Kari’s Law and RAY BAUM’S Act – What You Need to Know
In early January 2022, the terms and obligations of both Kari’s Law and RAY BAUM’S Act became enforceable federal law. And as traditional POTS lines are slowly going the way of the dodo bird (see Phil Edholm's recent piece on No Jitter, Good Old POTS is Going Away. Is Your Organization Prepared?), entities that operate traditional on-premise phone systems, rest assured of one clear point—THE UNDERLYING TECHNOLOGY DOESN’T REALLY MATTER, with very limited exception. Both Kari’s Law and RAY BAUM’S Act contain clear language defining the obligations of entities that manufacture, distribute, install, maintain and/or operate multiline telephone systems. While there has been no litigation to date, it’s only a matter of time until the MLTS in place at an enterprise is unable to provide the information necessary to enable first responders to get to a person in need in a timely manner (think 4 minutes to get to someone in cardiac distress), resulting in a possibly preventable death and/or injury. This is the kind of situation that makes hungry litigators salivate and insurance companies tremble.
Here are the basics: Kari’s Law requires that all multiline telephone systems that are imported, leased, sold, installed, manufactured, managed, operated or which have been through a “major upgrade” since February 17, 2020, provide 3 key operating capabilities that are both installed and operational: that there be no need to dial an extra digit to get an outside line for the limited purpose of making a call to 9-1-1, that contemporaneous notification be made to an on-site location when the call to 9-1-1 is made, and that a valid callback number be provided so that first responders can call back to verify information (this number need not be the number from which the call was made, but could be a front security desk or other always-staffed location). Please note that the phrase “major upgrade” is not defined, which means that what constitutes such an upgrade is subject to interpretation.
If compliance isn’t legally required under Kari’s Law or RAY BAUM’S Act, an employer is not automatically “off the hook.” While compliance may not be “forced” as an obligation imposed by either law, there are other elements of law, including certainly employment and labor law that could easily come into play to create liability for an employer who has chosen, for any number of reasons (cost and underlying technology, among others), to be non-compliant.
Currently, the technologies that underlie most communications networks for voice, data and video do not matter in terms of compliance with either of these laws. If compliance can be reasonably achieved—without excessive cost or technological modification—an entity that would have chosen to put this expense off for another day could find itself clearly on the hook for allowing unsafe work conditions to exist. Whether the enterprise’s underlying system is premise or cloud-based or some combination thereof, for purposes of compliance with these laws, that technology is largely irrelevant from a compliance perspective.
The enterprise’s absolute obligation is to maintain a safe workplace, thus protecting the welfare of employees, contractors and guests. In the unlikely but uncommon case that 9-1-1 needs to be dialed from an enterprise facility, including, by the way, remote workers who may be using company-owned devices while working from home, an enterprise is obligated to meet the requirements established by law. An enterprise operating an MLTS would be well-advised to encourage those using its networks and devices to be aware of the limitations imposed by certain technologies. This couldn’t be more true than in the case of WFH employees and contractors who may have enterprise-owned devices that would likely provide inaccurate location information about the location from which a call to 9-1-1 is made. And in any case, the underlying technology, as has been said previously but which cannot be over stressed, is largely irrelevant. Access to first responders, through a public safety access point (PSAP), is, by definition, time-critical, and anything that impedes or delays such access, or which obfuscates or otherwise enables the provision of inaccurate information is the definition of critical. NG9-1-1 Tech Advisor Roberta J. Fox recommends that organizations also review and update their policies and operational practices to ensure that they can provide compliance and tracking information if and when required in the future.
It's the job of the enterprise to manage compliance with current laws, as well as the risks of both compliance and complications arising from attempts—successful or otherwise—at compliance. The biggest risks of non-compliance, aside from the obvious of preventing, through benign inaction or otherwise, a caller from reaching help when it’s needed most, are penalties, both in terms of cost and public relations. The potential impact to a corporate brand for failure to comply is hard to quantify, but it could create a catastrophic—and preventable—harm to the enterprise brand, in terms of both the short and long terms.
The bottom line is this: an enterprise, be it corporate, governmental, academic or non-profit, irrespective of size, has absolute responsibilities to manage the safety and security needs of all of its workers, contractors and guests who rely on its underlying networks, be they distributed, mobile or remote workers.