Date: Feb 18, 2014
PRODUCT SAFETY & LABELING
Connecticut Considers Following Federal Lead on Cadmium
Four years after adopting a law that limited cadmium content in children’s jewelry to 75 parts per million (ppm) effective July 2014, Connecticut’s legislature is holding a hearing on February 18 to consider a bill that would shift gears and follow the federal government’s lead, using limits based on the migratability of cadmium in case of accidental ingestion. The proposal, Raised Senate Bill No. 85, would adopt the national voluntary consensus standard on children’s jewelry, known as ASTM F2923-11. That standard was developed in response to an October 2010 paper produced by the staff of the U.S. Consumer Product Safety Commission (CPSC); the CPSC’s staff there emphatically rejected a flat content limit similar to the one Connecticut adopted. The agency’s staff instead recommended the use of migration tests to establish the level of hazard raised by chronic or acute exposure to cadmium. The Fashion Jewelry and Accessories Trade Association (FJATA) led the effort to develop the voluntary standard that addressed the risk posed by cadmium, which culminated in the adoption of the children’s jewelry standard in 2011. In 2012, the CPSC’s leadership voted to reject a petition that asked the agency to establish cadmium content limits, explaining that compliance with ASTM F2923-11 would “adequately reduce the risk of harm from exposure to cadmium,” and that the standard set “appropriate limits” and “testing methods” for soluble cadmium. If the Connecticut legislature adopts this bill, the voluntary standard limits would apply to children’s jewelry sold or made in Connecticut as of July 1, 2014, in lieu of the 75 ppm limit that is currently scheduled to go into effect.
FTC to Hold Roundtable on Clothing Care Labeling
The Federal Trade Commission (FTC) announced last week that it will hold a roundtable to discuss proposed changes to its care labeling rule for clothing at the FTC’s conference center in Washington, DC, on March 28, 2014. The rule requires manufacturers and importers to attach labels with care instructions for drycleaning, washing, bleaching, drying, and ironing of garments. If adopted, the rule would allow businesses to use modernized labels across international borders.
The roundtable follows on a September 2012 request for comments on a proposed rule that would:
The roundtable was originally scheduled for last October, but was canceled because of the government shutdown. Requests to participate as a panelist at the March 28 roundtable are due by February 28, 2014.
PRIVACY & CYBERSECURITY
States Adopt National Cybersecurity Frameworks
Virginia Governor Terry McAuliffe announced that the state will adopt the new voluntary Cybersecurity Framework developed by the National Institute of Standards and Technology (NIST) to help identify and communicate cybersecurity risks. Other states are taking similar steps; Maryland’s senate recently passed a bill requiring the state to use the federal framework, Hawaii’s governor promoted a staffer to be his chief adviser for technology and cybersecurity, and the National Association of State Chief Information Officers called for states to adopt the NIST framework “as a common language in which to build a strategic cybersecurity plan” that would address a major vulnerability in national security while protecting privacy and personal information.
The NIST Framework was developed in consultation with a broad array of private and public sector stakeholders. President Barack Obama announced the final version of the Cybersecurity Framework at the White House on February 12, 2014. Some corporate interests praised the standards, suggesting that the Framework would be widely adopted and perhaps used in determining supply chains. Cybersecurity has particular salience in the wake of recent breaches at major retailers. The Framework also has many critics; some suggested that it was too abstract, failing to even use the word “firewall,” a common component of network security. Likewise, some suggested that implementing the Framework would be a step backward for some companies. Others criticized its voluntary nature, saying that it will be difficult to gauge its adoption. Whatever one’s take is on the Framework, cybersecurity is only increasing in importance. Responsible companies across the supply chain should be assessing, implementing, and re-assessing security solutions often.
Retailers and Banks Join on Cybersecurity
In the wake of high-profile data breaches, retailers and banks are taking steps to enhance the security of consumers’ payment information. A group of associations, including the Retail Industry Leaders Association (RILA), National Retail Federation (NRF), Financial Services Roundtable (FSR), American Bankers Association (ABA), The Clearing House (TCH), and others announced that they were joining forces on cybersecurity. According to a joint press release, the partnership “will focus on exploring paths to increased information sharing, better card security technology, and maintaining the trust of customers.” One key element of a future partnership may be an information-sharing system similar to one the financial services industry uses, the Financial Services Information Sharing and Analysis Center (FS-ISAC).
The announcement comes after banks and retailers each blamed the other for what has increasingly seemed to be the relatively fraud-prone U.S. payments systems. Retailers have argued that the payment infrastructure should adopt a chip-and-PIN system, while bankers have argued that such a system would not have prevented the recent data breaches. The bankers have favored a chip-and-signature system instead. One point that all participants agree on is the need for a national data breach notification law to replace the patchwork of state laws that business now must navigate. While several national, preemptive data breach notification bills have been introduced over the years, none have passed.
Settlement on Facebook’s Social Ads Attacked by Interest Groups
FTC Reaches Another Settlement Over DOC Safe Harbor Compliance Claims
For more information about privacy, data security, product safety, and other consumer protection–related issues, contact Sheila A. Millar at email@example.com or 202 434-4143; JC Walker at firstname.lastname@example.org or 202 434-4181; or Tracy P. Marshall at email@example.com or 202 434-4234.