Posted in GeneralWe’ve previously published analyses on the California Air Resource Board’s (ARB) case settlements related to cosmetic products, but there are a whole host of other consumer products also subject to ARB enforcement. We thought it would be helpful to provide some insight into these as well. Continue reading
Posted in California Proposition 65It’s been about six months since the new Proposition 65 regulations allocated the primary responsibility for providing warnings to suppliers, manufacturers, distributors, and importers, while limiting retailers’ responsibility to limited, specified circumstances. Many wondered what impact these new regulations would have on the enforcement of Proposition 65 against retailers. Six months in, the answer still isn’t clear. Continue reading
Posted in Consumer Product Safety CommissionAt last week’s ICPHSO Annual Meeting, the U.S. Consumer Product Safety Commission’s Acting Chairman Ann Marie Buerkle broke news to attendees, announcing that CPSC would deem “clothing storage units” that do not meet ASTM F2057-17 as posing a “substantial product hazard.” In concert with Buerkle’s announcement, CPSC’s Deputy Executive Director issued a letter to “Manufacturers, Importers, and Retailers of Clothing Storage Units” that effectively makes this existing voluntary safety standard mandatory.
This substantial product hazard designation may signal CPSC’s intent to evaluate products for compliance with the standard through port inspections, direct inquiry of manufacturers, importers, and private labelers, and market surveillance; seek recalls of existing non-compliant products; and punish non-compliant entities through “failure to report” civil penalty proceedings, as it did with drawstrings in children’s upper outerwear and hoverboards.
ASTM F2057-17 defines a “clothing storage unit” as a “furniture item intended for the storage of clothing typical of bedroom furniture.” The standard requires tip over testing and permanent warning labels for any clothing storage unit over 30 inches in height.
ASTM F2057 has been the industry standard for clothing storage units for many years, but CPSC’s actions last week, and CPSC’s prioritization of the hazards of furniture tip over for many years, suggest that CPSC has considered existing compliance efforts inadequate.
CPSC’s letter states that
Children face an unreasonable risk of serious injury or death from clothing storage units that fall within the scope of the ASTM F2057-17 standard but do not meet its requirements. Accordingly, the CPSC’s Office of Compliance and Field Operations staff will regard such products as having a defect which could present a substantial product hazard under Section 15(a) of the CPSA, 15 U.S.C. § 2064(a). Should we encounter such products, we shall initiate an investigation and will seek the corrective action we believe is appropriate.
Consistent with this, the letter urges furniture companies to “review your product line immediately and ensure that all clothing storage units that you manufacture, import, distribute, or sell in the United States comply with ASTM F2057-17 standard where applicable.”
Finally, the letter emphasizes that Section 15(b) of the CPSA places a duty to report (within 24 hours) on all members of the supply chain if they obtain “information that reasonably supports the conclusion that a product distributed in commerce contains a defect that could create a substantial product hazard or that such product creates an unreasonable risk of serious injury or death.”
Failure to report, or report on time, can lead to criminal penalties, or civil penalties of up to ~$100,000 per violation, capped at ~$15 million for a related series of violation.
CPSC has consistently employed Section 15(b) enforcement as a tool to punish companies and send deterrent messages to the consumer products industry. Section 15(b) failure to report claims are one of the most flexible tools the Commission has to penalize a company in connection with a product. Claims only require a showing that a company obtained information triggering a report and did not report immediately—there is no requirement that a product actually result in an injury.
CPSC took a similar approach with drawstrings, as mentioned above, but more recently with hoverboards. In February 2016, CPSC issued an open letter to industry designating an industry standard for hoverboards as mandatory. CPSC then sent investigation letters to sellers of hoverboards requesting (demanding) that they either provide information demonstrating compliance with the industry standard or stop selling the products. Then, over the course of 2016 and 2017, CPSC announced more than 20 recalls of hoverboards.
Since CPSC’s letter here states that manufacturers, importers, and retailers “should not” manufacture, import, distribute, or sell non-compliant clothing storage units and urges firms to undertake a product line review, we would not be surprised to see CPSC issue investigation letters to furniture industry participants requesting that they verify compliance with ASTM F2057-17 or stop selling the products, signifying the start of a concerted compliance effort by CPSC.
California’s Department of Toxic Substances Control (DTSC) has proposed listing nail products containing toluene as its latest priority product under its Safer Consumer Products program. If adopted, responsible parties will need to undertake remove impacted products from sale in California or undertake an alternatives analysis in order to continue selling in California.
California’s Safer Consumer Products regulation restricts the use of certain chemicals when used in specified products, based on various human health and the environmental risk factors. These product-chemical combinations are called “Priority Products.” When DTSC finalizes a Priority Product, manufacturers, distributors, and retailers must either conduct an alternatives analysis of the chemical, or remove the product from sale in California. The alternatives analysis can lead to identification of a safer alternative, or determine that there is no safer alternative–at which point DTSC can impose restrictions on use.
Priority products currently subject to SCP regulations include:
In addition to nail products with toluene, DTSC has also proposed the following as priority products:
Toluene is used as a solvent in a variety of nail products, including polishes, hardeners and thinners, and according to DTSC, has been detected in indoor air in nail salons and in the breathing zones of nail salon workers. DTSC also states that toluene exposure has been linked to health effects including adverse nervous system effects, respiratory tract effects, and developmental toxicity.
DTSC has released a draft technical report which discusses the scientific basis for listing nail products containing toluene. A public workshop will be held on March 13, 2019, and DTSC will accept public comments through March 15, 2019.
This is only the beginning of the regulatory review process—it is possible there will be additional revisions to the proposal and further opportunity for public comment—we anticipate it could take a year, and likely more, to get to a final regulation.
Posted in GeneralPrivately, companies have long self-regulated supply chains to prevent human trafficking, forced labor, and child exploitation. Meanwhile, governmental efforts have lagged in the public sphere. But the past few years have shown a marked change. California, the United Kingdom, France, and Australia have enacted legislation requiring companies to publicly disclose the steps they are taking to eradicate slavery and human trafficking in their operations and supply chains for each financial year. Canada is currently considering similar legislation.
While the US government has not yet passed a comparable law, it is not for lack of trying—the Congressional Human Trafficking Caucus has introduced disclosure legislation at least five times since 2011—most recently this past October. The prior legislation, like its predecessors, uses the Securities Exchange Act as the lever to require all public companies with annual worldwide revenue over $100 million to disclose prescribed information to the SEC. In addition to this information being public via the SEC, the prior legislation would also require covered companies to publish the information on their websites. The disclosures would include all policies and measures a company is taking to identify, address, and remedy human trafficking, forced labor, and child exploitation occurring within its supply chain, including whether a company:
The bill is strikingly similar to California’s Transparency in Supply Chains Act. The California law requires website disclosures of efforts to eradicate slavery and human trafficking from its direct supply chain, including information on verification, auditing, internal accountability, and training. California’s law is more limited in scope than the federal efforts, as it applies only to retailers and manufacturers doing business in California with annual worldwide revenue over $100 million—rather than any public company.
We expect that a similar bill will be introduced in the House this year, with its new Democratic majority. While the last iteration of the bill was dead-on-arrival in the lame duck Congress, the ushering in of a new session—and importantly a new Democratic majority—makes it far more likely that a similar version of this bill may become law within the next two years. Getting out of the House may be all that is needed to finally push this bill into law, as the prior efforts have all had bi-partisan co-sponsors.
Such a vast expansion of mandatory corporate disclosures would create not only additional legal obligations for covered companies, but could also have significant implications on social responsibility efforts, public relations campaigns, and corporate bottom-lines. Due to the public nature of the disclosures, covered companies can count on NGOs poring over their disclosures.
Posted in GeneralA recent look-back at California Air Resource Board (CARB) case settlements highlights that cosmetic products remain a target for CARB enforcement of its General Consumer Products Regulation. Continue reading
Posted in California Proposition 65At long last, it’s here—OEHHA’s long-awaited amendments to the Proposition 65 “clear and reasonable warning” regulations become mandatory for products manufactured on and after August 30, 2018.
As we are sure you’ve probably heard ad nauseam by now, the revisions make two key changes to the Proposition 65 regulations: (1) for the first time, they allocate responsibility for warnings among suppliers and retailers; and (2) they make several substantive changes to the content and methods of transmission for “safe harbor” warnings.
While we have posted a detailed summary of the new amendments if you want to get into the weeds, here is a quick refresher. The amendments:
Based on the questions we’ve heard over the past year, the changes have created significant confusion and challenges for suppliers and retailers. In light of this, we thought it would be helpful to provide a “survival guide” of guidance and reference materials for businesses:
Posted in California Proposition 65On August 30, 2016, OEHHA’s long-awaited amendments to the Proposition 65 clear and reasonable warning regulations became final. The amendments bring two major changes: (1) an allocation of responsibility for providing warnings between retailers and suppliers; and (2) revisions to the safe harbor warning requirements, including warning content and methods of transmission.
Under the existing Proposition 65 regulations, any party in the supply chain could be held liable for failure to provide a warning. The revised regulations allocate responsibility for warnings primarily to manufacturers, distributors, and importers (together, suppliers), with retailers responsible in specified circumstances.
Suppliers can meet their warning obligation “either by affixing a label to the product bearing a warning…, or by providing a written notice directly to the authorized agent for a retail seller.” 27 Cal. Code Regs. § 25600.2.
The only situations where a retailer is primarily responsible for providing a warning (i.e., may be liable in an enforcement action) are when:
A retailer can modify this allocation by contract, requiring its suppliers and other vendors to provide a warning, as long as a required warning is ultimately provided.
If a warning is not provided and the retailer meets one of these conditions, it will find itself in the same situation as before the amendments: it can be sued by a private or public enforcer, and it will need to consider seeking defense and indemnity from its supplier.
The good news for retailers is that they will not be liable for an enforcement action in which a product was supplied by a foreign (i.e., no place of business or registered agent in California) or exempt entity that did not provide warning materials to the retailer, and none of the other four conditions apply, provided that they stop selling the product at issue or provide a warning for it within five business days of receipt of the 60-day Notice initiating the enforcement action.
The regulation requires that warnings be “prominently displayed” on a label, labeling or sign. The warning must be displayed such that, when compared with other words, statements, or designs on the label, the warning is “likely to be read and understood by an ordinary individual under customary conditions of purchase or use.”
Environmental warnings must be displayed so that they should be seen and understood by an “ordinary individual in the course of normal daily activity.”
To meet the safe harbor method for brick-and-mortar stores, warnings must be provided on product labels or at the point of display (product-specific posted or shelf signs). Point of sale signs (other than the BPA signs) are not approved safe harbor warning methods.
A retailer may also provide a warning by any electronic device or process that provides the warning prior to or during the purchaser without requiring the consumer to seek out the warning. Examples include electronic shopping carts, QR Codes, smart phone applications, barcode scanners, and self-checkout registers.
For online transactions, retailers must include either the warning or a clearly-marked hyperlink using the word “WARNING” on the product display page, or by otherwise prominently displaying the warning to the purchaser prior to completing the purchase. For catalogs, warnings must be clearly associated with corresponding products.
According to OEHHA guidance, online and catalog warnings must be provided even if the product is already labeled with a warning. Warnings contained within general website content will not meet the safe harbor method.
To meet the safe harbor, the amendments require the inclusion of a warning symbol and specific identification of at least one chemical in the product that is associated with the warning’s toxicological endpoint (cancer or reproductive harm). Warnings must be provided in the same language or languages as any other label, labeling or sign accompanying a product.
Standard warning language
WARNING This product can expose you to [name of one or more chemicals], a chemical [or chemicals] known to the State of California to cause [cancer] [birth defects or other reproductive harm]. For more information go to www.P65Warnings.ca.gov/product.
WARNING This product can expose you to chemicals including [name of one or more chemicals], which is [are] known to the State of California to cause cancer, and [name of one or more chemicals], which is [are] known to the State of California to cause birth defects or other reproductive harm. For more information go to www.P65Warnings.ca.gov.
The regulations permit the use of short form warnings on products that do not require chemical identification (OEHHA’s original purpose in permitting short form warnings was for products for which the standard warnings is not practical due to size or amount of packaging):
WARNING–Cancer–P65Warnings.ca.gov/product.
WARNING–Reproductive Harm–P65Warnings.ca.gov/product.
If a product is labeled with a short form warning, a retailer may provide the short form warning on the website for online transactions.
The amendments contain several product-specific safe harbors that generally tweak the warning language or add additional requirements, including:
The amendments are not mandatory until August 30, 2018. Products manufactured prior to August 30, 2018 may either comply with the regulations as previously written or the new regulations. Warnings imposed by court-ordered settlements or final judgments are grandfathered in and will still be deemed compliant with Proposition 65.
Posted in General, Recent legislation and regulationsOn June 28, 2018, the California legislature enacted the California Consumer Privacy Act of 2018 (the “CCPA”) a sweeping, GDPR-like privacy law that is likely to apply to most retailers that operate in California. It includes disclosure requirements, consumer access rights, opt-out rights, and deletion rights. The new law is set to take effect on January 1, 2020. Check out this summary and analysis of the law from our cybersecurity and date privacy colleagues.
Posted in GeneralBy June 30, 2018, retailers accepting digital (online) credit card transactions must cease using encryption protocols known as SSL or TLS 1.0. Retailers must transition to TLS 1.1 or higher (such as the popular TLS 1.2) or else lose the ability to accept credit card payments. Note also that Nevada law requires compliance with the Payment Card Industry Data Security Standards (PCI DSS) with respect to Nevada cardholders.
The reason for the change is the PCI DSS, when version 3.1 was issued in April of 2015. Encryption protocol TLS 1.0 dates back to 1999, and was vulnerable to a variety of cyberattacks, including POODLE in 2014. TLS 1.1 was issued in 2006, and TLS 1.2 was issued in 2008. Any server using any Windows Server version older than 2008 will not support either TLS 1.1 or 1.2, so upgrading encryption may involve more than a quick protocol fix. The PCI Security Standard Council has offered guidance on moving to higher encryption protocols, including an infographic.
Retailers who had previously upgraded their on-premises equipment with credit card chip readers have probably already seen fraudulent credit card charges decrease. As of February 2018, VISA reported that this type of fraud had decreased 70% in the U.S. as of September 2017, as compared to fraud reported in December 2015. Visa also reported that EMV (Europay, MasterCard, VISA) chip cards accounted for 96% of the overall payment volume in the United States in December 2017, with chip payment volume reaching $78 billion.
Retailers who need to upgrade their encryption protocols have no time to waste. Retailers using third-party processors should check to make sure the processor will meet the deadline.
