From Recalls to Cybercrime
Ice-cream meltdown, data hacking, product liability hightlight annual CSP crisis prevention forum.
Hot summers and ice cream go together like hot dogs and baseball games. So it was more than just a nightmare when Stewart’s Shops in upstate New York discovered over Memorial Day weekend that it would recall thousands of gallons of ice cream.
“We’ve been in business since 1921 and never had a recall until [now],” recalled Mary Anne Macica, risk manager for the 328-unit, family-run retailer. Macica shared the incident with about three dozen retailers and suppliers at the recent 2011 CSP Leadership and Crisis Prevention Forum. In the end, the EPA declared 100,000 gallons of Stewart’s ice cream “hazardous waste” and forced a recall that eventually cost the company more than $600,000. Meeting in Stewart’s backyard of Saratoga Springs, attendees covered a range of concerns, specifically:
- Product liability. Retailers need to be vigilant and make sure they have the proper insurance—and that both manufacturers and insurers are sufficiently backed—to handle any potential litigation.
- Growing regulation. Especially when it comes to overseas goods, retailers are becoming targets for regulators such as the Consumer Product Safety Commission (CPSC), which seeks to identify parties responsible for unfortunate events.
- Cybercrime. Data security and Payment Card Industry (PCI) rules surrounding debit acceptance at the pump continue to pose new questions of liability and exposure to retailers.
- Private label. With chains moving to as much as 30% to 35% private label, legal issues surround everything from patents to food safety.
Much of the new exposure stems from the larger trend of domestic manufacturing moving overseas, says Steve Burkhart, vice president and general counsel for BIC Corp., Shelton, Conn. “The manufacturer is not here anymore,” he says. “Sometimes you can’t tell who the manufacturer is … [but] the retailer is here.”
Handling a Recall
For Macica of Stewart’s, the domino of events began with a malfunctioning “dasher,” a cylinder with a rotating scraper inside. Initial breakdown was identified in mid-May; on the Friday before the Memorial Day weekend, plant workers found what the company describes as “foreign material” in the ice cream. The discovery occurred at 10 a.m. By noon, all production at Stewart’s icecream facility was shut down.
Staff cleaned the systems and identi-fied the dasher as the source of the problem. The company instituted its own recall, she said. Only 9% of the product in question went out to the stores and just 1% was sold; the rest never left the plant. The chain notified the proper authorities, detailing what happened, when and what action Stewart’s took. About a month later, the FDA sent a letter acknowledging Stewart’s initial notification to them and officially required the recall that had already been completed voluntarily weeks earlier.
In addition to the $450,000 in product lost, the chain paid $50,000 in dumping fees, including use of a burn plant because the ice cream was considered hazardous waste; $50,000 in transportation fees; and $50,000 in overtime.
“It was a Level 2 recall,” Macica said. “But we treated it like a Level 1.”
The chain continued its proactive stance, notifying the media, announcing the malfunction at the plant and saying that a nonharmful substance was in some product. Stewart’s released product codes and offered a couple of half-gallons of ice cream for the returns. To date, says Macica, the company has received no claims.
Lessons learned: Stewart’s preparedness efforts, including a manual and training, gave all those involved “level heads.” No one pointed fingers and everyone involved trusted each other.
The biggest lesson, however, was not internal. Rather, it was the positive customer response. “Loyalty of brand name and goodwill will carry you through a recall,” she said. Insurance specific to recalls is hard to come by, Burkhart said, mostly because of the expense. He suggested to the group to possibly look for insurers outside the country, or look for language in current policies that may cover recall costs. “We’re all exposed to a recall,” Burkhart said. “2009 was a record year for recalls and 2010 broke that record.”
One of the newer threats leaving companies exposed to liability is cybercrime. The most recent high-profile hacking case comes from Sony’s Playstation Network, from which an estimated 70 million users may have had personal information accessed. The story, which broke in April, has people asking: What did the San Diego-based Sony Electronics Inc. know, and when did they know it?
Such queries are a business owner’s worst cyber-nightmare, with a potential minefield of litigation—one that saw Sony’s insurer reject claims to its general liability policy, according to Stewart Van Duzer, first vice president of Federated Mutual Insurance, Owatonna, Minn. Such crimes can involve outside intruders or even disgruntled employees hacking into or stealing business computers, laptops or cellphones. It can involve the release of employees’ Social Security numbers or people getting credit-card data skimmed from pumps or ATMs. Some instances even put data thieves sitting in cars and wirelessly capturing data from thin air. The good news, Van Duzer said, is that coverage is out there. Reputable insurers are moving into this area. The bad news is that the application process can be complex. Most likely, someone in the chain’s information technology (IT) department will need to fill out the requisite forms, with most questions involving the chain’s security measures. For c-store retailers, much of the concern centers around the pumps. Tim Weston, product manager for Wayne, a GE energy business, Austin, Texas, said criminals today are skimming card numbers from dispensers. The trick, he said, is implementing measures that make their pumps less desirable than the ones down the street. Some of these methods include:
- Replacing “universal” keys on dispenser doors with individual ones.
- Replacing default passwords in the payment devices.
- Using door stickers that can alert attendants to a break-in.
- Have all dispenser technicians check in before doing work, thwarting thieves posing as workers.
- Have processes in place to monitor pumps for possible intrusion.
Many of the measures designed to lock down pumps from data thieves are inexpensive, Weston said, and many are not even mandated by PCI rules. Much of PCI’s focus regarding pumps has been for upgrading in-pump card readers to encrypt debit-card data. Attendees agreed that compliance with the major credit cards’ mandates (via PCI) do not synch up with dispenser security, but were a part of a larger movement to improve security. Retailers such as David Zakrzewski, president of Coulson Oil Co. Inc., Little Rock, Ark., said he’s brought in PCI auditors and upgraded all of his dispensers to compliance levels. “We wanted to be ahead of the ball game,” Zakrzewski told the group.
As discussion moved from data integrity to what’s sold in the store, attendees examined product liability as it applied to merchandise, foodservice and privatelabel products.
Some chains are targeting 30% to 35% of their stores for private label, Burkhart of BIC said. One issue moving forward is that of patents, wherein retailers must have the rights to make the products they’re selling.
Taking the case of fuel cells, he said 2,000 patents a week are filed. Adding to the confusion is how patents don’t become public for 18 months. And while a patent may not be granted as it was filed, the lag time only adds to the issue’s complexity.
Another concern regarding patents is product packaging and labeling. If expired patents are labeled on merchandise on the store shelves, the retailer could be held liable according to the law, Burkhart said.
Other liability issues involve product safety and the exposure a retailer has in selling such items. Burkhart talked about overseas products made from chemicals such as melamine, which is used in plastic and fertilizers. Its use in pet food and baby formula to artificially inflate protein levels has made children sick worldwide, with four deaths recorded, he said. Novelty lighters are also a concern. Such lighters, he said, can look like toys or key chains; he emphasized his point with a picture of a shelf in a toy store. Lighters shaped like the cartoon character Gumby looked like all the other toys. Though he did not say if any lawsuits tied to these lighters have emerged, municipalities in states such as Arkansas and Oregon have banned or are considering banning such lighters.
In many of these cases, retailers may even believe they are covered, but if they don’t have a certificate of insurance from the vendor or if the vendor’s insurer doesn’t have the wherewithal to cover a claim, then the retailer may be liable. Burkhart suggested retailers treat these potential liabilities as tangible threats to their profitability and take the proper measures to avoid litigation or fines. (See best practices, p. 139.)
If there is an underlying message here, it is this: Walk almost anywhere in your store and there are liability hotspots, from fuel tanks to Twinkies. Speakers at the conference touched on numerous other topics, including:
- Tobacco. Many insurance companies are writing exclusions in their policies for lawsuits involving tobacco products.
- Truck drivers. Expect stricter regulation on reporting requirements for drivers, with an accumulation of infringements possibly affecting a company’s entire fleet.
- Underground storage tanks. Disaster training mandates are becoming popular with insurance companies and state and local municipalities.
- OSHA inspections and fines on the rise. Changes at the federal level within the Occupational Safety and Health Administration and a renewed emphasis on enforcement mean a stronger potential for fines.
“We can’t pass any more bills, so we’ll give you another regulation,” said William Dake, chairman of the board of Stewart’s, commenting on the state of government today. (See more of Dake’s thoughts on p. 142.)
Dake and other attendees believed that managing risk for c-store retailers is an evolving job, especially as lawsuits, regulation and the economy’s global nature continue to increase.
For retailers hoping to minimize exposure to lawsuits, Steve Burkhart of BIC Corp. shared several best practices: Control purchasing. Place controls over what employees bring into the store. Burkhart said he visited a drug store where the pharmacy at the back end was strictly controlled, but purchasing at the front counter was not.
Obtain indemnity and sufficient insurance coverage from highly rated companies.
Consider insurance from foreign countries. Getting insurance from companies in countries where the products are manufactured may increase the likelihood of coverage.
Insist on proof of compliance to standards and regulations.
Follow the law. Deal with reputable, financially responsible manufacturers and distributors.
Participants in the 2011 CSP Leadership and Crisis Prevention Forum,
held July 26–28 in Saratoga Springs, N.Y.:
Circle K Stores Inc. :Doryce Norwood
Coulson Oil Co. Inc.: David Zakrzewski
CPD Energy.com: Mickey Jamal
Gate Petroleum Co.: Thomas Glavin
Handee Marts Inc.,dba 7-Eleven: Mary Innamorato
Huck’s/ Martin & Bayley: Sheri Stevens
Kwik Trip Inc.: Stephanie Thompson
Maverik Inc.: Nancy Couch
Prima Marketing: Joe Kester
Quick Chek Food Stores Inc.: Suzanne Delvecchio
Rutter’s Farm Stores: Scott Hartman
Stanley J. Clark Inc./See USA LLC: Roger Distle
Stewart’s Shops Corp.: David Caruso William Dake John Greenwood Mary Anne Macica Tom Mailey Jim Norton Thorntons Inc.: David Bridgers
BIC Corp.: Mary Boehlert Steve Burkhart Joanne Carson Carol Cleveland Patrick Cordle Ruth Thompson Yana Yanagisawa
Federated Mutual Insurance: David Galligani Stewart Van Duzer
Law Offices of David H. Baker :LLC David Baker
Wayne, a GE Energy Business: Bill Reichhold Tim Weston
Towne, Ryan and Partners P.C.: Christopher Lyons Claudia Ryan
Dake’s Take on Business
To provide a top-level perspective on risk reduction and business in general, William Dake, chairman of Stewart’s Shops in Saratoga Springs, N.Y., took the time to address forum attendees. Here are a few of his thoughts:
“We buy equipment and materials and they depreciate. When you invest in people, they can appreciate.”
“We have a reputation in various … insurance [incidents] of being tough but fair. There have been a couple of instances where [we gave] law firms a certain level of embarrassment. They’re much more careful about going after us [now].”
“You can continue to grow. We have bought most everything worth buying, but most people wait and run their businesses too far to the point where the situation is too weak.”
“We’re constantly moving. We’re transitioning from packaged goods to foodservice … but it doesn’t change the composition of what we do.”
“The question for the industry is, how do you function in an [economic] environment that has flattened and may take a whole other hit?”
One of the resources shared at the forum was a computer-based program that helps users assess their risk and formulate a potential insurance strategy. Available through insurance providers, the Open for Business program uses ZIP codes, floodzone maps and other company data to produce a suggested plan, said Stewart Van Duzer of Federated Mutual Insurance.