Who could have thought that a targeted chemical attack on a former Russian spy would see parts of the English town of Salisbury closed to visitors for weeks? This tragic and bizarre event is an example of how the familiar leisure and hospitality risks are now joined by new and challenging ones. However, events that have hit the headlines are a good way to supplement your thinking, challenging your management of risk as well as how well your business could respond to a crisis and recover from it.
Salisbury novichok incident
The novichok nerve agent attack left many companies in Salisbury having to close their doors. With almost 10% of jobs in the town related to tourism, the leisure and hospitality sector was hit particularly hard.
Businesses close to the police cordon reported a drop in footfall of up to 90% in the weeks following the incident. The restaurant where the victims had been for lunch and other locations around the town were closed for approximately eight months while authorities investigated the incident.
- Are your staff members trained to deal with newly identified risks?
- Have you considered what would happen if access was denied as a result of a non-damage incident?
- Do you have robust crisis management policies and procedures?
- Does your crisis management policy include a provision for counselling of staff members after a high-profile or traumatic incident?
Central London hotel and Glasgow School of Art fires
Two major fires caused significant damage and disruption in London and Glasgow in June. A fire at a prestigious hotel in London occurred just a week after a multimillion-pound renovation was completed. The incident caused the hotel and several neighbouring buildings to be evacuated and some accommodations were still closed months later.
Nine days after the London hotel fire, a fire at the Glasgow School of Art caused severe and extensive damage to its distinctive building, designed by famous architect and visual artist Charles Rennie Mackintosh, and to the surrounding buildings, including a nightclub. This was the second fire at the School of Art in four years.
- How is fire safety managed in your business? Do your employees receive robust fire safety training?
- How safe are renovations and do they compromise the safety of buildings?
- If fire prevention and containment measures fail, do your employees, from C-suite to customer facing employees, understand your fire evacuation procedures?
Food safety and allergens: ‘Natasha’s Law’
Several cases of consumers suffering fatal allergic reactions have highlighted why food safety is so important. It‘s essential that businesses comply with their own internal food safety policies, remain vigilant for potential risk, and ensure that they implement suitable control measures when deficiencies are found.
In 2016, a teenager tragically died from an allergic reaction to sesame seeds in a baguette she had purchased from a high street sandwich shop. And in 2018, two takeaway workers were found guilty of manslaughter by gross negligence after another teenager had a fatal reaction to peanuts in her meal in 2016.
These cases, among others, have meant that product labelling laws have been examined and the UK government are in the process of reviewing the law around how food is prepared and labelled.
- Do your risk assessments reflect the risk of human error or mislabelling food items?
- Who is the risk owner for the food safety risk in your business?
- Are your employees receiving effective training in food preparation?
- Are training, signage and labelling enough to manage these risks?
- Is your risk profile aligned to your risk appetite?
GDPR: Hospitality and the cyber breaches
In leisure and hospitality, customers expect an excellent customer service. This now also extends to taking care and protecting their data. The General Data Protection Regulation (GDPR) came into effect across the EU on 25 May 2018, meaning an even sharper focus is on how well affected businesses look after customer data.
- If you deal with or have companies in the EU, are your records GDPR compliant?
- Who owns the risk of GDPR non-compliance in your business?
- Do you have procedures in place in the event of a third-party data breach?
What’s clear from each of these incidents is that asking the right questions of your policies and practices is essential for making sure you’re ready for any eventuality. And having the right risk management in place to mitigate against changing risks can help businesses face an uncertain future with more certain confidence.