Sheila Millar

NIST Solicits Comments on Revised Draft IoT Cybersecurity Device Guidance

By Sheila Millar and Tracy Marshall on January 15, 2020 Posted in Privacy

On January 7, 2020, the National Institute of Standards and Technology (NIST) released a draft of revised cybersecurity recommendations for IoT devices at both the pre-market and post-market stages. NISTIR 8259, Recommendations for IoT Device Manufacturers: Foundational Activities and Core Device Cybersecurity Capability Baseline, identifies six voluntary steps manufacturers should take to account for security… Continue Reading

The EU Advocate General Opinion is Out: Standard Contractual Clauses are Valid

By Sheila Millar and Tracy Marshall on December 20, 2019 Posted in Privacy

Businesses that rely on standard contractual clauses (SSCs) to transfer personal data outside the European Economic Area (EEA) just got good news. The long-awaited decision from the EU Advocate General (AG) is here: SCCs are valid. The AG’s opinion, although non-binding, is significant for the case brought by Austrian privacy activist Max Schrems against Facebook,… Continue Reading

FTC Gives Energy Labeling Rule a Facelift

By Sheila Millar, JC Walker and Boaz Green on November 13, 2019 Posted in Product Safety

The Federal Trade Commission (FTC)’s Energy Labeling Rule has a new look. Following a public comment period, the FTC issued amendments to the Energy Labeling Rule that reorganize the Rule’s product descriptions and categories to make them clearer and simpler for stakeholders to understand and apply. But the FTC’s changes are cosmetic – the agency… Continue Reading

FTC Publishes Practical Guidance for Influencers

By Sheila Millar and Tracy Marshall on November 11, 2019 Posted in Advertising

From beauty gurus on Instagram to product reviewers on YouTube, influencers are big business for brands. However, the intentions aren’t always clear when reading the advice of a celebrity fitness trainer who was paid for his endorsement or watching a video of a fashionista who just received a new wardrobe from the clothing company she… Continue Reading

FTC Says “Stalking” Apps Violate COPPA and the FTC Act

By Sheila Millar and Tracy Marshall on October 30, 2019 Posted in Privacy

You know that movie where a person thinks they’ve barricaded themselves in their house against a stalker, only to grasp the awful realization that the threat is “coming from inside the house”? Unbeknownst to you, that threat may, in fact, be coming from your smartphone, according to a complaint by the Federal Trade Commission (FTC).… Continue Reading

Reevaluating the COPPA Rule

By Sheila Millar on October 22, 2019 Posted in Privacy

In the two decades following the enactment of the Children’s Online Privacy Protection (COPPA) Rule, technological developments have changed the online landscape considerably. Recognizing this, the Federal Trade Commission (FTC) held a public workshop on October 7, 2019, to discuss whether, given the proliferation of smart devices, video games, online channels, and EdTech, the Rule,… Continue Reading

Truly Organic? Not Really, Says FTC

By Sheila Millar on October 2, 2019 Posted in Labeling

Many consumers are drawn to products advertised as healthy and natural, and will often pay a premium for organic products, from foods to personal care items to clothing. But the Federal Trade Commission (FTC) takes a dim view of companies that don’t live up to their green promises. Case in point: Miami-based Truly Organic and… Continue Reading

What’s Next After Facebook’s Record $5 Billion Fine and Cambridge Analytica?

By Sheila Millar and Tracy Marshall on July 29, 2019 Posted in Advertising, Data Privacy

Facebook is facing some big changes after the Federal Trade Commission (FTC) settled with the social media giant over charges that it violated an earlier consent agreement. The company will pay a penalty of $5 billion, which is not only the biggest privacy fine in history, but also, according to FTC commissioner Noah Phillips, “almost… Continue Reading

Equifax to Pay Largest-Ever Data Breach Settlement

By Sheila Millar and Tracy Marshall on July 25, 2019 Posted in Advertising, Privacy

The Equifax data breach was one of the most massive data breaches of all time, and it has resulted in the biggest settlement for a data breach to date. After two years of investigations at the state and federal levels, credit reporting agency Equifax has agreed to a $675 million – up to possibly $700… Continue Reading

Boaz Green Interviewed by Regulator Watch About the Consumer Product Safety Commission’s Recent Enforcement Actions Against E-Liquids

By Sheila Millar on July 23, 2019 Posted in Regulations

As previously reported on Keller and Heckman’s The Continuum of Risk blog, the Consumer Product Safety Commission (CPSC) recently announced that it considers flow restricted containers for nicotine-containing e-liquids to be required under the Child Nicotine Poisoning Prevention Act of 2015 (CNPPA). Boaz Green was interviewed by Regulator Watch regarding CPSC’s recent enforcement actions, industry’s… Continue Reading

FTC and D-Link Settle Data Security Dispute

By Sheila Millar and Tracy Marshall on July 17, 2019 Posted in Data Privacy

After protracted litigation, the Federal Trade Commission (FTC) entered into a proposed settlement with computer software manufacturer D-Link over charges that the company misrepresented the security of its wireless routers and Internet-connected cameras and failed to take reasonable software testing and remediation measures to protect the devices. As we previously reported, part of the FTC’s… Continue Reading

UK ICO Proposes GDPR Fines for British Airways and Marriott Data Breaches

By Sheila Millar and Tracy Marshall on July 11, 2019 Posted in Data Security

Earlier this week, the UK Information Commissioner’s Office (ICO) announced its intent to fine British Airways £183,390 million ($230 million) and its intent to fine Marriott International more than £99 million ($123 million) for violations of the General Data Protection Regulation (GDPR) arising out of data breaches. The ICO investigated the breaches as the lead… Continue Reading

FTC Continues Enforcement of False Privacy Shield Claims

By Sheila Millar and Tracy Marshall on June 20, 2019 Posted in Privacy

Nearly three years after the EU-U.S. Privacy Shield framework replaced the U.S.-EU Safe Harbor as a mechanism to transfer personal data from the European Union to the United States, the Federal Trade Commission (FTC) continues to monitor companies’ claims regarding participation. As we previously reported, the FTC has taken actions against several companies over the… Continue Reading

FTC Settles Lax Data Security Charges with Software Seller

By Sheila Millar and Tracy Marshall on June 17, 2019 Posted in Privacy

The Federal Trade Commission (FTC) entered into a proposed settlement with LightYear Dealer Technologies, LLC (aka DealerBuilt) on June 12, 2019, over allegations of lax consumer privacy protections. While no fines were levied, the order is remarkable for its detailed and extensive requirements governing the company’s future data privacy practices and the FTC’s role in… Continue Reading

E-Vapor Industry Coalition Formally Opposes CPSC Novel Interpretation of CNPPA that Immediately Requires Flow-Restricted Packaging for E-Liquids

By Azim Chowdhury, Sheila Millar and Boaz Green on June 13, 2019 Posted in Product Safety

As previously reported on Keller and Heckman’s “The Continuum of Risk” blog, earlier this year, the U.S. Consumer Product Safety Commission (CPSC) announced that it was now reading the Child Nicotine Poisoning Prevention Act (CNPPA) to require nicotine e-liquid bottles to meet the “restricted flow requirement” in 16 C.F.R. § 1700.15(d), in addition to having child-resistant closures.… Continue Reading

Will NAS Report Prompt CPSC to Reconsider OFR Stance?

By Sheila Millar and Boaz Green on June 4, 2019 Posted in Product Safety

In 2015, a group of NGOs filed a petition with the U.S. Consumer Product Safety Commission (CPSC), asking CPSC to ban additive, non-polymeric organohalogen flame retardants (OFRs) in four product categories: infant, toddler, or children’s products; upholstered furniture; mattresses; and plastic electronics’ casings. The petitioners argued that the entire chemical class is toxic and poses… Continue Reading

Website Hacks Result in FTC Actions for Lax Security

By Sheila Millar and Tracy Marshall on May 17, 2019 Posted in Privacy

After hacks of two websites, i-Dressup.com and ClixSense.com, resulted in the compromise of personal information for millions of users – including, in the case of i-Dressup, hundreds of thousands of children under 13 – the Federal Trade Commission (FTC) issued complaints against the websites and their operators for lax security and other privacy violations. Notably,… Continue Reading

EDPB Advises on Overlap Between the ePrivacy Directive and GDPR

By Sheila Millar and Tracy Marshall on May 9, 2019 Posted in Privacy

The European Data Protection Board (EDPB) has weighed in on the interplay between the General Data Protection Regulation (GDPR) and the ePrivacy Directive in response to questions from the Belgian Data Protection Authority (DPA). Addressing how and when each set of rules applies to processing data, the EDPB stated that “these questions concern a matter… Continue Reading

FTC Continues Focus on “Made in America” Claims

By Sheila Millar on April 24, 2019 Posted in Advertising

Making the same false country-of-origin claims that initially resulted in a Federal Trade Commission (FTC) consent order is a good way to land a company with substantial civil penalties and corrective advertising obligations. iSpring Water Systems LLC found this out the hard way. Instead of complying with its earlier promise not to falsely advertise its… Continue Reading

FTC’s 2018 Data Privacy and Security Update Highlights Enforcement

By Sheila Millar and Tracy Marshall on April 1, 2019 Posted in Cybersecurity, Data Security, Enforcement

The Federal Trade Commission (FTC) recently released its annual report highlighting its work on privacy and data security during 2018. The FTC initiated five enforcement actions arising out of data breaches and nine data privacy enforcement actions in 2018, including cases against online payment system Venmo and mobile phone maker BLU for misrepresenting their privacy… Continue Reading

Significant Changes Ahead for COPPA?

By Sheila Millar and Tracy Marshall on March 27, 2019 Posted in Cybersecurity, Privacy

As expected, 2019 is shaping up to be the year for privacy reforms, including possible amendments to the 20-year old Children’s Online Privacy Protection Act (COPPA). Senators Edward Markey (D-Mass) and Josh Hawley (R-MO) have introduced legislation that would expand COPPA’s scope to offer new protections to minors age 13-15, establish new limitations on collecting… Continue Reading

California Consumer Privacy Act: Your at-a-glance guide to key business obligations

By Sheila Millar and Tracy Marshall on March 25, 2019 Posted in Privacy

The California Consumer Privacy Act of 2018 (CCPA) gives California residents new rights and imposes new obligations on companies doing business in California, effective January 1, 2020. Keller and Heckman LLP Privacy and Security Partners Sheila Millar and Tracy Marshall have provided an overview to help businesses understand the new requirements. Since publication of the… Continue Reading

Company Settles “Natural” Class Action Claims for $1.5 Million

By Sheila Millar on March 19, 2019 Posted in Advertising, Labeling

A recent class action lawsuit that claimed a manufacturer misrepresented its laundry detergent products as “all natural” when they, in fact, contained synthetic ingredients, has resulted in a $1.5 million settlement. A New York federal court gave preliminary approval to the settlement, which also requires the company to add qualifying language that states “contains naturally… Continue Reading