Sheila Millar

Firm/Organization: Keller Heckman

Blogs: Consumer Protection Connection, The Continuum of Risk

Latest Articles

FTC Settles Lax Data Security Charges with Software Seller DealerBuilt

By Sheila Millar & Tracy Marshall on June 17, 2019

The Federal Trade Commission (FTC) entered into a proposed settlement with LightYear Dealer Technologies, LLC (aka DealerBuilt) on June 12, 2019, over allegations of lax consumer privacy protections. While no fines were levied, the order is remarkable for its detailed and extensive requirements governing the company’s future data privacy practices and the FTC’s role in overseeing implementation. The terms include specific instructions for mandatory third-party assessments of the company’s data privacy program using an assessor…

Consumer Protection Connection

E-Vapor Industry Coalition Formally Opposes CPSC Novel Interpretation of CNPPA that Immediately Requires Flow-Restricted Packaging for E-Liquids

By Azim Chowdhury, Sheila Millar & Boaz I. Green on June 13, 2019

As previously reported on Keller and Heckman’s “The Continuum of Risk” blog, earlier this year, the U.S. Consumer Product Safety Commission (CPSC) announced that it was now reading the Child Nicotine Poisoning Prevention Act (CNPPA) to require nicotine e-liquid bottles to meet the “restricted flow requirement” in 16 C.F.R. § 1700.15(d), in addition to having child-resistant closures. A wave of enforcement actions soon followed. CPSC issued Notices of Violations to numerous e-liquid companies alleging that…

The Continuum of Risk

E-Vapor Industry Coalition Formally Opposes CPSC Novel Interpretation of CNPPA that Immediately Requires Flow-Restricted Packaging for E-Liquids

By Azim Chowdhury, Sheila Millar & Boaz I. Green on June 13, 2019

As previously reported on this blog, earlier this year, the U.S. Consumer Product Safety Commission (CPSC) announced that it was now reading the Child Nicotine Poisoning Prevention Act (CNPPA) to require nicotine e-liquid bottles to meet the “restricted flow requirement” in 16 C.F.R. § 1700.15(d), in addition to having child-resistant closures. A wave of enforcement actions soon followed. CPSC issued Notices of Violations to numerous e-liquid companies alleging that e-liquid bottles (specifically glass bottles) without…

Consumer Protection Connection

Will NAS Report Prompt CPSC to Reconsider OFR Stance?

By Sheila Millar & Boaz I. Green on June 4, 2019

In 2015, a group of NGOs filed a petition with the U.S. Consumer Product Safety Commission (CPSC), asking CPSC to ban additive, non-polymeric organohalogen flame retardants (OFRs) in four product categories: infant, toddler, or children’s products; upholstered furniture; mattresses; and plastic electronics’ casings. The petitioners argued that the entire chemical class is toxic and poses a risk to consumers and that the CPSC should ban them under the Federal Hazardous Substances Act (FHSA). However, a…

Consumer Protection Connection

Website Hacks Result in FTC Actions for Lax Security

By Sheila Millar & Tracy Marshall on May 17, 2019

After hacks of two websites, i-Dressup.com and ClixSense.com, resulted in the compromise of personal information for millions of users – including, in the case of i-Dressup, hundreds of thousands of children under 13 – the Federal Trade Commission (FTC) issued complaints against the websites and their operators for lax security and other privacy violations. Notably, in addition to requiring beefed-up security and third-party monitoring programs in the settlement agreements, all five FTC Commissioners took the…

Consumer Protection Connection

EDPB Advises on Overlap Between the ePrivacy Directive and GDPR

By Sheila Millar & Tracy Marshall on May 9, 2019

The European Data Protection Board (EDPB) has weighed in on the interplay between the General Data Protection Regulation (GDPR) and the ePrivacy Directive in response to questions from the Belgian Data Protection Authority (DPA). Addressing how and when each set of rules applies to processing data, the EDPB stated that “these questions concern a matter of general application of the GDPR, as there is a clear need for a consistent interpretation among data protection authorities…

The Continuum of Risk

Restricting Flow: Consumer Product Safety Commission’s Evolving Requirements for Liquid Nicotine Containers

By Azim Chowdhury, Sheila Millar & Boaz I. Green on April 26, 2019

Since the Child Nicotine Poison Prevention Act (CNPPA) became law in 2015, liquid nicotine in containers “from which nicotine is accessible through normal and foreseeable use by a consumer” (such as e-liquid bottles) have been required to utilize child-resistant packaging pursuant to the Poison Packaging Prevention Act (PPPA) and its implementing regulations. The Consumer Product Safety Commission’s (CPSC) guidance on these requirements for liquid nicotine containers has evolved – and become…

Consumer Protection Connection

FTC Continues Focus on “Made in America” Claims

By Sheila Millar on April 24, 2019

Making the same false country-of-origin claims that initially resulted in a Federal Trade Commission (FTC) consent order is a good way to land a company with substantial civil penalties and corrective advertising obligations. iSpring Water Systems LLC found this out the hard way. Instead of complying with its earlier promise not to falsely advertise its products as made in the USA, the water filtration systems company breached a 2017 administrative order. Ispring is now…

Consumer Protection Connection

FTC’s 2018 Data Privacy and Security Update Highlights Enforcement

By Sheila Millar & Tracy Marshall on April 1, 2019

Seal_of_the_United_States_Federal_Trade_Commission_svg

The Federal Trade Commission (FTC) recently released its annual report highlighting its work on privacy and data security during 2018. The FTC initiated five enforcement actions arising out of data breaches and nine data privacy enforcement actions in 2018, including cases against online payment system Venmo and mobile phone maker BLU for misrepresenting their privacy protections and providing inadequate security. One of the most high-profile enforcement actions of 2018 was the FTC’s expanded settlement with…

Consumer Protection Connection

Significant Changes Ahead for COPPA?

By Sheila Millar & Tracy Marshall on March 27, 2019

As expected, 2019 is shaping up to be the year for privacy reforms, including possible amendments to the 20-year old Children’s Online Privacy Protection Act (COPPA). Senators Edward Markey (D-Mass) and Josh Hawley (R-MO) have introduced legislation that would expand COPPA’s scope to offer new protections to minors age 13-15, establish new limitations on collecting personal information on children and minors, and create a new division within the Federal Trade Commission (FTC) charged with overseeing…

Sheila Millar

FTC Settles Lax Data Security Charges with Software Seller DealerBuilt

E-Vapor Industry Coalition Formally Opposes CPSC Novel Interpretation of CNPPA that Immediately Requires Flow-Restricted Packaging for E-Liquids

E-Vapor Industry Coalition Formally Opposes CPSC Novel Interpretation of CNPPA that Immediately Requires Flow-Restricted Packaging for E-Liquids

Will NAS Report Prompt CPSC to Reconsider OFR Stance?

Website Hacks Result in FTC Actions for Lax Security

EDPB Advises on Overlap Between the ePrivacy Directive and GDPR

Restricting Flow: Consumer Product Safety Commission’s Evolving Requirements for Liquid Nicotine Containers

FTC Continues Focus on “Made in America” Claims

FTC’s 2018 Data Privacy and Security Update Highlights Enforcement

Significant Changes Ahead for COPPA?

Company

Support

New to the Network