fbpx

Main Navigation

Advertisement
Social Connect
Resources
Our Brand Family
Motorcycle & powersports news
Motorcycle and powersports content for dealers, professionals and enthusiasts
Business Management

Identity Crisis

Have a written plan in place for securing data and responding to a security breach.

Avatar
By Rod Stuckey
Published:

During a recent business trip to the United Kingdom, I found it interesting that the restaurant servers would bring portable credit card readers to the table. I felt a little pressured to leave a tip with them standing beside me (until I found it was included) so I mentioned it to another customer. He laughed, and said, “yeah, back in the U.S., the servers leave with your credit card and steal all of your information before returning to your table don’t they?” We both chuckled, but it made me wonder if that was the purpose of the system. Have you seen the LifeLock commercials were the CEO is providing his personal social security number to millions of viewers? Identity theft has become so prevalent in the United States that millions of Americans are paying companies a monthly payment to services such as LifeLock who will guarantee to protect your identity. When I first heard of this type of service years ago, I thought that anyone who increases their monthly overhead for a preventive measure like this must have more money than sense. Then, my sister-in-law had her identity stolen, and I was able to see firsthand what a nightmare she experienced. My neighbor had some checks stolen from his mailbox, my co-worker had her identity stolen and the list goes on and on. It has hit so close to home that I’m taking preventive measures. In fact, according to the Federal Trade Commission, losses from identity theft cost billions of dollars to both individuals and businesses each year.

Related Articles

So what does this have to do with the powersports industry, you ask? Well, if you’re a dealer, you could have a lot at stake. I know this isn’t as fun as talking about the new ’09 models just released, but stay with me. Effective November 1, 2008, dealerships, retail outlets, lenders and other businesses who handle both customer and employee personal information will have to comply with the Safeguards Rule, which went into effect May 23, 2003, under the Graham-Leach Biley Act. So what does it mean to comply? And how can there be a hard deadline?

In order to be in compliance by November 1, dealers must have a written plan in place for securing data and responding to a security breach. According to the FTC website, the FTC is authorized by Congress to impose penalties of up to $11,000 per violation, per day. To try and make some sense of this formal talk, let’s translate this into our terms with a couple of quick examples:

Example 1
Dealership A allows salespeople to keep track of their own customer paperwork. One salesperson continually leaves multiple credit applications and copies of customer driver’s licenses etc. out on his desk. Mr. Lowlife comes in looking at bikes. He sits down at the salespersons desk, and while waiting on the salesperson to retrieve a brochure, he decides to help himself to the credit applications that are blatantly lying around. He then uses the information to obtain lines of credit for everything from stereos to a new car. Eventually Mr. Lowlife is caught, and upon his arrest notifies authorities of the place of business whereby the information was obtained. Authorities notify the FTC, which launches an investigation only to find the very same salesperson (who never even knew the previous apps were stolen) with over 15 credit applications lying scattered about on his desk. That’s easy math at $11,000 per violation and could potentially cost dealership A $165,000 in fines.

Example 2
Dealership B hires an office assistant to help the bookkeeper with tag-and-title work. As it turns out, the office assistant is crooked and is accessing both current and previous dealership personnel files, retrieving personal data and opening credit card accounts with their information. Eventually, the person is caught, but extensive damage has been done. The word spreads to a previous employee who was never contacted and has now had his personal credit ruined. An investigation is launched and the dealership is found guilty on two accounts.

The data was found in unlocked file cabinets with little supervision, and therefore was not legally secure.

Once a security breach happens, the business is required to respond or notify any and all possible victims. This could have been proactively completed with a quick letter, but wasn’t, due to a lack of understanding of the Safeguard Rules and Privacy Act.

In this example, the end verdict could have been $11,000 per violation with 10 or more victims, equaling $110,000 in dealership fines!

Now, you may be saying, “But I can’t control the actions of my people, how can I be held liable for their negligence?” To read the letter of the law, “It is improper to assess large settlements or awards against any employer that undertakes good faith efforts to comply with employment and discrimination laws” [U.S. Supreme Court ,1999].

So take action now to get your dealership in compliance, and have a written plan in place for securing data and responding to a security breach. This topic isn’t a fun part of the business, just as with the ATV age restrictions, yet it is serious.

You May Also Like

Digital leads
MPN talent panel, AIMExpo 2024
MPN Digital retailing panel, AIMExpo 2024
National Powersport Auctions, NPA, Market Report
Business Management

Maximize Every Sale With F&I and PG&A

This recorded AIMExpo education track discusses how the bike is just the start of the sale.

Greg Jones
By Greg Jones
Greg Jones is the Content Director for Motorcycle & Powersports News.
Published:
MPN F&I panel, AIMExpo 2024

At AIMExpo 2024, Greg Jones, content director for MPN, moderated the finance and insurance (F&I) panel in MPN's Dealer Excellence education track. The panel consisted of Jason Duncan, McGraw Powersports; JD Baker, Protective Asset Protection; John McFarland, Lightspeed; and Zachary Materne, Apiar Commercial Risk Management.

In this session, Jones and the panel discuss how to maximize every sale beyond the bike with F&I and parts, gear and accessories (PG&A). The panel advises on best practices, how to make the purchase process more exciting, how to utilize technology in this process and more.

Read Full Article

More Business Management Posts
Elevating Your Sales Game Through Parts Packaging

Breaking down the art and science of a well-designed, customer-focused, profit-friendly parts package.

By Maggie Stevens
Unleash Your Experts: How to Be a Long-Tail Resource for Powersports Enthusiasts

Closing deals and providing service are a dealer’s bread and butter, but your dealership has far more to offer.

By Susan Medrano
dealership employees
Building a Growth Stategy With a Powersports Playbook

Success isn’t a fluke, and it’s not luck. It’s a strategy.

By Maggie Stevens
Fostering an F&I Culture That Sells

Dealership success hinges on the ability to cultivate a strong F&I culture.

By JD Baker

Other Posts

Increasing Profits Through Accessorizing

Go out and find the units to dress up — there’s lots of extra profit to be made.

By MARQ Smith
AJ Meisel Creates Community at Plano Kawasaki Suzuki

AJ has learned a thing or two over her 30-year powersports career.

By Greg Jones
AJ Meisel of Plano Kawasaki Suzuki
Q&A: Powersports Consumer Sentiment Forecast for 2024

Consumers aren’t delaying purchases because of the economy, but they’re still looking for deals.

By Meagan Kusek
motorcycle, money, wallet, consumer, customer
Nothing But Good Vibes at Santa Barbara Motorsports

Santa Barbara Motorsports is working to make every door swing count.

By Margie Siegal
Santa Barbara Motorsports