Why Knowing Company Data is Every General Counsel's First Privacy Move

Dec 18, 2025

Talar Herculian Coursey, General Counsel and VP of HR at ComplyAuto, shares her journey from file clerk to legal expert in the auto industry. She emphasizes the importance of understanding data types collected by dealerships, highlighting risks from third-party vendors. Talar discusses strategies for secure communication, like encrypted messaging, and the necessity of customized, gamified training for staff to handle sensitive information. She offers practical advice for car buyers to ensure their data protection while also balancing her interests in yoga and chess.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

Dealerships Hold Unexpectedly Broad Data

Auto dealerships collect a wide range of sensitive data from financial records to connected-vehicle and browsing data.
The sector is highly regulated and faces expanded privacy risks beyond typical retail businesses.

INSIGHT

Third Parties Are The Biggest Risk

Third-party vendors represent the largest uncontrollable privacy and security risk for dealerships.
Even strong internal controls can't fully mitigate risks introduced by external providers.

ADVICE

Use Encrypted Messaging For Customer Contact

Provide employees secure, encrypted channels for customer communication instead of banning texting.
Use tools like ComplyCrypt to protect documents and PII transmitted by sales, service, and finance staff.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Talar Herculian Coursey is the GC and VP HR for ComplyAuto, a SaaS company serving auto dealerships in the US. Talar was previously the GC for Vista Ford and a file clerk, associate, and partner at the national labor and employment law firm, Fisher Phillips LLP.

Talar is licensed to practice law in California and Utah. She is also a CIPP, CIPM, certified yoga instructor, certified life coach, and a retired dog walker.

In this episode…

Knowing the types of data a company collects is essential for building strong privacy and security practices. Many organizations collect a wide range of sensitive information, including financial data, identity documents, and data created through connected technologies. Employees often rely on text messages and mobile apps to communicate, creating touchpoints where sensitive information is shared with third parties. So, how can general counsels and privacy pros safeguard sensitive information while accounting for the risks introduced by third-party vendors?

Protecting sensitive information starts with establishing policies and processes that reflect how data flows through an organization and understanding how teams communicate with consumers. That's why it's important to provide employees with secure, encrypted channels when communicating with customers. Customized training is equally important, and using gamification and tailored phishing simulations helps engage employees, deepen their understanding of the sensitive information they handle, and improve their ability to recognize potential privacy and security risks. By pairing these tools with training that is specific to the work environment, general counsels and privacy pros can help employees stay vigilant and reduce the likelihood of privacy and security incidents.

In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Talar Herculian Coursey, General Counsel and Vice President of Human Resources at ComplyAuto, about managing privacy and security risk tied to data collection practices. Drawing on her experience in the automotive dealership industry, Talar explains why understanding the types of data companies collect is critical to building effective privacy and security programs. She explains how companies can strengthen their defenses through encrypted communication tools and customized employee training programs. Talar also outlines the significant risks posed by third-party vendors and offers practical tips for managing these risks.