Article featured in September issue of UCD
Manna, H2Go, Copco, Zojirushi…
Any ideas what these have in common? Here’s a few more examples, which may give it away: Tervis, Hydro Flask, Thermos, Stanley, Starbucks.
These are all manufacturers of commuter mugs. I have at least one of each of these brands, maybe more…but I’m not confirming. It’s embarrassing, almost.
Why do I have all of these? I’m on a quest for the most comfortable commuter mug. It’s very important. Please allow me to opine.
A good commuter mug should have all of the following characteristics:
- comfortable to hold
- easy access to sip your beverage, but not too easy
- a way for the mug not to spill if you drop it
- a way to avoid burning your lips if the liquid is too hot
- ability to keep your nectar warm for hours
Did I miss anything?
This is complicated stuff, actually.
I still don’t have a cup which can accomplish all of these goals. So, I’m still looking. (It’s good to have goals, right?)
In my opinion, companies should continue to innovate to try to achieve the perfect commuter mug. If you ask me, they are not even close. As for me, I’ll keep searching.
Speaking of innovation, we have a community full of people who are constantly pushing forward, creating, and initiating positive changes inside dealerships. Risk and compliance professionals are no different.
These specialists are technicians who promulgate guidelines and adhere to routines to protect their dealerships. They audit what is actually happening at the stores (versus assuming everything is going according to policy) and report those results to the leadership team. They act as support to keep the business moving in the right direction and steer the company away from problems.
Compliance is not the opposite of innovation. Actually, done well, they live together in harmony, like coffee and a commuter mug, for instance.
Here’s something to consider. In the 2022 lawsuit Morelli v. Jim Koons Management Company (who was just purchased by Asbury for $1.2 billion), the Plaintiffs alleged the following:
“Defendant could and should have implemented, as recommended by the United States Government, the following measures:
- Implement an awareness and training program…
- Enable strong spam filters to prevent phishing emails from reaching the end users…
- Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users.”
This was simply one item enumerated in a 46 page lawsuit.
A risk and compliance professional can get ahead of issues like this one by designing a way to: (1) identify potential problems, and (2) subsequently figure out how to plug those holes at the dealership. For example, to address this allegation specifically:
- Start a cyber training program
- Strengthen monthly cyber procedures to include white hat phishing (Microsoft has an easy product here.)
- Enhance the scanning tools.
Then, document, document, document these activities into one central repository for easy retrieval. If you don’t document, then nothing trackable really happened, which is a shame as this is how to address these types of concerns in litigation.
Now, would these activities stop a cyber breach from happening? Absolutely, not. Lawyers call these affirmative defenses. These affirmative defenses help attorneys prevent the plaintiffs from winning by showing the defendant (i.e. the dealership) took the actions of a prudent person. Done effectively, these preventative measures can negate or reduce any legal consequences alleged by a plaintiff.
Michael Semanie, an attorney who routinely represents motor vehicle dealerships across the country, noted that “dealers who adopt and observe information security policies that harmonize with federal and state data laws are much better positioned to defend themselves against claims that a cyber incident was the result of the dealer’s negligence. While some states have implemented statutory “safe harbor” defenses to protect dealers from liability related to a data breach, if the dealer has complied with specified data security standards, more states have attempted but failed to implement such statutory protections.”
Semanie continued, “Florida House Bill 473 (entitled “Cybersecurity Incident Liability”) passed both houses of the legislature, but it was ultimately vetoed by Governor Ron DeSantis on June 26, 2024, who noted that such a safe harbor “incentivizes doing the minimum when protecting consumer data.” This strong public sentiment against companies who expose consumer data through a cyber incident can also be seen in the judiciary and in the juries who may determine the fate of a dealer’s liability after a breach. By employing a robust information security policy, dealers may be protecting the value of their investment when it is time for a dealership buy-sell, since potential buyers are unable to seek or demand discounts and holdbacks for potential liability related to inadequate and non-compliant data security.”
If you don’t have cyber insurance, it’s not too late. Start today. According to The Risk & Insurance Risk Brief, 69 percent of business owners are concerned about cyberattacks, yet only 32 percent have cyber insurance.
Here’s a second, non-cyber example to consider. On April 8, 2024, Automotive News reported Desert Toyota of Tucson, Arizona, will pay $60,000 in penalties, restitution, costs and fees to settle allegations it refused to sell vehicles at advertised prices.
The Attorney General, Kris Mayes, said the store’s prices failed to include the full reconditioning fees the dealer changed and the cost of mandatory addition such as exterior coating and door edge guards. The dealership changed reconditioning fees which exceeded the advertising.
Could this problem have been prevented by a compliance manager? You betcha!
- Was there any sales training to emphasize the policy that all vehicles must be sold at advertised prices? Was this policy acknowledged and attested to by the sales staff?
- Did any of their paperwork show exterior coating and door edge guard were not mandatory?
- Were the stickers on the vehicle clear as to what was a mandatory charge?
- Did the dealership have a policy on how much they charge for reconditioning fees?
These problems are preventable by having a policy, having someone check behind what’s happening at the store, and documenting the outcome. Remember compliance is simply someone has to do a thing, at some point in time, and then prove that the thing was completed. Without an auditing component to check behind everyone, you have no compliance program, which can be very uncomfortable because you don’t actually know what’s happening at your own store. A compliance pro will be on a quest to ensure the dealership is protected.
Speaking of quests and being uncomfortable, if anyone has a commuter mug which feels good in my hand, please let me know. I’m here.
Tom Kline
Better Vantage Point
tomk@bettervantagepoint.com