of care towards its employees, consultants and volunteers.  In a high risk environment, like the Dadaab refugee camp in this case, the organisation assumes more responsibility toward its employees. So, yes, an organisation must continually focus on its duty of care. This is a multi-dimensional concept that touches on all aspects of an employee’s experience with the organisation – from recruitment to exit. It is also a fluid concept as the contexts that aid organisations work in are dynamic so appropriate care and support will constantly change.

Employers must ensure staff are aware of their responsibilities and are equipped to do their role in a healthy, safe and secure way. Employers’ policies and procedures must reflect a duty of care relevant to the type of work and environment their staff work in and these will be used in a court or tribunal when assessing whether an employer has fulfilled its duty of care.

No matter the duty of care provided, however, any organisation can be sued. Perhaps a better way to approach the question is to ask: how do we ensure our duty of care policy and practice are robust enough to withstand scrutiny in a court of law and leave employees feeling they don’t need to sue?

Q: Humanitarian organisations work in high risk environments. How do they measure their responsibility?

A: To use the NRC case, I would approach this from the perspective of foreseeable risks. A high risk environment is a context where risks are known and therefore a greater number of measures are required to protect staff and provide a healthy and safe workplace – either through mitigation measures or reducing staff exposure to them. There is always the potential for residual risk in any environment and minimum standards of care ensure that employees know this and have the opportunity to consciously accept that residual risk. This is where the court’s assessment of NRC’s responsibility resulted in the verdict of gross negligence. The court said there were a variety of alternative actions NRC could have taken – including some in accordance with their own stated security policies – which would have been more appropriate and potentially averted the incident’s occurrence. Further, since these changes were not communicated in a timely fashion, their employees did not have the opportunity to accept the heightened residual risk.

Q: Organisations work in high risk environments and take security decisions in stressful and chaotic circumstances. Is it excessive to analyse this retrospectively in a sterile court environment?  Will this make organisations more risk adverse leaving those receiving aid without the benefit of these services?

A: This needn’t be the case. An organisation can work in high risk environments whilst also protecting their employees.

NRC was not found negligent because they were in a high risk environment out of their control. NRC probably operates in many high risk environments in a perfectly responsible way. They were found negligent because of a series of unusual security decisions in which they did not exhibit a sufficient level of duty of care to their staff – more so because they did have the policies, procedures and controls which enabled them to exhibit that care.

Robust duty of care practices should act as an enabler – employees who understand and are trained in minimum standards of duty of care in their organisation will know what to do, how to act, where to go, and, most importantly, when to say ‘no’. Organisations will not always be able to prevent critical incidents but properly upholding these minimum standards will make them better able to avoid them and respond appropriately when they do.

Q: The term ‘reasonable’ actions and ‘reasonable’ duty of care keeps coming up. However, this seems like a rather subjective term? How can organisations know that they are exercising ‘reasonable’ duty of care?

A: This comes back to what risks are foreseeable and the measures put in place to mitigate these and how embedded a duty of care culture is within the organisation. A set of minimum standards can be put in place to strengthen duty of care within each area of the employment cycle (i.e. systems, policy and practice, recruitment, induction, deployment, training, day-to-day management and transition). Duty of care is multi-dimensional and multi-layered. The different stakeholders within the organisation, from executive management to the domestic employee, should understand their role within a framework of care, which each stakeholder should have helped develop and implement.

Q: Organisations will want to know if they can afford to implement comprehensive duty of care structures – can they?

A: There is a financial cost for having robust staff care practices in place, but there is a greater cost if they haven’t.  Therefore, the question isn’t whether an organisation can afford to implement duty of care it’s whether they can afford not to. Minimum standards of duty of care must be established and an organisation must spend time thinking about how they can fund these. In most cases, organisations can build on existing systems and practices to do this.  Donors should be influenced to accept health, safety and security practices as well as any risk mitigation costs with a proposal.  The cost of not doing this, as demonstrated in the NRC case, is several times more than any preventative practices that need introducing or strengthening.

Q: For organisations interested in reading and learning more about duty of care where can they start?

A: There is a lot of literature on duty of care and staff care practices which organisations can refer to. Standard 8 of the new Core Humanitarian Standard, (CHS Alliance) outlines policies that should be in place for the security and well-being of staff. In regard to security practices, Irish Aid has produced Guidelines for NGO Professional Safety & Security Risk Management, the donor ECHO has developed a Generic Security Guide for Humanitarian Organisations, and the European Inter-Agency Security Forum website has a whole library of useful and instructive documents.  The Security Management Initiative has produced a research report called, ‘Can you get sued?’ which looks at legal liability within various jurisdictions with extremely relevant recommendations. Readers should also take a look at the journal I co-authored with Roger Darby, Challenges to international human resource management: the management of employee risk in the humanitarian aid and security sectors.


Kelsey Hoppe is a development and security consultant helping organisations conceptualise and implement security practice. Christine Williamson is an HR and duty of care specialist; she tweets as @dutyofcareint and her website can be found at:


Comments are available for logged in members only.