Sheila Millar

What’s Next After Facebook’s Record $5 Billion Fine and Cambridge Analytica?

By Sheila Millar and Tracy Marshall on July 29, 2019 Posted in Advertising, Data Privacy

Facebook is facing some big changes after the Federal Trade Commission (FTC) settled with the social media giant over charges that it violated an earlier consent agreement. The company will pay a penalty of $5 billion, which is not only the biggest privacy fine in history, but also, according to FTC commissioner Noah Phillips, “almost… Continue Reading

Equifax to Pay Largest-Ever Data Breach Settlement

By Sheila Millar and Tracy Marshall on July 25, 2019 Posted in Advertising, Privacy

The Equifax data breach was one of the most massive data breaches of all time, and it has resulted in the biggest settlement for a data breach to date. After two years of investigations at the state and federal levels, credit reporting agency Equifax has agreed to a $675 million – up to possibly $700… Continue Reading

Boaz Green Interviewed by Regulator Watch About the Consumer Product Safety Commission’s Recent Enforcement Actions Against E-Liquids

By Sheila Millar on July 23, 2019 Posted in Regulations

As previously reported on Keller and Heckman’s The Continuum of Risk blog, the Consumer Product Safety Commission (CPSC) recently announced that it considers flow restricted containers for nicotine-containing e-liquids to be required under the Child Nicotine Poisoning Prevention Act of 2015 (CNPPA). Boaz Green was interviewed by Regulator Watch regarding CPSC’s recent enforcement actions, industry’s… Continue Reading

FTC and D-Link Settle Data Security Dispute

By Sheila Millar and Tracy Marshall on July 17, 2019 Posted in Data Privacy

After protracted litigation, the Federal Trade Commission (FTC) entered into a proposed settlement with computer software manufacturer D-Link over charges that the company misrepresented the security of its wireless routers and Internet-connected cameras and failed to take reasonable software testing and remediation measures to protect the devices. As we previously reported, part of the FTC’s… Continue Reading

UK ICO Proposes GDPR Fines for British Airways and Marriott Data Breaches

By Sheila Millar and Tracy Marshall on July 11, 2019 Posted in Data Security

Earlier this week, the UK Information Commissioner’s Office (ICO) announced its intent to fine British Airways £183,390 million ($230 million) and its intent to fine Marriott International more than £99 million ($123 million) for violations of the General Data Protection Regulation (GDPR) arising out of data breaches. The ICO investigated the breaches as the lead… Continue Reading

FTC Continues Enforcement of False Privacy Shield Claims

By Sheila Millar and Tracy Marshall on June 20, 2019 Posted in Privacy

Nearly three years after the EU-U.S. Privacy Shield framework replaced the U.S.-EU Safe Harbor as a mechanism to transfer personal data from the European Union to the United States, the Federal Trade Commission (FTC) continues to monitor companies’ claims regarding participation. As we previously reported, the FTC has taken actions against several companies over the… Continue Reading

FTC Settles Lax Data Security Charges with Software Seller

By Sheila Millar and Tracy Marshall on June 17, 2019 Posted in Privacy

The Federal Trade Commission (FTC) entered into a proposed settlement with LightYear Dealer Technologies, LLC (aka DealerBuilt) on June 12, 2019, over allegations of lax consumer privacy protections. While no fines were levied, the order is remarkable for its detailed and extensive requirements governing the company’s future data privacy practices and the FTC’s role in… Continue Reading

E-Vapor Industry Coalition Formally Opposes CPSC Novel Interpretation of CNPPA that Immediately Requires Flow-Restricted Packaging for E-Liquids

By Azim Chowdhury, Sheila Millar and Boaz Green on June 13, 2019 Posted in Product Safety

As previously reported on Keller and Heckman’s “The Continuum of Risk” blog, earlier this year, the U.S. Consumer Product Safety Commission (CPSC) announced that it was now reading the Child Nicotine Poisoning Prevention Act (CNPPA) to require nicotine e-liquid bottles to meet the “restricted flow requirement” in 16 C.F.R. § 1700.15(d), in addition to having child-resistant closures.… Continue Reading

Will NAS Report Prompt CPSC to Reconsider OFR Stance?

By Sheila Millar and Boaz Green on June 4, 2019 Posted in Product Safety

In 2015, a group of NGOs filed a petition with the U.S. Consumer Product Safety Commission (CPSC), asking CPSC to ban additive, non-polymeric organohalogen flame retardants (OFRs) in four product categories: infant, toddler, or children’s products; upholstered furniture; mattresses; and plastic electronics’ casings. The petitioners argued that the entire chemical class is toxic and poses… Continue Reading

Website Hacks Result in FTC Actions for Lax Security

By Sheila Millar and Tracy Marshall on May 17, 2019 Posted in Privacy

After hacks of two websites, i-Dressup.com and ClixSense.com, resulted in the compromise of personal information for millions of users – including, in the case of i-Dressup, hundreds of thousands of children under 13 – the Federal Trade Commission (FTC) issued complaints against the websites and their operators for lax security and other privacy violations. Notably,… Continue Reading

EDPB Advises on Overlap Between the ePrivacy Directive and GDPR

By Sheila Millar and Tracy Marshall on May 9, 2019 Posted in Privacy

The European Data Protection Board (EDPB) has weighed in on the interplay between the General Data Protection Regulation (GDPR) and the ePrivacy Directive in response to questions from the Belgian Data Protection Authority (DPA). Addressing how and when each set of rules applies to processing data, the EDPB stated that “these questions concern a matter… Continue Reading

FTC Continues Focus on “Made in America” Claims

By Sheila Millar on April 24, 2019 Posted in Advertising

Making the same false country-of-origin claims that initially resulted in a Federal Trade Commission (FTC) consent order is a good way to land a company with substantial civil penalties and corrective advertising obligations. iSpring Water Systems LLC found this out the hard way. Instead of complying with its earlier promise not to falsely advertise its… Continue Reading

FTC’s 2018 Data Privacy and Security Update Highlights Enforcement

By Sheila Millar and Tracy Marshall on April 1, 2019 Posted in Cybersecurity, Data Security, Enforcement

The Federal Trade Commission (FTC) recently released its annual report highlighting its work on privacy and data security during 2018. The FTC initiated five enforcement actions arising out of data breaches and nine data privacy enforcement actions in 2018, including cases against online payment system Venmo and mobile phone maker BLU for misrepresenting their privacy… Continue Reading

Significant Changes Ahead for COPPA?

By Sheila Millar and Tracy Marshall on March 27, 2019 Posted in Cybersecurity, Privacy

As expected, 2019 is shaping up to be the year for privacy reforms, including possible amendments to the 20-year old Children’s Online Privacy Protection Act (COPPA). Senators Edward Markey (D-Mass) and Josh Hawley (R-MO) have introduced legislation that would expand COPPA’s scope to offer new protections to minors age 13-15, establish new limitations on collecting… Continue Reading

California Consumer Privacy Act: Your at-a-glance guide to key business obligations

By Sheila Millar and Tracy Marshall on March 25, 2019 Posted in Privacy

The California Consumer Privacy Act of 2018 (CCPA) gives California residents new rights and imposes new obligations on companies doing business in California, effective January 1, 2020. Keller and Heckman LLP Privacy and Security Partners Sheila Millar and Tracy Marshall have provided an overview to help businesses understand the new requirements. Since publication of the… Continue Reading

Company Settles “Natural” Class Action Claims for $1.5 Million

By Sheila Millar on March 19, 2019 Posted in Advertising, Labeling

A recent class action lawsuit that claimed a manufacturer misrepresented its laundry detergent products as “all natural” when they, in fact, contained synthetic ingredients, has resulted in a $1.5 million settlement. A New York federal court gave preliminary approval to the settlement, which also requires the company to add qualifying language that states “contains naturally… Continue Reading

Sheila Millar and Boaz Green Author Law360 Article “CPSC Is Shifting Toward Voluntary Standards”

By Sheila Millar and Boaz Green on February 7, 2019 Posted in Cybersecurity, Privacy, Product Safety

Sheila Millar and Boaz Green discuss CPSC’s activities in 2018 and give their predictions on possible agency actions in the coming year in the Law360 article “CPSC Is Shifting Toward Voluntary Standards” (Feb. 6). Law360 featured the article in its newsletter sections for Consumer Protection, Cybersecurity, and Product Safety. To read the full article, click… Continue Reading

White House Re-nominates Ann Marie Buerkle for Chair and Commissioner

By Sheila Millar and Boaz Green on January 18, 2019 Posted in Product Safety

On January 16, 2019, the White House re-nominated Consumer Product Safety Commission (CPSC) Acting-Chair Ann Marie Buerkle to be Chairman, and for another seven-year term as Commissioner. Acting Chair Buerkle was first nominated in July of 2017, and re-nominated in January of last year, but the Senate did not act on these nominations. The business… Continue Reading

Supplement Company Settles with FTC Over Diabetes Pill Marketing Claims

By Sheila Millar and Tracy Marshall on December 27, 2018 Posted in Advertising

Any product purporting to be a panacea for a serious health issue needs serious evidence to back up such a promise. Take Nobetes, a dietary supplement touted as “the miracle product [diabetics have] been waiting for.” The company and its two principal officers claimed Nobetes lowered blood sugar and reduced the need for insulin. They… Continue Reading

CPSC Settles with Britax over Allegedly Defective Strollers

By Sheila Millar on December 10, 2018 Posted in Product Safety

The U.S. Consumer Product Safety Commission (CPSC) settled an administrative lawsuit against Britax Child Safety, Inc. over claims that some models of their B.O.B. jogging strollers present a substantial product hazard due to an alleged design defect. As we previously reported, the suit was filed in February 2018 after reports that the front wheel of… Continue Reading

FTC Releases Cybersecurity Resources for Small Businesses

By Sheila Millar and Tracy Marshall on October 24, 2018 Posted in Cybersecurity, Data Security, Privacy

Small businesses face the same cybersecurity risks as large multinationals but lack a large IT infrastructure to help protect themselves. At the direction of former Federal Trade Commission (FTC) Acting Chairman Maureen Ohlhausen, the FTC launched a new cybersecurity campaign aimed at helping small businesses navigate the ever-evolving cyber landscape, coordinated with the Department of… Continue Reading

Agency Comings and Goings

By Sheila Millar, Tracy Marshall and Boaz Green on September 27, 2018 Posted in Data Security, Privacy, Product Safety

This week has seen several significant changes at the Commission level at both the Consumer Product Safety Commission (CPSC) and the Federal Trade Commission (FTC). CPSC After several months of stasis, the Senate voted to confirm Peter Feldman as a Commissioner on the CPSC, with a term expiring October 26, 2019. Feldman takes the place… Continue Reading