New York office shooting underscores gaps in workplace violence laws: What employers can do now

A tragic mass shooting that took place in a Manhattan office tower has once again drawn national attention to the growing threat of workplace violence, and the limitations of existing laws meant to prevent it. In July, an incident occurred in a Park Avenue building, resulting in the deaths of five individuals, including the shooter. This building is home to tenants such as Blackstone Inc., Loeb & Loeb LLP, Rudin Management, and the NFL, and it was high security.  In fact, one of the victims was an off duty armed police officer and an unarmed security guard. The perpetrator, a 27-year-old man from Nevada, had no apparent connection to the victims or the building, highlighting the unpredictable nature of such attacks.

New York's newly enacted workplace violence law (N.Y. Lab. Law § 27-c) was drafted in part to address growing concerns about gun violence, but it is limited only to retail employers. It does not apply to office buildings like the one targeted in this case. Nor does it impose obligations on landlords or multi-tenant commercial buildings. Yet, the statute provides a starting point for all employers, regardless of industry, seeking to improve workplace safety.

What New York law requires—and what it misses

Effective June 2024, New York Labor Law § 27-c and its accompanying regulations (12 NYCRR Part 860) require retail employers to:

• Develop and implement a workplace violence prevention plan.
• Conduct annual risk evaluations and hazard assessments;
• Provide annual training on workplace violence recognition and prevention, including active shooter response.
• Consider factors such as employees working in isolation, uncontrolled public access, and previous violent incidents.

The Park Avenue shooting, however, did not involve any of the covered risk factors listed in the law. Nonetheless, the core concepts of New York’s statute, proactive planning, risk assessment, training, and employee awareness, remain valuable to all employers.

California’s broader approach

California has taken a broader approach. Its law requires:

• A written Workplace Violence Prevention Plan (WVPP);
• Logs of violent incidents and corrective actions;
• Training on recognizing and avoiding workplace violence;
• Employee involvement in developing and implementing the WVPP.

California includes workplace violence as a recognized hazard under Cal/OSHA’s enforcement authority. By contrast, the federal OSHA has limited tools to address workplace shootings, relying on the General Duty Clause (29 U.S.C. § 654(a)(1)) to cite employers only when a hazard is “recognized” and there are “feasible means” of abatement—criteria rarely met in random acts of violence.

OSHA enforcement: A narrow path

Federal OSHA has occasionally cited employers after workplace shootings, such as in a 2019 citation against a social work organization (See our article regarding the incident, Confronting Violence in the Workplace: OSHA’s General Duty Clause). These are rare and case-specific. Unless there is evidence of a foreseeable risk or past incidents, OSHA's involvement is often limited. However, employers must still report fatalities within 8 hours and inpatient hospitalizations within 24 hours under OSHA regulations (29 C.F.R. § 1904.39).

Practical steps for employers now

Regardless of geography or statutory obligations, employers have the ability to prepare and do all they can to protect their most valuable assets, their employees. The following checklist enables employers to develop or enhance a workplace violence prevention program:

Developing a plan

1. Form a planning team
• Include executives, HR, legal, safety/risk managers, first responders, landlords, and facilities staff.
2. Assess threats and risks
• Conduct facility and vulnerability assessments.
• Review past threats or violent incidents.
• Identify risk factors such as open access points or lone workers.
3. Set goals and objectives
• Establish notification protocols, training goals, first responder coordination, and recovery efforts.
4. Create and approve the plan
• Assign roles, draft communication protocols, and document timelines.
5. Training and exercises
• Train all employees—including part-time and volunteers—on workplace violence and active shooter response.

Workplace Violence Prevention Policy essentials

• Clear zero-tolerance statement and disciplinary procedures.
• Confidential reporting mechanisms.
• Defined response team and investigation protocols.
• Warning signs of violence (e.g., erratic behavior, weapon preoccupation, substance abuse).
• Anti-retaliation provisions.
• Employee Assistance Program (EAP) access.

Active shooter policy highlights

• Clear definition of an active shooter.
• Emergency communication protocols (texts, alerts, emails).
• Standardized 911 reporting guidance (suspect location, weapons, direction of travel).
• "Run-Hide-Fight" or "Lock Out, Get Out, Take Out" training.
• Post-incident support, media coordination, and OSHA compliance (fatality/injury reporting, OSHA 300 log).

Conclusion: Don’t wait for the law to require it

The Park Avenue tragedy illustrates that workplace violence can strike any industry at any time, regardless of planning. While state and federal laws provide a framework, they are often reactive, not predictive. Employers who go beyond legal minimums, by assessing threats, engaging stakeholders, and training employees, can reduce risk and demonstrate a commitment to workplace safety.

If your organization needs assistance developing or updating a workplace violence prevention plan, policy, or training module, our attorneys at McDonald Hopkins can help.