top of page
2 min read

How to Hire Dealership Employees (Without Getting Sued)

Updated: Oct 31, 2024


Originally published in November 2020.


Discrimination in Hiring


We all know that terminating an employee may lead to a charge of discrimination. But it can happen at the other end of the employment lifecycle, too – the hiring process.


Discrimination in hiring is as illegal as discrimination in firing. People don’t sue you for hiring them, but those whom you don’t hire might. So how do you reduce the odds?


Protected Classes


First, do not discriminate. That should be obvious. What’s less obvious is that you shouldn’t even create an appearance that you MIGHT be discriminating. As you recall from our last episode, under federal law, protected classes include the following: age, disability, national origin, color, race, religion, and sex, including pregnancy discrimination. That’s under federal law. Individual states and localities may include additional protected classes, so always check with local counsel for the lay of the land.


If you can’t fire someone for falling within a protected class, you can’t refuse to hire someone for falling within a protected class. And here’s the real point of this episode: you shouldn’t ask questions in an interview, or mention in an employment ad, anything that touches upon a protected class status.


For example, it is illegal to discriminate against women who are pregnant or may become pregnant. So if you ask a female applicant if she intends to have children, that’s a no-no. That’s obvious. But what if the applicant sees a picture of your seven kids in your office and asks you about them? You might want to continue that line of conversation and ask about her kids. It’s just normal, polite conversation. Don’t do it. If she says she hopes to have a family and you don’t hire her, you’ve created the appearance that you discriminated, even if she’s unqualified for the job. People have been sued for less.


Questions You Should Never Ask a Job Applicant


Here's a list of questions you should never ask a job applicant. What they have in common is that they touch upon protected class status. This list is not exhaustive, but should give you the idea:

  • When did you graduate? Age can be estimated from graduation years, and it is against the law to discriminate against people over 40.

  • I love your accent. Where are you from? Or, are you an American citizen? Or, what language do you speak at home? National origin is a protected class. ‘Nuff said.

  • Do you have any disabilities? If an applicant comes in with a seeing-eye dog, this is self-evident. But not all disabilities are obvious – think epilepsy or Lyme Disease – and many disabilities are protected under the Americans With Disabilities Act.

  • What church do you attend? Unless your dealership is a church, don’t go there. Religion is a protected class.

So yes, you may hire employees without getting sued – provided you don’t discriminate or create the appearance of discrimination. Every. Single. Time.

3 min read

Dealership Safeguards Compliance: Developing Your Written Information Security Program

Updated: Oct 31, 2024



Your WISP should address the risks identified in the risk assessment that you conduct and how you plan to mitigate these risks.


What is a Written Information Security Program?


A written Information Security Program or “WISP” is the document that defines the administrative, technical, and physical safeguards you will use to protect the customer data that your business collects. Your WISP should address the risks identified in the risk assessment that you conduct and how you plan to mitigate these risks.


Physical Safeguards


Physical Safeguards are the most obvious type. This means keeping unauthorized persons physically away from documents or networks containing customers’ NPI. Locks are one example of a physical safeguard. Offices, where NPI is available, should be lockable and locked when an authorized person is not present.


Technical Safeguards


Technical Safeguards are the most important means you use to protect customers’ NPI and may require the advice of IT professionals. Limit permissions to electronically-maintained NPI to only those persons who need it to do their jobs. Properly configured firewalls, anti-spam protection, and anti-virus protection are all technical safeguards that need to be considered. In addition, an intrusion detection system should be installed, including real-time monitoring. Most hackers exploit known vulnerabilities. New vulnerabilities can arise literally overnight, which is why real-time monitoring is so important.


Administrative Safeguards


Administrative Safeguards involve changing the way your employees do their jobs and your dealership conducts its business so that the protection of customers’ NPI is enhanced. Employees are your biggest risk when it comes to safeguarding customer information. It is important that you conduct regular training on best Internet practices such as not clicking on links and attachments in unknown emails that may be phishing attempts; frequently changing passwords and keeping them secure; not giving out user names or passwords, and being suspicious of unusual emails.


Why do I need a WISP?


A WISP is a requirement of the Revised FTC Safeguards Rule. Any business that collects the non-public personal information of customers should have a WISP that outlines how they will protect this data. Here is what the revised FTC Safeguards Rule says about the WISP:


Information security program.
You shall develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue. The information security program shall include the elements set forth in § 314.4 and shall be reasonably designed to achieve the objectives of this part, as set forth in paragraph (b) of this section.
(b) Objectives. The objectives of section 501(b) of the Act, and of this part, are to:
(1) Insure the security and confidentiality of customer information;
(2) Protect against any anticipated threats or hazards to the security or integrity of such information; and
(3) Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.

What do I do with the WISP once it has been created?


Once your WISP is adopted you’ll need to test your program and periodically audit the program to ensure its effectiveness. If your program is lacking you may need to update it.


The Safeguards Rule calls for an adjustment in response to “any material changes to your operations or business arrangements.” What this could mean in the context of a dealership is the addition of a new location to your dealer group. A new building would require its own risk assessment and safeguards.


Another “material change” could include switching DMS or other systems. Any other circumstances that you know or have reason to know may have a material impact on your information security program should also prompt a change to your WISP. This might mean unusually high employee turnover, an actual break-in at your dealership, or a customer’s report of an identity theft that may have originated at your dealership. All such events should be taken seriously and should result in a prompt – and documented – program audit, followed by a review, and if necessary, an update of your WISP.


Must I draft a WISP from scratch?


No – NADA has an excellent template in their Dealer Guide to the FTC Safeguards Rule. It’s free for NADA members or may be purchased by non-members for $89. You can download it here. If you need help getting started, Mosaic and our partners have resources to help. If you would like to learn more contact us for a Safeguards Consultation today or get started now by filling out our Network Status Questionnaire.

3 min read

How to Handle Firing an Employee at Your Dealership (Without Getting Sued)

Updated: Oct 31, 2024



Originally published in October 2020.


“At-Will Employment“


Yes, you are allowed to fire employees and no, it is not a crime. 49 states are what we call “at-will employment” states. The one exception is Montana, which codifies certain protections that generally exist under the common law of the other 49, but that’s beyond the scope of this episode.


“At-will” employment means you may fire an employee at any time, and the employee is entitled to quit at any time. Severance pay from an employer or two weeks’ notice from an employee is nice, but not required by law.


When I say an employer may fire an employee at any time, that doesn’t mean there are no limits to this otherwise broad right. In a nutshell, an employer may terminate an employee for a good reason or for no reason, but not for a bad reason.


Bad Reasons


What constitutes a bad reason? Under federal law, bad reasons include the following: age, disability, national origin, color, race, religion, and sex. That’s under federal law. Individual states and localities may include additional protected classes, so always check with local counsel if you have any local questions.


There are three exceptions to the at-will employment doctrine. The first is called the public policy exception. This means that an employer may not terminate a worker for taking advantage of services or rights to which they are entitled. For example, you may not fire an employee for filing a workers’ comp claim.


The second exception to the at-will employment doctrine is implied contract. If your dealership has an employee handbook that sets forth steps to be taken before an employee may be fired, those steps must be followed. If they aren’t, you may have a lawsuit on your hands.


The third exception is called “covenant of good faith and fair dealing.” This is not common and is recognized in only 11 states. But if you’re in one of those states, your right to fire an employee for no reason may be somewhat limited.


And here’s where it gets tricky. The employer may terminate an employee for substandard work or excessive absenteeism, but the employee may allege the real reason was actually one of the bad reasons. What’s an employer to do?


Employee Handbook


The first thing to do is make sure you have a written employee handbook that makes clear employment is at-will (assuming you’re not in Montana). If you have a progressive discipline process in place, state that it may not apply in all cases. I have personally fired two employees for embezzlement. If you steal money from my firm, no amount of counseling and probation will save your job.


Documentation


And document everything. If an employee is not performing up to standards, document that fact and the steps taken to help the employee improve. If termination becomes necessary, document the reason EVERY SINGLE TIME. Establish a protocol for terminating employees and follow it.


If the terminated employee is over 40 and you ask for a release – generally offered in connection with a severance payment – that older employee must be given additional time to review the document, have the ability to revoke the agreement for a specific period of time after signing, and be told to consult an attorney before signing.


If the employee you fired has health insurance through the dealership, you need to provide a COBRA continuation notice. If this all seems complicated, well, that’s why we have HR professionals. If your dealership doesn’t have a full-time HR Director, there are part-time, on-demand professionals that can pinch hit as the need arises.


So yes, you may terminate employees without getting sued – provided you are fair and consistent and document your reasons. Every. Single. Time.

bottom of page