Uncorking Accessibility

Ensuring Your Website Complies With the ADA

By: Vanessa Ing, Farella Braun + Martel

In today’s digital age, having an online presence is crucial for businesses, including wineries, breweries, and other beverage companies. Accordingly, it’s essential to ensure that your beverage website meets federal standards for accessibility to avoid lawsuits and fines. In this article, we will help beverage companies understand how to comply with federal law and implement accessible features on their websites.

Why is Web Accessibility Important?

  In 1990, Congress enacted the Americans with Disabilities Act (ADA). It prohibits businesses open to the public (otherwise known as “public accommodations”) from discriminating against people with disabilities in everyday activities. These everyday activities can include purchasing goods and services, or offering employment opportunities. 

  In March 2022, the U.S. Department of Justice issued web accessibility guidance, reiterating that ensuring web accessibility for people with disabilities is a priority for the Department. Relying on the ADA’s prohibition against discrimination and its mandate to provide equal access, Department of Justice emphasized that the ADA’s requirements apply to all the goods, services, privileges, or activities offered by public accommodations, including those offered on the web. The Department of Justice’s guidance was particularly timely given that many services moved online during the pandemic. 

  In its guidance, the Department of Justice explained that people with disabilities navigate the web in different ways: for example, those with visual impairments might require a screen reader that reads aloud text to the audience.  Those with auditory impairments might require closed-captioning software, while those with impaired motor skills might require voice recognition software.  A website, therefore, should be compatible with the full range of such software. 

Is Your Beverage Company a “Public Accommodation” Business?

  Public accommodations include businesses that sell goods and services, establishments serving food and drink, and places of recreation or public gathering.  Companies that sell drinks, wineries that offer a tasting room, or breweries that host events are all considered public accommodations.  Thus, those businesses’ websites must comply with the ADA by being accessible to people with disabilities. 

  It is an open question whether beverage companies without a physical location open to the public must still have ADA-compliant websites. Some jurisdictions, like the Ninth Circuit (which has jurisdiction over Alaska, Arizona, California, Hawaii, Idaho, Montana, Nevada, Oregon, and Washington), have tied the necessity of ADA-compliant websites to the existence of a brick-and-mortar location (Robles v. Domino’s Pizza, LLC). However, the Department of Justice, along with several federal circuit courts of appeals, has taken the position that even a public accommodation business without a physical location must have an ADA-compliant website. 

  Given the increased prevalence of online-only services open to the public, it is very likely that litigation over the next few years may resolve this open question.  In the meantime, it is wise for beverage companies to take preventative caution and ensure that their websites are accessible. 

What are some Website Accessibility Barriers?

  To ensure ADA compliance, beverage companies must be aware of common website accessibility barriers.  These include poor color contrast, lack of descriptive text on images and videos, mouse-only navigation, and more.  By addressing these barriers, beverage companies can enhance the user experience for people with disabilities.

  Six examples of website accessibility barriers highlighted in the DOJ’s accessibility guidance include:

•    Poor Color Contrast: Ensure sufficient color contrast between text and background to aid individuals with visual impairments or color blindness. Use color combinations that are easy to distinguish.

•    Use of Color Alone to Give Information:  Avoid using color alone to provide information.  Using color alone can be very disorienting for someone who is visually impaired or colorblind.  Someone who is colorblind might not be able to distinguish between shades of gray.  One solution might be to ensure that symbols conveying information are differently shaped.    

•    Lack of Descriptive Alternative Text for Images and Videos: Provide descriptive text (alt text) for images and videos, allowing screen readers to convey the information to visually impaired users. This makes your content more accessible and inclusive.

•    No Closed Captions on Videos: Include closed captions for videos to accommodate individuals with hearing impairments. Utilize manual or automatic captioning options and review the captions for accuracy.  Free options are available on the web.

•    Inaccessible Online Forms: Make online forms user-friendly for people with disabilities. Provide clear instructions before the form, ensure that a screen reader could recognize required fields and fields with special formatting, ensure keyboard-only navigation, use accessible labels for inputs, and display clear error messages.  Note that an image-based CAPTCHA is not a fully accessible way to secure your form; your CAPTCHA should offer users who are visually impaired an audio alternative.

•    Mouse-Only Navigation: Enable keyboard-only navigation on your website to assist individuals with motor skill impairments or those who cannot use a mouse or see a mouse pointer on the screen.  Make sure all interactive elements can be accessed using the tab, enter, spacebar, or arrow keys.  Use a “Skip to Main Content” link to ensure that users employing only a keyboard can easily navigate the website’s primary content. 

  To implement these features, beverage companies should discuss accessibility concerns upfront with the web developer.  Beverage companies should keep in mind that posting a phone number on a website to call for assistance, as commonly utilized by businesses, does not sufficiently provide equal access to the website and the services or goods provided.

Who can Sue Beverage Companies?

  Non-compliance with ADA standards can lead to potential lawsuits.  Although some courts have held that a nexus must exist between a private plaintiff’s disability and the web accessibility barrier claimed, a private plaintiff may easily surf the web for websites that are inaccessible.  A private plaintiff may then file a lawsuit in federal court without first notifying the business.  Further, liability under the ADA is strict, which means that the intent of the business to comply is immaterial.  Thus, it is prudent for beverage companies to proactively address accessibility issues to avoid potential legal troubles. 

  Private lawsuits under the ADA can result in injunctive relief (a court order to comply with the ADA) and attorney fees.  And in some states, like California, the state law version of the ADA may enable plaintiffs to demand monetary damages ($4,000 per violation of the ADA). 

  Government involvement, while less frequent, is possible in cases involving national retailers.  If the Department of Justice observes a pattern or practice of discrimination, the Department will attempt to negotiate a settlement, and may bring suit on behalf of the United States. At stake are fines of up to $75,000 for the first ADA violation, and up to $150,000 for each subsequent violation.

What are the Rules for Website Accessibility?

  Although the ADA itself does not spell out the rules for website accessibility, several sources provide detailed rules that can aid beverage companies in building accessible websites. 

  First, the ADA authorizes the Department of Justice to enforce the statute.  Accordingly, the Department develops and issues regulations explaining how businesses must comply.  Specifically, § 36.303 of the Electronic Code of Federal Regulations specifies that a public accommodation shall provide auxiliary aids and services when necessary to ensure effective communication with people with disabilities, and that a public accommodation should consult with people with disabilities whenever possible.  The Department also issues administrative guidance, such as its March 2022 guidance described above.  

  Second, Section 508 of the Rehabilitation Act of 1973, which requires federal agencies to make their electronic and information technology accessible to people with disabilities, provides detailed guidance concerning the display screen ratios, status indicators, audio signals, and other accessibility features. 

  Third, the Web Content Accessibility Guidelines 2.1 (WCAG 2.1), which were originally designed by a consortium of four universities, provide highly specific web accessibility guidelines grounded on the idea that information on the web must be perceivable, operable, understandable, and robust.  These guidelines are widely referenced in court cases and settlements with the Department of Justice, as the guidelines address numerous aspects of web accessibility and offer three different levels of conformance (A, AA, AAA). Beverage companies can consult the WCAG 2.1 guidelines (including a customizable quick reference guide, at https://www.w3.org/WAI/WCAG21/quickref/) to ensure their websites meet ADA compliance. 

Looking Ahead

  Web accessibility standards evolve over time, with updates being released periodically. Beverage companies should stay informed about changes and updates to ADA compliance regulations. For example, the WCAG 3.0 is scheduled for release in the latter half of 2023, further refining accessibility guidelines.

  In sum, by understanding and identifying web accessibility barriers, and implementing necessary accessibility features, beverage companies can enhance user experiences and minimize the risk of legal repercussions. Embracing web accessibility is not only legally required but economically prudent in the long run, as it enables beverage companies to cater to a broad and varied audience, and demonstrates a commitment to inclusivity in the digital realm.

  Vanessa Ing is a litigation associate with Farella Braun + Martel and can be reached at ving@fbm.com. Farella is a Northern California law firm representing corporate and private clients in sophisticated business and real estate transactions and complex commercial, civil and criminal litigation. The firm is headquartered in San Francisco with an office in the Napa Valley that is focused on the wine industry.

Should I Open Up a Claim?

By: Trevor Troyer, Agricultural Risk Management

When to open up a claim on your grape crop insurance is important.  A lot of growers say that don’t know if they have a payable loss early in the season.  With grape crop insurance you are covering an average of your production per grape variety. Depending on what coverage level you have chosen this could mean you have a large deductible or small one.  I agree it is hard to tell how much early season damage will affect tons harvested.

  Mid May this year there was a bad freeze/frost event in the Finger Lakes region of New York.  While late spring frosts are not uncommon, this one was really bad.  There was widespread damage to grape vines across the Finger Lakes.   The extent of the damage is not fully known at this time.  But there will be a reduction in the tons harvested this year for sure.

  In a situation like the above a claim should be opened immediately.  More than likely, due to the severity of the frost, an adjuster will come out and inspect the vineyard.  I always tell growers that they should take pictures of the frost damage that morning.  It is always good to document damage as close to the time it occurred as possible.

  It may be that some varieties of grapes show more damage than others.  This is to be expected as some are more resistant to cold.  And from what I have seen over the years with frost and freezes is that it doesn’t affect a vineyard or field evenly.  You might have more damage on one side of the vineyard or more damage on the lowest part of the blocks etc.  Damage varies but just because one variety or one area looks better than others doesn’t mean that you should not open a claim on that variety or block.

  I know that secondary and tertiary buds will emerge in the next few days or weeks after a freeze.  You should open up a claim now regardless.  The damage may be less than you think and you don’t end up having a payable claim.  But it is still best to get one opened up right away.  Don’t wait to see how many tons you harvest before opening a claim! 

  Here is an excerpt from the “How to File a Crop Insurance Claim” Fact Sheet from the USDA:

  Most policies state that you (the insured) should notify your agent within 72 hours of discovery of crop damage.  As a practical matter, you should always contact your agent immediately when you discover crop damage.

  That same night in May, that saw the frost/freeze in the Finger Lakes region, also saw damage to vineyards along the coast of Lake Erie.  I received calls and emails from growers stating that they had had frost as well.  Obviously, the damage was not as bad as the Finger Lakes, but frost on new buds is not something any vineyard owner wants to see.  I opened claims for all of them even though the extent of the damage was not known.

  I cannot stress enough the importance of opening up a claim early. 

  A lot of claims with grapes are relatively routine.  Once the claim is opened an adjuster will come out and document the damage.  You will continue to grow your crop and try to mitigate any damage received. Once you harvest grapes you will meet with the adjuster and give him your production records that show your tonnage per variety.  He will then adjust the claim based your guarantee (average tons per acre per variety and the price for that variety in the county.)

  In some circumstances you will need to get direction from the adjuster before doing anything.

What are your responsibilities after damage if the grapes have not matured properly and will not?  What if they have been rendered unusable (smoke-taint has been a major cause of this in California)? 

  Here is a section from the Grape Crop Provisions that goes over this:

11. Duties in the Event of Damage or Loss.

In addition to the requirements of section 14 of the Basic Provisions, the following will apply:

(a) You must notify us within 3 days of the date harvest should have started if the crop will not be harvested.

(b) If the crop has been damaged during the growing season and you previously gave notice in accordance with section 14 of the Basic Provisions, you must also provide notice at least 15 days prior to the beginning of harvest if you intend to claim an indemnity as a result of the damage previously reported. You must not destroy the damaged crop that is marketed in normal commercial channels, until after we have given you written consent to do so. If you fail to meet the requirements of this section, all such production will be considered undamaged and included as production to count.

  It is important to stay in contact with your adjuster during a claim.

  A lot of things can happen to your vines that could cause them not to produce a full crop.  The insurance period is long and it is important to report everything that may reduce your crop.

  When you sign up for crop insurance, coverage for grapes starts on February 1 in Arizona and California.  It begins on November 21 in all other states.  The end of insurance unless it is otherwise specified by the USDA RMA, is October 10th in Mississippi and Texas, November 10 in Arizona, California, Idaho, Oregon and Washington.  In all other states the end of insurance is November 20th.  Crop insurance is continuously in force, once signed up for, unless cancelled or terminated.  Your coverage for following years, will be the day after the end of the insurance period for the prior year.

Here are the Causes of Loss per the Grape crop provisions:

(1)   Adverse weather conditions;

(2)   Fire, unless weeds and other forms of undergrowth have not been controlled or pruning

       debris has not been removed from the vineyard;

(3)   Insects, except as excluded in 10(b)(1), but not damage due to insufficient or improper

       application of pest control measures;

(4)   Plant disease, but not damage due to insufficient or improper application of disease control


(5)   Wildlife;

(6)   Earthquake;

(7)   Volcanic eruption; or

(8)   Failure of irrigation water supply, if caused by an insured peril that occurs during the

       insurance period.

  Adverse weather conditions could be anything that could cause damage to your grapes. For

example; drought, frost, freeze, excess moisture etc. Wildlife could be bird damage, deer etc.

Fire would also include smoke taint as that is a result of a fire.

  Crop insurance does not cover, the inability to sell your grapes because of a buyer’s refusal or contract breakage. It also doesn’t cover losses from boycotts or pandemics. Phylloxera is not covered, regardless of the cause. Overspray or chemical damage from a neighboring farm is not covered either.

  So, get those claims opened up early and stay in contact with your agent and adjuster.

Permit-Required Confined Spaces

By: Steven R. Sawyer, ARM, MS, CSP

As many employers have learned over the last few years, employees are a valuable resource.  The ability to find and keep employees has become a challenge for many employers in a variety of industries, including food and beverage agriculture.  Therefore, keeping employees safe is a top priority.

  Employers in the food and beverage agriculture industry, like vineyards and wineries, may have multiple confined spaces in which employees encounter in their daily job tasks.  These include vats, tanks, storage bins, tunnels, duct work, pits, drain systems, and liquid tanks and containers.  Many industry employees are required to enter these spaces as part of their jobs.

  Occupational Safety and Health Administration (OSHA), in their Permit-Required Confined Spaces standard 29 CFR 1910.146, describes a confined space as a space that is large enough for an employee to bodily enter and perform assigned work tasks, has a limited or restricted means of entry or exit, and is not designed for continuous employee occupancy.  Additionally, OSHA defines a Permit-Required Confined Space as a confined space with one or more of the following characteristics:  the confined space contains or has the potential to contain a hazardous atmosphere; the confined space contains a material that has the potential for engulfing the entrant; the confined space has an internal configuration with inwardly converging walls or a floor that slopes downward and tapers to a smaller cross section which could trap or asphyxiate an entrant; and contains any other recognized serious safety or health hazard. (OSHA.gov)

  The first step in protecting employees from the hazards of confined spaces is to evaluate the workplace to determine if the workplace contains permit-required confined spaces.  An initial survey or workplace evaluation should be conducted to locate and identify all confined spaces.  This initial workplace evaluation should be conducted by a qualified person who is familiar with the hazards and types of confined spaces.  Although this is the initial step, workplace evaluation must be ongoing for confined spaces which may change over time with the addition of new processes, equipment, or facilities.

  Once a confined space is identified in the workplace, the confined space should be treated as a hazardous area until a qualified person can determine the specific hazards.  Additionally, the qualified person will determine if the confined space is a permit-required confined space or a non-permit confined space.  Hazards an evaluator will look for include atmospheric hazards such as oxygen deficient or toxic atmosphere, biological hazards, mechanical hazards, physical hazards, and chemical hazards.

  If the qualified person has found permit-required confined spaces at the workplace, the employer must notify the employees.  Employees must know their workplace contains permit-required confined spaces, where the spaces are located and the hazards associated with those spaces.  Then, the employer must post signage to inform the employees of the permit spaces.  This signage can read “Danger – Permit-Required Confined Space, Do Not Enter” or a similar statement.  The signs should be posted on the entrance or in close proximity to the entrance of the permit space.

  At this point, an employer has a decision to make about their Permit-Required Confined Spaces:  either allow employees to enter or do not allow employees to enter.  If the employer makes a decision to not allow employees to enter permit spaces, then the employer should take effective measures to secure the spaces.  Some examples of securing permit spaces to prevent entry are padlocks, bolts, chains, and wire cables.

  If entry is necessary for employees to service or clean permit-required confined spaces, the employer must develop and implement a written permit-required confined space program and make the program available for employee inspection.  This written program should include written entry procedures for the permit-required confined spaces along with the hazards present, and how to eliminate or control the hazards. 

  The written permit-required confined space program should include an entry permit.  The entry permit is a document to be used for all permit-required confined space entries.  The entry permit should include the date of entry and authorized duration of the entry, the location of the entry, the names of all entrants, and the work that is being conducted in the confined space.  Additionally, the permit must include the names of attendants, the name of the entry supervisor, the hazards present in the space to be entered, how the hazards will be eliminated or controlled before entry, acceptable entry conditions, results of initial and periodic tests performed along with the names of the testers and when tests were performed, rescue and emergency services to contact in the event of an emergency, communication procedures between the entrant and the attendant, equipment necessary including personal protective equipment, testing equipment, communication equipment, alarm systems, and rescue equipment, other information deemed necessary for safe entry, and any additional permits such as hot work permits.  Lastly, the permit should have a signature line for the entry supervisor to authorize the entry, including the date and time of the entry.  The entry supervisor should communicate the contents of the entry permit to the authorized entry personnel and may wish to post the entry permit in a designated location.

  OSHA requires that employers provide training for all employees who must work in permit-required confined spaces.  The training should occur before the initial work assignment, when job duties change, employee performance deficiencies occur, or when the permit-required confined space program changes or operations change.  Although it is not required to train all employees to the extent of the authorized entrants training, it is a best practice to inform all employees of the confined spaces present in the workplace and the hazards that accompany the confined spaces.  

  If entry is required in a permit-required confined space, the employer must provide an authorized entrant (the person who enters the space and conducts maintenance or cleaning operations), an attendant (a person who remains outside of the confined space), and an entry supervisor (the person who oversees the entry operations and ensures the entrants follow the permit and are safe).  These personnel have specific duties that must occur to ensure safe entry into permit spaces.  Their duties must be followed in order to comply with the OSHA Permit-Required Confined Spaces standard.

  When the entry into the permit space is complete, the entry supervisor terminates the confined space entry.  The entry supervisor can also cancel the entry of the confined space if the conditions within the space are no longer safe for the entrant.  As a best practice, when the entry is complete, a debrief should be conducted with the entry personnel to determine if any changes are needed for future entry procedures.  Employers are required to keep canceled entry permits for one year.  Any deviations or problems with the entry should be noted on the canceled permits.

  Even with a permit-required confined space program in place, emergencies can happen.  It is important that local emergency responders are aware of the specific hazards associated with confined spaces in the workplace.  Invite local emergency agencies to the workplace and evaluate their knowledge of confined space rescue, their rescue equipment, and their capabilities. 

  Having a permit-required confined space program in place will help vineyards and wineries avoid catastrophic incidents and costly OSHA citations.  To learn more about Permit-Required Confined Spaces, go to osha.gov or ansi.org.

  Steven R. Sawyer, ARM, MS, CSP, is the owner/operator of LSW & Associates Safety Consulting Services, LLC.  Sawyer has been active in the safety industry since 1999, much of that time working with multi-faceted, high-hazard agribusinesses, developing a special expertise in grain bin engulfment and prevention; OSHA grain handling standards; lockout/tagout (LOTO); machine guarding; confined spaces; heavy equipment and specialized equipment operations; and safety program development and training.

Website:  sawyersafetysolutions.com

To Taste or Not to Taste

By: Louis J. Terminello, Esq., and Bradley S. Berkman, Esq.

That is the Question (with many more questions that need to be asked and answered, prior to spending and executing on a sampling program). The purpose of this article is to make brand owners – of all sorts – and wine marketers aware that each state has its own trade practice regulations that, if not adhered to, may portend the death knell of a costly marketing campaign, and expose violators and parties in privity to administrative action and civil fines. Specifically, this article with focus on tasting and sampling regulations as applied to manufacturers, brand owner, and third-party marketing companies.

  The above said, it seems fitting to briefly discuss how the alcohol regulatory framework came to exist, given that we recently celebrated the 89th anniversary of the end of prohibition (December 5, 1933), and one of the laws undergirding principles, that of Tied-House Evil.

  On December 3, 1933, Congress took action to alleviate the well-known social ills that came along with prohibition and the thirsty palates of Americans, with the introduction of the 21st amendment.  The U.S. Congress repealed the 18th amendment and turned much of the manufacture, distribution, and sale of alcoholic beverages over to the individual states. The amendment states:

Section 1. The eighteenth article of amendment to the Constitution of the United States is hereby repealed.

Section 2. The transportation or importation into any State, Territory, or possession of the United States for delivery or use therein of intoxicating liquors, in violation of the laws thereof, is hereby prohibited.

Section 3. This article shall be inoperative unless it shall have been ratified as an amendment to the Constitution by conventions in the several States, as provided in the Constitution, within seven years from the date of the submission hereof to the States by the Congress.

  Although seemingly uncomplicated in language, the 21st amendment laid the groundwork for the current state of the alcohol beverage bureaucracy and existing regulatory scheme. Section 2 granted the right for states to regulate alcohol beverage squarely within the confines of their borders.  Much of the beverage alcohol bureaucracy is controlled by the 50 states with limited authority resting in the hands of the federal government. In addition to federal laws and regulations, each state has developed its own set of myriad laws and regulations that stakeholders in the industry must adhere to, in order to remain in compliance.

  Much of these state regulations, particularly as applied to manufacturers and distributors, concern tied-house issues. Tied house can best be described, again in a general way, as the rules, regulations, and laws that govern the relationship between manufacturers, distributors, referred to as upper tier industry members, and retailers of beverage alcohol. One of the core concerns of tied house is addressing “things of value,” provided by upper tier industry members to retailers. Once again, in a general way, beverage laws often explicitly state what is permitted under tied house as an exception to it. All other activities, unless stated otherwise, are almost always prohibited. Sampling and tasting events by industry members at retail venues are considered a “thing of value,” and as such, the beverage laws of virtually every state have codified permissible activities; and in particular the who, what, and where of sampling and tasting events. 

The Who, the What and the Where

  The who, what, and to a lesser extent, the where, for the purposes of the article, is to make the brand owner aware that not all upper tier industry members can willy-nilly conduct tastings of beer, wine, and spirits. One must analyze first the commodity type involved (wine, beer, and/or spirt) and determine, based on each states laws, which industry member is permitted to conduct the tasting or sampling event in conjunction with that commodity type. It’s worth noting here that many states treat third-party marketers as industry members requiring them to adhere to tied house regulations, including tasting and sampling events. Importantly, many brand owners often hire third-party marketing and sampling companies to carry out the tasting programs. A violation by a third-party marketer is certainly problematic for that marketing company and could be interpreted as an imputed violation to the brand owner that hired them.

  To illustrate the above, and since the authors of this article reside in the Sunshine State (Florida),   what follows are the statatory exceptions to tied house as it relates to tasting and samplings by commodity type (wine, beer, and spirits). Florida very much relies on the plain or explicit language of the exceptions, and to stray outside the exception would be a violation of the Beverage Law.


  As to spirits brands, Florida Statute 565.17 governs tastings and limits spirit tasting and sampling events to distributors, craft distilleries, and vendors. The applicable section state:

A licensed distributor of spirituous beverages, a craft distillery as defined in 565.03 and any vendor is authorized to conduct spirituous beverage tastings upon any licensed premises authorized to sell spirituous beverages by package or for consumption on premises without being in violation of 561.42 [561.42 is the Florida Tied House Statute], provided that the conduct of the spirituous beverage tasting shall be limited to and directed toward the general public of the age of legal consumption.

Craft distilleries may conduct tastings and sales of distilled spirits produced by the craft distilleries at Florida fairs, trade shows, farmers markets, expositions, and festivals…”


  Florida Statute 564.08 governs tastings of wine, and limits such tasting and sampling events to distributors and vendors only. The statute states:

  A licensed distributor of vinous beverages, or any vendor, is authorized to conduct wine tastings upon any licensed premises authorized to sell vinous or spirituous beverages by package, or for consumption on premises without being in violation of 561.42 [once again, the tied house statute) provided that the conduct of the wine tasting shall be limited to and directed toward the general public of the age of legal consumption.

Malt Beverage (Beer)

  Florida Statute 563.09 governs tastings of malt beverage and limits such tasting and sampling events to allows manufacturers, distributors, importers and contracted third-party agents. The statute states:

  A manufacturer, distributor, or importer of malt beverages, or any contracted third-party agent thereof, may conduct sampling activities that include the tasting of malt beverage products…

  For illustration purpose only, the Sunshine state only allows licensed-Florida distributors and vendors to conduct tasting and sampling events for wine and spirits (with an exception granted to Florida licensed craft distillers). Manufacturers, importers, and third-party marketing companies may not conduct these types of events – malt beverage tasting on the other hand may be conducted by those industry participants.

  In addition, some states limit the types of venues where sampling and tastings may occur. Some states allow tastings on both on and off premise venues while others limit the allowable venue types. Other regulated matters may include the frequency of tastings, the permitted days of week and/or hours for sampling and tastings, and some states even require that tasting personnel be trained or hold licenses. The rules vary in every market and a knowledge of them is essential.

  Tasting and sampling programs are expensive undertakings for any brand owner of wine, beer, and spirts. The costs of goods, contractors, and brand swag ad up fast. If not properly planned and executed in accordance with the tasting and sampling laws of each state, the brand owner can also add the costs of violations – and depending on the severity – the costs of attorney’s fees. Regardless of which industry member you are, manufacturer, importer, distributor, or third-party marketer, it is imperative that a well thought out, compliant and effective sampling program(s) be put in place. Otherwise, the violating party will indeed be left with a bad taste in his or her mouth.

SMS Wine Marketing Compliance – 3 Simple Rules to Follow

By: Bryan St. Amant, Founder & CEO of VinterActive

  With the latest research showing SMS wine marketing is performing 32-times better than email, many DTC wineries are now eager to use text messaging to grow their business.

The great news is wine lovers are especially interested in staying in touch with their favorite brands using text messaging, and a new crop of SMS wine marketing solutions are now available.

  But industry awareness of the compliance rules all U.S. wineries must follow still seems to be a problem. Misinformation spread by dubious sources and rumors on social media now puts some wineries at risk of severe consequences.

  So in this article, we’ll demystify SMS wine marketing compliance so your winery can delight your customers and confidently profit from text messaging.

  DISCLAIMER: This advice is offered for informational purposes only and is neither intended as nor should be substituted for consultation with appropriate legal counsel and/or your organization’s regulatory compliance team.

What Regulations Apply to SMS Wine Marketers?

  Text marketing is regulated primarily by the Telephone Consumer Protection Act (TCPA). Unlike email marketing, these regulations are strictly enforced by the FCC.

  We don’t want to scare you, but failing to follow the law can have serious consequences. For example, in 2012, Papa John’s agreed to pay over $16 million to settle a class-action lawsuit against them for failure to get proper consent before texting their customers.

  In addition to the TCPA, wine marketers are also regulated by the Cellular Telecommunications and Internet Association (CTIA) which prohibits sending text messages about regulated products to consumers who aren’t of legal age. For SMS wine marketers accepting credit cards, you should also be familiar with the payment card industry’s PCI-DSS standards for securing payment card data.

  PCI-DSS isn’t the law, but it governs your relationship with credit card processors. And if you don’t comply with these standards, your business can be subject to costly fines and lose the ability to accept credit cards.  The good news is that SMS wine marketing compliance isn’t complicated! But it is mandatory to comply with three simple rules:

1)  Express written consent

2)  Age verification

3)  Payment card security

Express Written Consent

  Complying with the TCPA requires any business sending automated texts to obtain “express written consent” before sending any text messages.

That means you can’t just upload the names of wine club members, purchase a list of phone numbers, or assume you can text customers because you already have an “existing business relationship.”  If anyone tells you otherwise, you might ask them if they’ll foot your legal bills if they’re wrong.

You might be thinking, what’s “express written consent,” and how is it different than “written consent”?

  When you sign up for a service like Gmail, you agree to their terms and consent to paragraphs of language you probably didn’t read. But that type of consent isn’t good enough for text marketing — you can’t bury consent to receive texts in a privacy policy or a hard-to-read user agreement.

  By federal law, you must provide clear and conspicuous disclosure of what consumers are consenting to and who they’re consenting to get it from. The rules about asking customers to opt-in to text messaging depend on whether you’re sending transactional or promotional messages.

  Obtaining customer consent can be simple if you only send transactional messages containing information necessary to use your products or services. By adding a prompt to your checkout process that says, “provide your mobile number for shipping and delivery updates,” customers consent when they enter their digits.

  But the key term here is “necessary.”

  If your customers ask for SMS updates about an order, you can’t assume they’re opting in to receive texts about future releases or upcoming events. In the eyes of the FCC, these messages are promotional and require your opt-in message to include specific elements:

•    Who will be texting them.

•    What type of messages they’ll receive, and how often they’ll receive them.

•    Confirmation that consent to receive text messages isn’t required for purchase.

•    Instructions on how consumers can stop receiving your automated texts.

•    A link to your privacy policy and a disclaimer about data/message rates that may apply.

  Fortunately for wine marketers, our industry is already familiar with the importance of compliance. And SMS wine marketing solutions now offer built-in consent forms that comply with the law.

Age Verification

  In addition to the TCPA’s regulations about obtaining express written consent, wine marketers are subject to the Cellular Telecommunications and Internet Association’s (CTIA) prohibition against sending text messages to consumers who aren’t of legal age.

  These rules apply to any business promoting products or services associated with sex, hatred, alcohol, firearms, and tobacco, otherwise known as SHAFT. CTIA’s guidelines aren’t the law, but all wine marketers should carefully follow them for two reasons. 

  First, if someone lodges a legitimate complaint that you’re sending text messages to anyone younger than 21, any reputable text marketing service will quickly suspend your account. And in our view, U.S. wineries have a moral obligation to market their products only to adults over 21.

  So what are SMS wine marketers to do? 

  The answer is to use “age gates” whenever you offer consumers the chance to join your SMS list. Most carriers accept a wide range of age gates as long as they protect you from sending text messages to minors.

Examples of popular age gates currently in use include:

•    Websites that require visitors to confirm they’re over the age of 21 before entering.

•    An automated data collection system that requires text marketing subscribers to enter their DOB or confirm they’re over the age of 21.

•    A wine commerce system that includes DOB data confirming the age of your subscribers.

•    Signage in your tasting room that makes it clear your text marketing offers are only available to adults over the age of 21.

Payment Card Security

  All SMS wine marketers accepting credit/debit cards should know never to encourage customers to transmit card data via text because it’s not secure and violates the agreements you have with your payment processor. For over a decade, all merchants accepting payment cards have been required to comply with the payment card industry’s data security standards, also known as PCI-DSS. Complying with these standards offers your winery an essential element of protection in the case of a security breach. 

  Merchants that don’t comply with PCI-DSS guidelines then suffer a breach that exposes payment card data may be liable for fines of several hundred dollars for each card compromised.  So it doesn’t take many customers for non-compliant wineries to incur fines that might put them out of business.

Astonishingly, some sources in the wine industry still encourage merchants to put themselves at risk by using non-compliant methods to collect payment card data.

  If anyone tells you they have a way for your winery to see the full 16-digits of a payment card online, they’re inviting you to violate the terms of your merchant agreement by offering a solution that doesn’t comply with PCI-DSS.

  As tempting as it might seem to collect payment card data you can copy and paste, ask yourself why you don’t have access to this same data through your online store or your payment card processor’s portal? The answer is that it puts you out of compliance with PCI-DDS, it’s not secure, can hurt your customers, and exposes your business to unnecessary risk.

  Fortunately, there’s an easy way to use text messaging to invite customers to update payment card data in a way that complies with PCI-DSS requirements. Since all modern commerce systems have secure pages where customers can update their card data, sending a link to your commerce page is the best way to use SMS messaging to help customers change their payment information.

The Bottom-Line on SMS Wine Marketing Compliance

  Compliance with the law and industry standards should already be familiar to any wine marketer. After all, we’re selling a highly regulated product.

Although SMS marketing has its own unique rules, compliance issues shouldn’t keep your customers from staying in touch with you via text.

  Now that you understand the three most important compliance rules that apply to SMS wine marketing, your business can profit too.

Happy Selling!

About the Author

  Founder & CEO of VinterActive, Bryan St. Amant, is a pioneer in developing preference-based direct marketing and its successful application in the wine industry. His award-winning work has been featured in books, magazines, and seminars.

VinterActive is located in Windsor, California. For more information please call or visit thier website…707-836-7295; vinteractive.com

Rules of the Road for Social Media Advertising, Influencers and Wine Brand Owners

By: Louis J. Terminello, Esq. and Brad Berkman, Esq.

The COVID-19 pandemic has had a profound impact on the world of beverage alcohol. As the reader knows, e-commerce sales of all alcoholic beverages, and especially wine, have grown exponentially. The reliance by the consumer on their computer is resulting in a war of attrition against the three-tier system, the legal doctrine of Tied-House and trade practice concerns.

  One significant and deeply affected business sphere is how marketers are using technology to create brand awareness. Clearly, the beverage alcohol advertising landscape is in a state of flux and change. The internet and social media, in particular, have had a profound impact on virtually all consumer goods but it seems that the boundaries of acceptable alcohol advertising are being expanded outward. More significantly, the impact of the ‘influencer’ in the alcohol sphere has become an important marketing tool for raising brand awareness and driving case sales. A simple search on YouTube will quickly reveal innumerable posts and videos on the effective use of social media and the influencer to promote wine brand awareness.

  In the world of wine, there is room for influencers at all levels. Although in different forms, past practice supports this contention. There is little difference to the wine marketer between wine writers of the past and the videographer of the present. Whether it be number of points given by Parker, or the number of followers of an influencer, the goal is to raise brand awareness and ultimately move boxes. Obviously, certain categories of influencers will be used to advertise and market high-priced single varietals or a unique Meritage. Lower priced, broad market and perhaps younger focused labels require a different type of influencer.  However, the use of an influencer and the commensurate social media campaign, if not properly designed and executed, could be perilous for the brand owner.

  The purpose of this article is to provide the wine marketer who may be considering the use of influencers with the basic guidance for the effective use of the “influencer” and social media in order to withstand the scrutiny of alcohol regulatory authorities.

TTB and the FTC

  The Alcohol and Tobacco Tax and Trade Bureau (“TTB”) promulgates rules for compliant labeling, advertising, and related trade practice matters. State(s) alcohol control boards possess the authority to promulgate and enforce their own similar rules within their borders.  The regulatory agencies are certainly known to the reader. There is another federal agency, less known to those in the industry, called the Federal Trade Commission (“FTC”), which the wine marketer should be aware of.

  The FTC is an independent agency within the federal government that is tasked with, in its own words, “…protecting consumers and competition by preventing anticompetitive, deceptive, and unfair business practices through law enforcement, advocacy, and education without unduly burdening legitimate business activity.” The FTC has stated publicly that it has the authority and ability to enforce alcohol advertising rules on various media including the social media and the use of influencers.

Trade Associations

  Historically, alcohol beverage producers self-regulated their advertising initiatives by adhering to the guidelines of three (3) influential producer associations. Those associations are: 1) The Beer Institute; 2) The Wine Institute and: 3) Distilled Spirts Council of the United States or DISCUS.

All three associations have published guidelines for brand owners of each commodity to follow as minimal industry standards.

  The FTC has adopted these rules and advises that alcohol advertisers should comply with these standards. The FTC has openly stated it can file enforcement actions against brand owners that disregard the adopted standards. It is important to note that to date, the FTC has not often enforced these rules through administrative action. Given the changing nature of advertising and the “pushing of the envelope” by young influencers of acceptable standards it is wise to be familiar with them and work to be sure they are complied with.

  The main concern of the FTC is advertising that is intentionally or inadvertently directed to underage consumers and where the content of the advertisement may be of particular appeal to the underage drinker. Since this is a wine focused publication, we direct the reader to the short list below taken from the Wine Institute, which outlines best and responsible practices. Note that this is not a complete list, but highlights the most significant factors to bear in mind when constructing advertising content and in particular, overseeing the content of influencers broadcast on social media platforms.

Responsible Content

  Wine advertising shall not depict or describe in its advertising:

•    The consumption of wine for the effects the alcohol may produce.

•    Direct or indirect reference to alcohol content or extra strength.

•    Excessive drinking or persons who appear to be intoxicated or to be inappropriately uninhibited.

•    Any suggestion that excessive drinking or loss of control is amusing or a proper subject for amusement.

•    Any persons engaged in activities not normally associated with the moderate and responsible use of wine and a responsible lifestyle. Association of wine use in conjunction with feats of daring or activities requiring high degree of skill is specifically prohibited.

•    Wine in quantities inappropriate to the situation or inappropriate for moderate and responsible use.

•    Wine advertising should not depict or encourage illegal activity of any kind.

•    Wine shall not be presented as being essential to personal performance, social attainment, achievement, success, or wealth.

•    The use of wine shall not be directly associated with social, physical, or personal problem solving.

•    Wine shall not be presented as vital to social acceptability and popularity.

•    It shall not be suggested that wine is crucial for successful entertaining.

•    Wine advertisers should not Show models and personalities as wine consumers in advertisements who are or appear to be under the legal drinking age. Such models shall be 25 years of age or older.

•    Use music, language, gestures, cartoon characters, or depictions, images, figures, or objects that are popular predominantly with children or otherwise specifically associated with or directed toward those below the legal drinking age, including the use of Santa Claus or the Easter Bunny.

•    Be presented as being related to the attainment of adulthood or associated with “rites of passage” to adulthood.

•    Wine advertising shall in no way suggest that wine be used in connection with operating motorized vehicles such as automobiles, motorcycles, boats, snowmobiles, or airplanes or any activities that require a high degree of alertness or physical coordination.

•    Comparative advertising claims shall be truthful and appropriately substantiated and shall not be disparaging of a competitor’s product.

•    Wine advertising shall not degrade, demean, or objectify the human form, image or status of women, men, or of any ethnic, minority, religious or other group or sexual orientation. Advertising shall not exploit the human form, or feature sexually provocative images.

  It is important to point out that the three essential elements of brand advertising incorporated into the Wine Institute, Beer Institute and DISCUS rules, which are designed to ensure that a particular brand does not appeal to underage consumers, are:

•    No more than 28.4% of an audience for an advertisement is to consist of people under 21 years of age.

•    Content of the advertisement should appeal to individuals over 21 years of age-conversely; content should not appeal to individuals under 21 years of age.

•    Models and Actors employed should be older than 25 years of age and reasonably appear to be over 21 years of age.

  When deciding on whether to partner with an influencer, wine marketers should scrutinize the past content of the influencer as well as thoroughly analyzing the demographics of the influencers target audience.

  Although the Wine Institute is silent on this issue, the DISCUS rules state that the 25 year old threshold for models and actors does not apply to athletes, celebrities, spokespersons and influencers of legal drinking purchase age that are generally recognizable to their intended audience (see Code of Responsible Practices Distilled Spirits Council of the United Sates). The influencer does not necessarily have to be older than 25 years of age.

  Beverage alcohol manufacturing, production, taxation, Tied-House, and related regulatory matters are complex. Trade practice and advertising rules, standing alone are also detailed and complex. As this article suggests, the internet, social media, and the influencer are acting as disrupters of an orthodox system of doing business. Of course, the new media and the new media stars offer tremendous opportunities to raise brand awareness that translates to more sales. The best advice here is be aware of acceptable and self-imposed industry standards and make them part of an effective social and influencer media driven campaign. The FTC is poised to enforce these regulations and likely will do so the more and more influencers test the acceptable limits of alcohol beverage advertising. As wine brand marketers, strive for compliance to stay off the radar of the regulatory authorities. To do otherwise, could be costly.

Preparing for the Exit: Why Winery Owners Need to Develop a Harvest Strategy

By: Edward Webb, Partner, BPM & Kemp Moyer, Partner, BPM

Successfully running a business means overcoming numerous challenges. Owners need to scale the business, find competent employees, deal with regulatory issues like taxes and licenses, and create processes and systems — all while developing a robust customer base and go-to market strategy. For agribusinesses, owners have all these challenges plus whatever Mother Nature decides to throw at them. For California’s wine industry, this includes increasingly unpredictable variables such as drought, flooding, landslide, excessive heat, cold snaps, pests, and the growing risk of wildfires and damage from smoke taint.

  Despite these challenges, several successful business models predominate in California’s wine sector. There are fully integrated vintners that grow their own grapes, ferment them into wine, bottle them, and sell and market the finished product. Some winemakers do not own vineyards and, instead, purchase grapes from various growers before bottling and going to market. Finally, there are virtual wineries that buy completed wine and sell it under a brand name. Each models bring its own unique challenges and opportunities.

  While a few large producers dominate the state’s wine sector, most businesses are family-owned and operated. This can lead to a new and significant challenge: What happens when the owner wants to retire and either hand over or sell the business? When you include a force like a once-in-a-century pandemic, you can understand why many baby boomers — about 10,000 of whom turn 65 every single day — might be looking at an exit strategy right now. But, as you might imagine, exits can be more complicated than just a simple sale when a family is involved.

Planning is Essential

  First and foremost, an owner should start planning a “harvest strategy” well before they are ready to pull the trigger. To paraphrase Benjamin Franklin, failing to prepare is preparing to fail. A harvest strategy is a much more detailed plan than a “kitchen table” document.  It goes into great detail on the owner’s goals when they will exit the businesses. It tells the financial and operating story that the next owners need to know. It does not hurt that after more than a decade of quantitative easing, historically low-interest rates and a multi-trillion dollar government spending plan, there is plenty of cash in the system fueling record M&A activity.

  There are various factors that need to be considered in a well-constructed harvest strategy, and it is essential that these succession plans are communicated to all stakeholders, both in the family and with the company’s vital employees or managers. Talking things through will illuminate potential pitfalls, such as the owner’s children not wanting to continue with the business or being unprepared to take on potentially substantial operational challenges. Key employees might want to purchase the operation or refuse to continue working with a new owner. Understanding these dynamics will help when it is time to put the plan in motion and limit any unpleasant surprises. Planning ahead may also allow time to employ tax mitigation strategies.

  The harvest strategy provides detailed instructions on how the business is managed, including all the different procedures and systems used in the business. This document becomes increasingly vital as owners age because of life’s unpredictable nature. An owner could become incapacitated or worse, and the company might not survive without their critical knowledge. Owners should revisit the harvest strategy frequently for updates. Plans made today could be vastly different in five or ten years.

Understanding Value

  Regardless of what an owner chooses — either handing over the business to their children or selling it to someone else — any transaction requires the company to have a fair market valuation. Federal and state tax authorities will demand it, so selling the business to family for a dollar will not work. This valuation will look at all aspects of the company to determine its worth, including its financial performance, assets, inventory, real estate holdings and even the brand’s value. Qualified appraisers are the professionals that will undertake this task and will use different techniques and methods for the equity and/or underlying assets. Sellers should note that having a valuation supported by a third party can help minimize pitfalls during deals, like overvaluing an asset, which can cause potential buyers to walk away or not engage in negotiations.

  Appraisers can use a few different methods to calculate the value of the company’s real estate holdings. However, putting a price on a business is more nuanced than selling a single-family home. A typical technique would be to look at comparable sales of similar properties in that area and base the valuation on the transaction price. This method would take things like the size of the property into account, but not necessarily the cash flow potential of operations, including the production of grapevines.

  The value of the land and the grapevines depend on several factors, ranging from the variety of the plant, age of the vineyard, plant density, production per acre, and the presence of pests like vine mealybugs (VMB) and Virginia Creeper Leafhoppers or diseases like Grapevine Leaf Roll. Other improvements to the land will affect its price, including trellis systems, irrigation and frost protection systems. An appraiser might estimate the fair market value for this asset by calculating how much revenue the land generates based on projected demand, grape price trends, and the yield the land produces. A discounted cash-flow analysis could also be used to factor in variables like projected cash flows, industry cycles and general economic trends. Of course, an appraiser could use a combination of all these methods to determine the asset’s value.

Brand Awareness

  One asset that could be harder to put a value on is the company’s brand. It is an intangible that could be worth more than all of the physical property and inventory of the company. There are three methods to determine a brand’s value, and they are sometimes used together.

•    The first is to calculate the replacement cost of the brand. Basically, this involves formulating how much time and money it would take to re-create the brand from scratch, which are divided into three subsections:

      Brand Identity: Covers all items used to create and develop the brand’s identity, including the name, designing the logo, novel bottle designs, trademark and legal fees, websites and choosing a color palette.

      Brand Awareness: The cost of advertising, promotion and publicity campaigns for the brand to achieve its current level of market awareness.

      Market Position: This is the cost of retaining the business’s current clientele and includes advertising, discounting with distributors, and building relationships with retailers.

•    The second is comparable pricing. This method requires researching the sale of similar brands and using that as the foundation for a valuation. This can be a challenge if there are little or no sales of similar assets.

•    The third and final method is an income-based approach, also known as an “in-use” approach. This involves calculating the future earnings that can be directly tied to the brand to determine its value. The formula looks at everything from income to cash flow to cost savings generated from the brand.

Sell High

  If a winery owner’s family is not interested in maintaining the business, selling is the other option. The sale could be to an industry peer, a current employee, a high-net-worth individual or even a private equity fund. However, certain factors go into the sale and the final price beyond the valuation process discussed earlier.

  Any potential buyer is looking for the ability to generate future cash flow. Operating a winery takes leadership with specialized education and experience. This knowledge includes how to grow and harvest grapes, the manufacturing process, as well as storage of the wine. If the sale is to anyone but an industry peer or employee, this can hobble a deal or result in a lower sales price. As mentioned earlier, having a detailed manual on how to operate the business can help reduce transition issues that may impact price, but locking down an expert to assist with a sale can be essential to getting the maximum return in a sale.

Distressed Resolutions

  All the information above is based on the orderly sale or transfer of the business at a fair market value. That means there is a willing seller and a willing buyer. However, the price could be much lower in a scenario where the owner is forced to sell or liquidate, either through bankruptcy, the sudden death of key people, or litigation. In these situations, engaging an experienced restructuring professional is essential.  Navigating a distressed situation is difficult, doubly so when the business is yours.

  There are multiple variables for owners to consider and plan for as they create their harvest strategy. Being prepared for this transition will help them avoid costly mistakes or address issues early enough in the process to make them non-factors. This planning is essential to maximizing the value of their business. Owners contemplating making this transition would be wise to start the process and create their harvest strategy today.

Edward Webb has over 35 years of experience in consulting and financial management, including specific experience in business restructuring and leadership advisory services. Edward has a Doctorate in Business Administration and currently leads the Corporate Finance Consulting group at BPM, one of the 50 largest public accounting and advisory firms in the country, where he sits on the firm’s Management Committee.

With more than 15 years of experience in complex financial advisory, and a primary focus on valuation services, Kemp Moyer has led hundreds of business and asset valuations in his career with substantial industry experience in technology, life science, professional services, food and beverage, digital assets, manufacturing, and consumer business, among others. A partner in BPM’s Advisory practice and head of the firm’s Valuation team, Kemp’s valuation experience includes M&A and IPO preparation and support, fairness and solvency opinions, and litigation support and dispute resolution, among other high impact analyses.

Non-Fungible Tokens The Continued Evolution of Blockchain Use

A non-fungible token (NFT) is an original, autochthonous asset of value that cannot be replaced with an identical asset. An NFT has a unique, traceable print that has the capability to take on disparate forms and fluctuating values based on market or other forces for trade in a monetary or financial transaction.

NFT’s are specific units of data stored in a digitized blockchain, usually for the purpose of covert exchange between parties. Because an NFT has a unique digitized signature, it is nigh impossible to replicate but easy to assign value as agreed upon between parties (buyer and seller) using a “smart contract” as the agreement vehicle.

For example, an artist may digitally create an image authenticating it using blockchain. However, when purchase of an NFT does not necessarily convey the bundle of legal rights generally associated with ownership of a physical or digital item – it instead conveys ownership of a unique token identifier associated with that NFT. The token identifier is unique but traceable and stored in a public database that serves as a ledger. Anyone can verify data regarding the image: who created it and when, ownership, tracing ownership, etc. This is a secure transaction because the authentication marker as part of the blockchain cannot be copied. It is digitally secure and digitally traceable to the source.

Digital art, a cartoon, a memory collage-like tokenized collectibles, a pair of gym shoes, an important tweet can be sold as NFT’s through the blockchain. The ability to use NFT’s as a method of payment and smart contracts as a contracting vehicle allows anyone who understands the technology or at least understands this digital process to buy and sell worldwide in a secure, traceable environment. The first NTF transaction happened in 2014 with a tradable blockchain marker affixed to the digital artwork.  In the first quarter of 2021, over 200M was spent on NFT’s using online platforms.

Smart contracts, blockchain technology, and NFT’s are the trading blocks to be used in place of traditional contractual vehicles and hard currency. Understanding how this technology works will help clients avoid being taken advantage of by an unscrupulous contracting partner or running afoul of tax, ethics, and other regulatory compliance requirements. Blockchain and NFT’s are here to stay.

Dan has practiced law in Silicon Valley since 1977. The Firm’s practice is limited to regulatory law, government contract law, and international trade law matters. Dan has received the prestigious “Silicon Valley Service Provider of the Year” award as voted by influential attorneys in Silicon Valley.

He has represented many very large global companies and he has worked on the massive US Government SETI (Search for Extra Terrestrial Intelligence) project as well as FOEKE (worldwide nuclear plant design certification), the Olympic Games, the first Obama town hall worldwide webinar, among other leading worldwide projects.

Dan has lectured to the World Trade Association, has taught law for UCLA, Santa Clara University Law School and their MBA program, lectured to the NPMA at Stanford University, and for the University of Texas School of Law.

Dan has lectured to various National and regional attorney associations about Government contract and international trade law matters. He has provided input to the US Government regarding the structure of regulations relating to encryption (cybersecurity). He has been interviewed about international law by the Washington Post, Reuters and other newspapers.

He is the author of four books unrelated to law, one of which was a best seller for the publisher, and of dozens of legal articles published in periodicals, technical and university journals distributed throughout the world. He serves as an expert witness in United States Federal Court regarding his area of expertise.  

MINUTILLO’s e-newsletter and all of its content is provided for information and very general purposes only. It is not intended to provide or offer any specific or general legal advice, or to create an attorney-client relationship. Before acting or relying on any information provided in this e-newsletter, consult an attorney who is an expert in the appropriate field of law. 

Don’t “Blow Off” Cybersecurity

By: Mark Sangster, Vice President and Industry Security Strategist, eSentire

Martin Luther, the famous German theologian and religious reformer, is credited with saying “Beer is made by men, wine by God.” Had he lived another 475 years, he likely would have added that “Cybercrime is made by the Devil.”  And, he wouldn’t have been too far off.

  Cybercrime is insidious: It knows no borders and as we’ve seen, knows no bounds. In fact, a report from Cybersecurity Ventures predicted that the global cost of cybercrime will reach $6 trillion USD this year. According to the 2019 Cost of Cybercrime study by Accenture and the Ponemon Institute, the average cost of cybercrime to a U.S. organization was $13 million — a significant sum. And, a report from my own company eSentire found that cybercriminals netted more than $45 million in the first four months of 2021 alone. But before you start thinking that means cybercriminals only go after the big guys, consider the fact that it’s small and medium-sized businesses (SMB) that are the primary targets for data breaches (Data Breach Investigation Report, Verizon 2020).

  To be sure, there are threat actors that are out to make trouble, whether it’s disrupting critical fuel pipelines or, like the modern-day equivalent of sleeper agents, quietly accessing classified systems to gather top-secret information or cripple it at a later date. However, what most companies encounter comes as the result of unadulterated greed from a run-of-the-mill cyber crook. Just like your average street criminal, these people attack businesses because that’s where the money is. And like it or not, SMBs, such as family-run wineries and vineyards, make for low-hanging fruit. Cyber attacks on the wine, spirits and beer industry have ramped up in the past year including hits on Brown-Forman, E & J Gallo Winery, Molson Coors, and the Campari Group.

The Earth Is Mine. (What About Your Network?)

  On the one hand, it’s a brave new world for the farming and production aspects of winemaking, thanks to automation advances. But on the other hand, a great deal of manual labor is involved, and despite advances, the wine industry is still considered very much old-school, lagging behind other industries when it comes to the use of technology.

  When you consider the production process from grape to glass, some of the greatest risk of cyber exposure lies on the farming side. Growing the perfect grape comes with a lot of moving parts, and like other production businesses, enterprise resource planning (ERP) systems are in place to track a variety of processes, from what pesticide was applied on which date,  to the costs involved, etc. Whereas how these things are tracked will vary from vineyard to vineyard, the common denominator is that in most cases the people interacting with these systems are predominantly field workers who might not be the most tech-savvy. Add to this the fact that many front-line remote systems are loosely managed and run on personal field laptops or mobile devices, and you have an ideal attack vector.

  Regardless of whether you are operating a small, family-run vineyard or have a large-scale wine operation, you face an even greater risk each time you sit down at your desk. The vast majority of cyberattacks begin with malware, typically embedded in an attachment sent with a seemingly innocuous email. Maybe it’s an invoice from a distributor you work with, maybe it’s your bookkeeper asking you to review a document, or maybe it’s a complete stranger, hoping you’ll slip up, open his attachment, and launch a malware script that will encrypt your data until you give in to his demands.

  While unsecured computer systems and mobile devices are common attack vectors, it’s safe to assume that as your operation grows, so too does your attack surface. Now wine operations have barcoded, inventory-tracking devices that are used on a remote workflow in the field. That information is fed into a central ERP system that’s tied to another automation system, and so on throughout the production process, as tank temperatures and acidity levels are monitored. Then, too, consider the controls that regulate humidity levels inside a facility or the transfer of wine from tank to tank. Any and all of these systems can be tampered with and if they are, it can negatively affect the end product and your business.

Data, Decanted

  Outside the confines of your vineyard or winery lie even further risks. Supply chains are attractive targets not just for the information they hold but the damage they can inflict if disrupted. Distributors, especially smaller ones, often track depletions manually and share updates via email. Consider the example of a small warehouse in Kansas City that might have 20 pallets of your wine and little to no security solutions in place and then consider how quickly a threat vector could spread via a spreadsheet attachment.

  On the retail side of wine operations, both on- and off-premise operations, offer up other strike zones. Each of these channels has its own supply and inventory management systems that track activity all the way out to individual shops, bars, and restaurants, which again, may or may not have the strongest security posture.

  Nor can you overlook the direct-to-consumer aspect. Customer relationship management(CRM) systems that are used to manage your wine club or market tasting events hold a wealth of personal information, not to mention credit card numbers. They’re gold mines for those looking to sell that information on the Dark Web for a tidy profit and scarily enough, you might never know you’ve been compromised.

Just Enough Rain to Stress the Vine: A walk in the cloud(s)

  In the face of myriad risk and attack vectors, it’s tempting to take the path of least resistance, and send up a prayer that you’ll be among the lucky ones to not suffer a cyber breach. But in today’s climate, that’s risking a lot more than bottle shock. Companies today, regardless of their size or industry, need to assume that it’s not a matter of if they will be targeted by cyber crime, but when. Depending on your size and budget, running a full-scale Security Operations Center might not be in the cards, but there are steps you should be taking to protect your business today and in the future:

●    Suspicious emails should trigger the same reaction as a wine that’s corked. Avoid it at all costs. Phishing emails are a popular attack vector, and unless you know what to look for (and how), you are putting yourself and your company at risk each and every day. Educate your staff on what to look for and make sure that whatever training they receive is specific to the vineyard/wine industry. People like to think they won’t fall for the “Congratulations! You’re a winner” emails, but are they prepared to investigate those emails from your attorney or best vendor? Additionally, you should ensure that your department systems are segmented, preferably using the principles of Zero Trust. That way, if one person accidentally opens a malicious email, they won’t be granting a hacker access to the whole system.

●    Maintain Security Hygiene: Network systems need to be maintained and cared for just as you would oak barrels. Security  hygiene is a critical component of cybersecurity and at the very least should include:

1.   Regularly patch and update your software You’d be surprised at the number of breaches that could have been avoided simply by keeping software systems patched and up-to-date. It’s estimated that a third of all data breaches come as a result of unpatched vulnerabilities when patches were available. (Looking at you, Equifax).

2.   Two-Factor Authentication Is a MUST . Make sure to implement two-factor authentication around all of your company’s key software applications and systems, providing an additional layer of security. Never, ever reuse passwords across accounts or devices, and if your budget allows, implement solutions that employ a Software Defined Perimeter (SDP) approach. Be aware, however, that while these solutions offer advanced security, because they are more complex they are costlier; plus, there are the added costs associated with hiring staff who have the proper expertise to manage them.

3.   Operate on a need-to-know-basis. In general, it’s a good idea to limit the amount of network access your employees have — compromised accounts can be used to create shadow employee accounts which in turn can be used to move around a network. It’s especially important that top-level executives and owners aren’t given the full set of keys to the kingdom just because they’re the boss. Senior-level employees and owners are prime targets for cybercriminals looking for ways to infiltrate a system and move around with impunity. Someone might ask why your front-desk staff is nosing around a payroll system, but no one will question the boss.

4.   Virtual private networks (VPN) are more than a good idea. They provide secure and encrypted connections between systems (files shares, email servers, etc.) and ensure that your communications can’t be intercepted.

5.   Lock down your operational technology (OT) systems and ensure that they are not left internet-facing.

●   Automation technology is complicated and protecting it, even more so. You can’t assume that everyone further down the supply chain is taking a serious approach to cybersecurity or even knows where to start. It’s incumbent on you to protect your business, so talk to the experts. Be sure to talk with your insurance providers, legal team and other key vendors to ensure you have a plan in place for when the inevitable happens.

Something to Think About

  Too often, companies fail to adequately protect themselves against cybercrime, because they are laboring under a trifecta of misconceptions:

●   “We’re not a bank or even a household brand name so we aren’t a target.” This is a prime example of absolutist thinking and the harm it can cause. To the thief, even the poorest person has something worth stealing.

●   “We could never defend ourselves against massive ransomware gangs and state-sponsored actors so why even try?” When it comes to the average cybercriminal, Thomas Crowne they are not. That said, there’s no reason to stand up when the bullets are flying. By carrying out basic cyber protections you can reduce your risk by up to 80 percent.

●   “We never saw it coming.” In the world of cybersecurity, by the time you see the red flag, it’s too late. Heed the little signs. They won’t all pan out to be cyber attacks, but when things go bump in the cybernight, it usually means there’s a monster there. It just hasn’t struck yet.

  The wine industry has a long and storied history and holds an important place in culture and daily life. From small vineyards to wine conglomerates, there are financial gains to be made for the hacker looking to grow his ill-gotten gains. By following some basic steps, you can ensure that cyber criminals are the only ones claiming sour grapes.

About the Author

  Mark Sangster is vice president and industry security strategist at eSentire. He is the author of No Safe Harbor: The Inside Truth About Cybercrime and How to Protect Your Business. Mark is an award-winning speaker at international conferences and prestigious stages including the Harvard Law School and RSAConference. He has appeared on CNN News Hour to provide expert opinion on international cybercrime issues, and is a go-to subject matter expert for leading publications and media outlets including the Wall Street Journal and Forbes when covering major data breach events.

The Pandemic’s Impact on the Wine & Spirits Industry

By: Quinton Jay

The year 2020 was a complicated one for the wine and spirits industry. According to information published in Beverage Industry, the sale of wine at retail and convenience stores grew by some 11.4% in multi-outlet stores throughout the 52 weeks between December 1st, 2019, and November 29th, 2020, and champagne, as well as other sparking wines, saw year-over-year growth by nearly 29%, topping sales at roughly $1.6 billion.

  This boost to wine sales, however, could not fully offset the losses incurred by many other businesses throughout the wine and spirits (WS) industry.

  Fortunately, the U.S. seems to have since turned a corner in the pandemic struggle, and most restaurants and other WS businesses like wineries, distilleries, and breweries (WDBs) that were able to survive the brunt of the COVID-19 pandemic’s impact are now back open and able to serve customers indoors, or at least in some form of hybrid indoor-outdoor seating arrangement. While this return to normalcy should help the WS industry experience an upswing capable of putting business back on track, some industry experts are still analyzing the true depth of impact the pandemic has had on the industry and the businesses in it, regardless of whether those businesses survived the pandemic’s fallout or not.

  One such expert is Quinton Jay, a WS industry expert, Japanese whisky otaku, and industry consultant with more than 20 years of experience in owning, building, operating, and investing in businesses–specifically those in the wine and beverage industry. We recently sat down with Quinton to learn more about the trends he saw arise within the WS industry throughout the events of last year’s pandemic, how those trends impacted the WS industry as a whole, and where he sees the industry heading over the next few years as a result.

WS Trends Resulting From COVID-19

  According to Jay, one of the most widespread trends that impacted the WS industry as a result of the pandemic was the increase in the amount of WS businesses – including WDBs – that began offering e-commerce and Omnichannel retail marketing. By offering these channels, businesses across the entire WS industry were able to continue selling products directly to consumers (D2C), saving many businesses from having to shut their doors to customers – both online and offline – for good.

  “Methods like Omnichannel retail allowed businesses in the industry to continue selling products D2C,” Jay tells us. “For many businesses, especially WDBs, this was the difference between surviving the pandemic or not.”

  Along with the growing trend of Omnichannel retail marketing, many business owners in the WS industry have experienced what Jay refers to as “business fatigue.” This feeling of fatigue is one that many business owners who experienced the pandemic can sympathize with, but for the WS industry specifically, it could mean more owners of WDBs, restaurants, eateries, or other businesses preparing for financial exits from their ventures.

  “Business fatigue is a real thing,” Jay tells us, “and rather than simply close up shop and call it a day, the better option for business owners is to sell their company to someone willing to acquire, rebrand, and revitalize it.” This trend of business fatigue, according to Jay, could hint at other ways as to how the pandemic left a lasting impact on the industry.

The Lasting Impact of COVID-19 on the WS Industry

  In describing the ways that Omnichannel retail marketing has affected the WS industry in recent years, Jay also mentions the historical lack of innovation – particularly technological innovation – within the industry. In mentioning this, it begs the question as to just how innovation, both during the pandemic and immediately following it, will evolve both for businesses and consumers.

  “Many WDBs and other businesses in this industry aren’t necessarily at the forefront of innovation, especially when it comes to growing their market share,” Jay says. However, as Jay continues to explain it, the writing is literally on the wall for the continued growth of Omnichannel retail, given the industry’s historical customer demographics, current and emerging technologies, as well as the ever-evolving nature and growing competitiveness of the WS industry’s supply chains.

  “The U.S. has been lagging behind much of the world in Omnichannel retail offerings, obtaining less than 10% of all global e-commerce sales for the WS industry compared to China’s roughly 25% share,” says Jay.

  In these matters, Jay’s predictions may not be far off from aggregated industry data. For instance, according to McKinsey’s 2021 Consumer Report, e-commerce sales in the U.S. were projected in 2019 to reach 24% of all retail sales by 2024. This projection later increased to 33% by June of 2020 after the onset of the COVID-19 pandemic, seeing larger growth in e-commerce retail across the U.S. in six months than it had over the past 10 years.

  “As we continue to emerge from the pandemic,” Jay continues, “I expect many more businesses in the WS industry – especially WDBs – will begin offering or broaden their offerings regarding Omnichannel retail as more American consumers opt for D2C retail channels.”

What’s Next for the WS Industry

  As a result of the COVID-19 pandemic, every global industry was forced to evolve virtually overnight. The WS industry was no different. Along with broader implementations of Omnichannel and D2C retail methods and deeper technological innovations, Jay tells us that he also expects many businesses in the industry to rethink the way they operate internally and interact with customers on all levels.

  “Overall, I think the pandemic has left many business owners in this industry feeling defeated,” Jay says. “As a result, we can expect to see an increasing number of companies in this industry become more creative in the ways they can target, reach, and sell their products to consumers, as well as become more innovative in the ways that they handle and react to crisis situations.”

  Indeed, the revitalization of crisis management detail is one vital aspect that every business that survived the pandemic will inevitably have to revisit. For the WS industry in particular, this could mean the addition or inclusion of additional D2C sales channels (similar to the inclusion of Omnichannel retail), but also the way that many establishments in the industry hire and retain talented employees.

  “The U.S. has been experiencing a hiring crisis over the last few months,” Jay adds, “and tons of restaurants, eateries, WDBs, and other businesses that survived the pandemic initially are now struggling to keep up with increased consumer demand as the threat of COVID-19 wanes. By implementing policies that promote employee safety and wellness, offering more competitive wages, and remaining adaptable enough to stay ahead of society’s ever-changing curve, the industry as a whole can prevent the detrimental effects that came as a result of last year’s pandemic from having such a deep and lasting impact in the future.”

How to Succeed in WS Post-Covid

  As Jay mentions, there are a number of precautionary methods and strategies that business owners and managers, and other industry professionals in WS can use to better protect their businesses from suffering in ways similar to how they may have during the onset of the COVID-19 pandemic.

  “The first step every business in the WS industry should take is to implement more actionable mea

sures in planning their business strategy,” Jay says. “Start by taking a look at what types and quantities of grapes you have coming in, what bulk wine you have in the tank, your total count of bottled finished goods, and become intimately familiar with your sales run rate: if you know those 4 things, you can plan out your business very well and forecast what your business should be focusing on acquiring in order to avoid jamming up your supply chain.”

  For example, if your winery business finds that its sale run rate has slowed down, perhaps the winery needs to look at selling its bulk wine (wine in barrel or tank), or perhaps can temporarily focus on committing fewer grapes for an upcoming vintage. However, once any particular wine has been bottled, that’s it, which is why Jay says to avoid bottling your inventory until you know what your sales run rate is and how it directly impacts your business. While selling out of a certain inventory item can sometimes be a boon for your business, not selling enough can cause inventories to back up, alerting you that your business will need to discount other items and sell that portion of your inventory faster in order to get back into balance.

  A second method WS businesses should consider, according to Jay, is to revisit and revitalize their plan regarding capital management, or the funding of their business initiatives as they pertain to the needs of a business’s financing or cash flow.

  “Most business owners and professionals in the industry want their business to grow,” Jay adds, “but don’t realize how much money they need, especially regarding the lead time required for fine wines and of many products in the industry as a whole, especially aged beverage products.”

  Indeed, as Jay explains, it can often take one year for most white wines and Pinots to be made and bottled, as well as 2-3 years on average for wines like high-end cabernets. Most red wines can take anywhere between 12-30 months to properly process in-barrel and add to their in-bottle age time from Grape to Bottle. This, of course, takes cash, which is why planning your capital budget is just as important as your sales plan.

  By carefully considering these crucial factors to any business in the industry, Jay explains that they can be better positioned to survive in the face of the next inevitable threat the industry will face in the years to come.