Category: Consumer Protection

California Announces Initial Draft Priority Products Under California Safer Consumer Products Regulations

Beveridge Diamond Logo

On March 13, 2014, the California Department of Toxic Substances Control (“DTSC”) announced the first set of draft priority products that, if finalized, will be subject to the requirements of the California Safer Consumer Products (“SCP”) Regulations.

Notably, while DTSC had legal authority to identify up to five products, it chose to identify only three draft priority products at this time. The three products are:

  1. Children’s Foam Padded Sleeping Products containing the flame-retardant chemical, Tris (1,3-dichloro-2-propyl phosphate) or (“TDCCP”). Such products include nap mats and cots, travel beds, bassinet foam, portable crib mattresses, play pens, and other children’s sleeping products. In its press release announcing the draft priority products, DTSC asserted that TDCCP is a known carcinogen, is released from products into air and dust where it can be absorbed, inhaled, or transferred from hand to mouth, and has been found in California waters and sediments. DTSC also noted that there is no legal requirement applicable to these products that would require them to be made with flame retardants. For more information on DTSC’s selection of this draft priority product, click here.
  2. Spray Polyurethane Foam (“SPF”) Products containing Unreacted Diisocyanates. SPF products are used for home and building insulation, weatherizing and sealing, and roofing. DTSC asserted in its press release that exposure to wet or “uncured” SPF materials can contribute to occupational asthma and noted that unreacted diisocyanates are a “suspected” carcinogen. DTSC expressed its concern for populations using these products that are not protected by Occupational Safety & Health Administration regulations, such as independent contractors and people performing their own home repairs. In its press release, DTSC noted that currently there are no alternatives to unreacted diisocyanates for spray-foam applications. For additional information from DTSC on this draft priority product, click here.
  3. Paint and Varnish Strippers containing Methylene Chloride. Methylene chloride is a well-known and widely used solvent in paint strippers. According to DTSC, when metabolized, methylene chloride converts to carbon monoxide, which is acutely toxic to the brain and nervous system. DTSC claimed that alternative products without methylene chloride are readily available. For more information on this draft listing, click here.

In announcing the “draft list” of proposed priority products, DTSC emphasized that the naming of these products does not constitute a ban on the products, but rather the initiation of process to examine whether the chemicals of concern used in these products are “necessary” or may be replaced with safer alternatives. To put the draft priority products announcement in context, this announcement begins the second of four steps established by California’s SCP Regulations for identifying, prioritizing, and evaluating the use of chemicals and their alternatives in consumer products. The four steps include:

  1. Identification of Candidate Chemicals. The final SCP Regulations promulgated by DTSC include an initial list of candidate chemicals (~1,200), which DTSC later pared down to an informational “initial” list of fewer than 200 candidate chemicals that exhibit a hazard trait and/or environmental or toxicological endpoint.
  2. Identification of Priority Products. The SCP Regulations require DTSC to evaluate and prioritize product/candidate chemical combinations and to develop a list of priority products for which alternatives analyses must be conducted. Once a candidate chemical is the basis for a priority product listing, it is considered a chemical of concern. March 13’s announcement identifies the first product/candidate chemical combinations that DTSC is proposing to subject to the procedural process outlined in the SCP Regulations.
  3. Alternatives Analysis. Responsible entities of a product listed as a priority product must perform an alternatives analysis to determine how best to limit exposures to, or the level of adverse public health and environmental impacts posed by, the chemicals of concern in the product.
  4. DTSC Regulatory Response. The SCP Regulations provide a range of potential regulatory responses that DTSC may require after review of the alternatives analysis. These include provision of information for consumers (such as safe handling or instructions to limit exposure), restrictions on the use of chemicals of concern in the products, sales prohibition, engineered safety measures, and end-of-life management requirements. DTSC may require regulatory responses for a priority product (if the responsible entity decides to continue producing and distributing the priority product to the California market), or for an alternative product selected to replace the priority product.

Applicability

The SCP regulatory requirements apply to businesses (“responsible entities”) that manufacture, import, distribute, sell or assemble consumer products[1] identified by DTSC as priority products that are placed into the stream of commerce in California. Responsible entities are defined to include manufacturers, importers, retailers and assemblers. The SCP Regulations assign the principal duty to comply with the requirements to manufacturers. If a manufacturer does not comply with its obligations with regard to a priority product, DTSC may notify an importer, retailer or assembler of its duty to meet the requirements with respect to the priority product. Even if not called on to conduct an alternatives analysis, importers, assemblers and/or retailers of priority products may be impacted by regulatory responses selected by DTSC after the manufacturer’s completion of the alternatives analysis (e.g., if DTSC imposes a sales prohibition or requires additional information to be provided to the consumer at the point of sale) .

Requirements for Responsible Entities

Once the draft priority products are formally proposed and finalized through a public rulemaking process (which may take up to one year), responsible entities will be required to:

  • Within 60 days after finalization of the final priority products list, notify DTSC that the responsible entity makes or sells a priority product (DTSC will post information obtained from notifications, including the names of the responsible entities as well as the product names, on its web site);
  • Within 180 days after finalization of the final priority products list, prepare a Preliminary Alternatives Analysis[2] to determine how best to limit exposures to, or the level of adverse public health and environmental impacts posed by, the chemicals of concern in the product; and
  • Within one year after DTSC issues a Notice of Compliance for the Preliminary Alternatives Analysis, prepare a Final Alternatives Analysis.

Next Steps

Those that manufacture, sell, use, or otherwise have an interest in the draft priority products may wish to submit comments to DTSC as part of the priority product listing process. DTSC will follow a formal rulemaking process to finalize the draft priority products, which will take up to a year after the products are formally proposed. DTSC plans to hold several workshops in May and June of 2014 before publishing the notice of proposed rulemaking and opening the public comment period. Stakeholders will then have the opportunity to weigh in on whether, and how, the proposed priority products will be regulated by DTSC.

If your products were not among the three proposed priority products,stay tuned: By October 1, 2014, DTSC is required to issue a Priority Product Work Plan that identifies and describes the product categories that DTSC will evaluate to select priority products for the three years following the issuance of the Work Plan (roughly from 2015 to 2017). DTSC intends the Work Plan to serve as a signal to consumers and the regulated community as to the categories of products it will examine next.

Once DTSC finalizes the initial priority product listings (anticipated late summer or early fall of 2015), responsible entities will be required to meet a series of deadlines for notification and submission of alternatives analysis reports outlined above. Manufacturers of draft priority products should engage their supply chain partners to evaluate options prior to finalization of the priority product listings. Note that manufacturers that choose to reformulate products prior to finalization of the priority product listing will not be subject to the DTSC notification or alternatives analysis requirements.

[1] “Consumer product” is defined for purposes of the California Safer Consumer Products regulations to mean “a product or part of the product that is used, brought, or leased for use by a person for any purposes.” Cal. Health & Safety Code § 25251(e). Certain limited products, such as dental restorative material or its packaging, prescription drugs or devices and their packaging, medical devices and their packaging, food, and federally registered pesticides, and mercury containing lights are excluded from the definition of consumer product.

[2] DTSC is currently developing an alternatives analysis guidance document to assist responsible entities in carrying out their obligations under the SCP Regulations. As of March 13, 2014, the guidance is still in development. DTSC anticipates that it will be released sometime before the first set of priority products is finalized.

Article By:

 
Of:

 

Risky Business: Target Discloses Data Breach and New Risk Factors in 8-K Filing… Kind Of

MintzLogo2010_Black

After Target Corporation’s (NYSE: TGT) net earnings dropped 46% in its fourth quarter compared to the same period last year, Target finally answered the 441 million dollar question – To 8-K, or not to 8-K?  Target filed its much anticipated Current Report on Form 8-K on February 26th, just over two months after it discovered its massive data breach.

In its 9-page filing, Target included two introductory sentences relating to disclosure of the breach under Item 8.01 – Other Events:

During the fourth quarter of 2013, we experienced a data breach in which certain payment card and other guest information was stolen through unauthorized access to our network. Throughout the Risk Factors in this report, this incident is referred to as the ‘2013 data breach’.

Target then buried three new risk factors that directly discussed the breach apparently at random within a total of 18 new risk factors that covered a variety of topics ranging from natural disasters to income taxes.  Appearing in multiple risk factors throughout the 8-K were the following:

  • The data breach we experienced in 2013 has resulted in government inquiries and private litigation, and if our efforts to protect the security of personal information about our guests and team members are unsuccessful, future issues may result in additional costly government enforcement actions and private litigation and our sales and reputation could suffer.
  • A significant disruption in our computer systems and our inability to adequately maintain and update those systems could adversely affect our operations and our ability to maintain guest confidence.
  • We experienced a significant data security breach in the fourth quarter of fiscal 2013 and are not yet able to determine the full extent of its impact and the impact of government investigations and private litigation on our results of operations, which could be material.

An interesting and atypically relevant part of Target’s 8-K is the “Date of earliest event reported” on its 8-K cover page.  Although Target disclosed its fourth quarter 2013 breach under Item 8.01, Target still listed February 26, 2014 as the date of the earliest event reported, which is the date of the 8-K filing and corresponding press release disclosing Target’s financial results.  One can only imagine that this usually benign date on Target’s 8-K was deliberated over for hours by expensive securities lawyers, and that using the February earnings release date instead of the December breach date was nothing short of deliberate.  Likely one more subtle way to shift the market’s focus away from the two-month old data breach and instead bury the disclosure within a standard results of operations 8-K filing and 15 non-breach related risk factors.

To Target’s credit, its fourth quarter and fiscal year ended on February 1, 2014, and Target’s fourth quarter included the entirety of the period during and after the breach through February 1.  Keeping that in mind, Target may not have had a full picture of how the breach affected its earnings in the fourth quarter until it prepared its fourth quarter and year-end financial statements this month.  Maybe the relevant “Date of earliest event” was the date on which Target was able to fully appreciate the effects of the breach, which occurred on the day that it finalized and released its earnings on February 26.  But maybe not.

Whatever the case may be, Target’s long awaited 8-K filing is likely only a short teaser of the disclosure that should be included in Target’s upcoming Form 10-K filing.

Article by:

Adam M. Veness

Of:

Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C.

California District Court Holds that Providing Cellphone Number for an Online Purchase Constitutes “Prior Express Consent” Under TCPA – Telephone Consumer Protection Act

DrinkerBiddle

 

A federal district court in California recently ruled that a consumer who voluntarily provided a cellphone number in order to complete an online purchase gave “prior express consent” to receive a text message from the business’s vendors under the TCPA. See Baird v. Sabre, Inc., No. CV 13-999 SVW, 2014 WL 320205 (C.D. Cal. Jan. 28, 2014).

In Baird, the plaintiff booked flights through the Hawaiian Airlines website. In order to complete her purchase, the plaintiff provided her cellphone number. Several weeks later she received a text message from the airline’s vendor, Sabre, Inc., inviting the plaintiff to receive flight notification services by replying “yes.” The plaintiff did not respond and no further messages were sent. The plaintiff sued the vendor claiming that it violated the TCPA by sending the single text message.

The central issue in Baird was whether, by providing her cellphone number to the airline, the plaintiff gave “prior express consent” to receive autodialed calls from the vendor under the TCPA. In 1992, the FCC promulgated TCPA implementing rules, including a ruling that “persons who knowingly release their phone numbers have in effect given their invitation or permission to be called at the number which they have given, absent instructions to the contrary.” In re Rules & Reg’s Implementing the Tel. Consumer Prot. Act of 1991, 7 F.C.C.R. 8752, 8769 ¶ 31 (1992) (“1992 FCC Order”). In support of this ruling, the FCC cited to a House Report stating that when a person provides their phone number to a business, “the called party has in essence requested the contact by providing the caller with their telephone number for use in normal business communications.” Id. (citing H.R.Rep. No. 102–317, at 13 (1991)).

The court found that, while the 1992 FCC Order “is not a model of clarity,” it shows that the “FCC intended to provide a definition of the term ‘prior express consent.’” Id. at *5. Under that definition, the court held that the plaintiff consented to being contacted on her cellphone by an automated dialing machine when she provided the number to Hawaiian Airlines during the online reservation process. Id. at *6. Under the existing TCPA jurisprudence, a text message is a “call.” Id. at *1. Furthermore, although the plaintiff only provided her cellphone number to the airline (and not to Sabre, Inc., the vendor), the court concluded that “[n]o reasonable consumer could believe that consenting to be contacted by an airline company about a scheduled flight requires that all communications be made by direct employees of the airline, but never by any contractors performing services for the airline.” Id. at *6. The Judge was likewise unmoved by the fact that the plaintiff was required to provide a phone number (though not necessarily a cellphone number) to complete the online ticket purchase. Indeed, the court observed that the affirmative act of providing her cellphone number was an inherently “voluntary” act and that, had the plaintiff objected, she could simply have chosen not to fly Hawaiian Airlines. Id.

Baird does not address the October 2013 TCPA regulatory amendments that require “prior express written consent” for certain types of calls made to cellular phones and residential lines (a topic that previously has been covered on this blog). See 47 CFR § 64.1200(a)(2), (3) (emphasis added). “Prior express written consent” is defined as “an agreement, in writing, bearing the signature of the person called that clearly authorizes the seller to deliver or cause to be delivered to the person called advertisements or telemarketing messages using an automatic telephone dialing system or an artificial prerecorded voice, and the telephone number to which the signatory authorized such advertisements or telemarketing messages to be delivered.” 47 CFR § 64.1200(f)(8). Whether the Baird rationale would help in a “prior express written consent” case likely would depend on the underlying facts such as whether the consumer/plaintiff agreed when making a purchase to be contacted by the merchant at the phone number provided, and whether the consumer/plaintiff provided an electronic signature. See 47 CFR § 64.1200(f)(8)(ii).

Nonetheless, Baird is a significant win for the TCPA defense bar and significantly reduces TCPA risk for the defendants making non-telemarketing calls (or texts) to cellphones using an automated dialer (for which “prior express consent” is the principal affirmative defense). If that cellphone number is given by the consumer voluntarily (and, given the expansive logic of Baird, we wonder when it could be considered “coerced”), the defendant has obtained express consent. Baird leaves open a number of questions worth watching, including how far removed the third-party contractor can be from the company to whom a cellphone number was voluntarily provided. Judge Wilson seemed to think it was obvious to the consumer that a third-party might be utilized by an airline to provide flight status information, but how far does that go? We’ll be watching.

Article By:

Of:

Drinker Biddle & Reath LLP

One Day Left to Share Your Comments about the Closing Process with the Consumer Financial Protection Bureau (CFPB)!

McBrayer NEW logo 1-10-13

 

On January 3, the Consumer Financial Protection Bureau (“CFPB”) issued a notice and request for information in the Federal Register regarding the real estate closing process. Specifically, the CFPB is interested in knowing the consumer “pain points” associated with mortgage closing and how those pain points might be addressed by market innovations and technology.

The bureau wants input from consumers, mortgage lenders, housing attorneys, settlement closing agents, real estate agents, fair lending and consumer advocates – basically anyone and everyone with closing experience. This is your chance to share your perspective, whether good or bad, and help the closing process to be a smoother and more consumer friendly one for your future purchase, sale or refinance. The information collected during the comment period will be used to help the CFPB come up with future improvement initiatives. This is part of the larger “Know Before You Owe” project, which is intended to help consumers understand and navigate the home-buying process.

The CFPB has made it easy to share information by listing seventeen specific questions they would like responses to, including:

1. What are common problems or issues consumers face at closing? What parts of the closing process do consumers find confusing or overwhelming?

2. Are there specific parts of the closing process that borrowers find particularly helpful?

3. What do consumers remember about closing as related to the overall mortgage/home-buying process? What do consumers remember about closing?

4. How long does the closing process usually take? Do borrowers feel that the time at the closing table was an appropriate amount of time? Is it too long? Too short? Just right?

5. How empowered do consumers seem to feel at closing? Did they come to closing with questions? Did they review the forms beforehand? Did they know that they can request their documents in advance? Did they negotiate?

6. What, if anything, have you found helps consumers understand the terms of the loan?

7. What are some common errors you have seen at closing? How are these errors detected, if at all? Tell us about errors that were detected after closing.

8. What changes, diverging from what was originally presented at closing, often surprise consumers at closing? How do consumers react to changes at closing?

9. How, if at all, do consumers typically seek advice during closing? In person? By phone? Online?

10. Where and to whom do consumers turn for advice during closing? Whom do they typically trust?

11. What documents do borrowers usually remember seeing? What documents they remember signing?

12. What documents do consumers find particularly confusing?

13. What resources do borrowers use to define unfamiliar terms of the loan?

14. What, if anything, would you change about the closing process to make it a better experience for consumers?

15. What questions should consumers ask at closing? What are the most important pieces of information/documents for them to review?

16. What is the single most important question a consumer should ask at closing?

17. What is the single most important thing a consumer should do before coming to the closing table?

You can submit answers to these questions, along with your own additional comments, online by visiting this webpage:  http://www.regulations.gov. But time is of the essence! The comment period closes tomorrow, February 7th. Hurry and let your opinions be known!

 

Article by:

Brittany C. MacGregor

Of:

McBrayer, McGinnis, Leslie and Kirkland, PLLC

California Continues to Shape Privacy Standards: Song-Beverly Act Extended to Email Addresses

Womble Carlyle

 

Executive Summary: California retailer restricted from requiring a customer email address as part of a credit card transaction. We knew that asking for zip codes is intrusive personal questioning, and now asking for email has been added to the list.

California’s Song-Beverly Credit Card Act (Cal. Civ. Code Sec. 1747 et seq.) (“Song-Beverly Act” or “Act”) restricts businesses from requesting, or requiring, as a condition to accepting credit card payments that the card holder provide “personal identification information” that is written or recorded on the credit card transaction form or otherwise. “Personal identification information” means “information concerning the cardholder,other than information set forth on the credit card, and including, but not limited to, the card holder’s address and telephone number.” The California Supreme Court has previously ruled that zip codes are also “personal identification information” under the Song-Beverly Act. See Pineda (Jessica) v. Williams-Sonoma Stores, Inc., 2011 Cal. LEXIS 1502 (Cal. Feb. 10, 2011).

Recently, a United States federal district court in California expanded “personal identification information” to include email addresses in a decision denying retailer Nordstrom’s motion to dismiss claims it violated the Song-Beverly Act. The plaintiff sued Nordstrom for collecting his email address as part of a credit card transaction at one of its California stores in order to email him a receipt, then subsequently using his email address to send him frequent, unsolicited marketing emails. See Capp v. Nordstrom, Inc., 2013 U.S. Dist. LEXIS 151867, 2013 WL 5739102 (E.D. Cal. Oct. 21, 2013).

Raising a case of first impression under California law, Nordstrom claimed that email addresses are not “personal identification information” under the Song-Beverly Act, so the Act did not apply. The court disagreed with Nordstrom and found the opposite based on the California Supreme Court’s earlier ruling in Pineda. Nordstrom’s argument that email addresses can readily be changed, unlike zip codes, and consumers can have multiple email addresses was not persuasive. The court held that an email address regards a card holder in a more personal and specific way than a zip code. Unlike a zip code that refers to the general area where a card holder works or lives, email permits direct contact with the consumer and implicates their privacy interests. The court concluded that the collection of email addresses is contrary to the Song-Beverly Act’s purpose to guard against misuse of personal information for marketing purposes. In particular, the plaintiff’s allegation that his email address was collected to send him a receipt and then used to send him promotional emails directly implicates the protective purposes of the Act as interpreted in Pineda.

Pineda held that zip codes are personal information for purposes of the Song-Beverly Act, and therefore a brick and mortar retailer violated the Act when it requested and recorded such data. In the Pineda decision, the California Supreme Court found that zip codes, like the card holder’s address expressly called out as “personal identification information” under the Act, were unnecessary to completing the credit card transaction and inconsistent with the protective purpose of the Act. This is especially true when a zip code is collected to be used with the card holder’s name in order to locate the card holder’s address, permitting a retailer to locate indirectly what it is prohibited from obtaining directly under the Act.

Nordstrom also argued that the plaintiff’s claims under the Song-Beverly Act were preempted by the federal “Controlling the Assault of Non-Solicited Pornography and Marketing Act” (better known as the CAN-SPAM Act), but the court disagreed. While the CAN-SPAM Act contains a preemption provision, it only preempts state laws that regulate the manner in which email messages are sent and their content, both of which are not regulated under the Song-Beverly Act.

Retailer tip: The federal court issuing this most recent decision recommends waiting to request an email address (or a zip code) until after the consumer has the receipt from their credit card transaction in hand, and then sending the consumer emails only in conformance with the CAN-SPAM Act.

In the wake of Pineda, retailers faced class action lawsuits for requesting consumer zip codes at check out. This new decision could have a similar effect.

Article by:

Of:

Womble Carlyle Sandridge & Rice, PLLC

Supreme Court Will Rule on Whether Agency-Approved Beverage Label Can Be Challenged as ‘False Advertising’ in Federal Court

McDermottLogo_2c_rgb

On January 10, 2014, the U.S. Supreme Court agreed to hear an appeal by Pom Wonderful LLC against The Coca-Cola Company.  The Court will examine whether Pom can bring a federal Lanham Act false advertising claim against a Minute Maid juice product label that had been approved by the U.S. Food and Drug Administration (FDA).  (Pom Wonderful LLC v. The Coca-Cola Co., U.S. Supreme Court case no. 12-761).

At issue in the lawsuit is a Minute Maid label for “Pomegranate Blueberry Flavored Blend of 5 Juices.”  The label presents the words “Pomegranate Blueberry” in larger type than the remainder of the phrase.  Pom claimed that the label was misleading because the product contains 0.3 percent pomegranate juice and 0.2 percent blueberry juice.

A California federal trial court and the 9th Circuit federal appeals court in California both ruled that Pom could not bring a Lanham Act false advertising claim against the label, since it had been specifically examined and approved by the FDA.  Pom has argued that the decisions were contrary to established law in other U.S. courts, and that federal regulations establish a floor –but not a ceiling — on what an advertiser is required to do to avoid a claim that the advertising is false and misleading.  Coca-Cola has argued that product labeling that is specifically authorized by the Food, Drug and Cosmetic Act (FDCA) and approved by the FDA cannot be charged as false or misleading under another federal statute such as the Lanham Act.

Although the question before the Supreme Court is whether a private party can bring a Lanham Act claim challenging a product label regulated under the FDCA, the Supreme Court’s decision could potentially have significant implications for the alcohol beverage industry.  For example:

  • If the Supreme Court rules that a competitor cannot bring a Lanham Act claim against a label that has been approved by the FDA, a natural question is whether the same rule will apply with regard to alcohol beverage labels that have been reviewed and approved by the Alcohol and Tobacco Tax and Trade Bureau (TTB) (by its terms, the Federal Alcohol Administration Act does not preempt the Lanham Act); and
  • If a Lanham Act claim would be barred against labels approved by TTB, a question may arise about whether a Lanham Act claim would be barred on elements of the label that TTB does not specifically review as a matter of policy – such as contrast, size and placement of label elements.

The Supreme Court is expected to hear argument this spring and decide the case by June 2014.  Depending on the decision, alcohol beverage industry members could find they have additional insulation against a federal false advertising claim, but they may likewise be limited in bringing a federal false advertising lawsuit against a competitor’s label that has been approved by TTB.

Article by:

Robert W. Zelnick

Of:

McDermott Will & Emery

To 8-K, or not to 8-K? For Target, that is indeed the question.


MintzLogo2010_Black

As anyone with a pulse and a computer, television or carrier pigeon knows, Target Corporation (NYSE: TGT) suffered a major data breach in December – the extent of which is still being uncovered – and pegs the latest number of customers that have had their personal information stolen anywhere from 70 to 110 million.  As a public company, a breach of this magnitude should be material enough to warrant a Form 8-K filing, right?  As of this post, Target doesn’t seem to think so.

Form 8-K contains mandatory disclosure requirements when certain enumerated events occur, as in the entry into a material definitive agreement (Item 1.01) or the resignation of a director (Item 5.02).  Reporting an event such as the Target data breach would likely fall under Item 8.01 of Form 8-K, which is used to report “Other Events.”  Item 8.01 permits the registrant, at its option, to disclose any events not otherwise called for by another Form 8-K Item that the registrant “deems of importance to security holders,” and is an entirely voluntary filing.

Although filing under Item 8.01 of Form 8-K is voluntary, other companies that have suffered smaller data breaches have opted to file an 8-K to disclose such breaches, including The TJX Companies, Inc.’s (NYSE: TJX) breach disclosed in an 8-K in January, 2007, and Morningstar, Inc.’s (NASDAQ: MORN) more recent breach disclosed in an 8-K in July, 2013.  Target’s securities lawyers may believe that the breach is not “important to security holders,” or  is not sufficiently material enough to the roughly $38 billion company to warrant the filing of an 8-K, but 70 to 110 million affected customers is hardly immaterial, even for Target.   In a statement released January 10, Target warned that the costs related to the breach “may have a material adverse effect on Target’s results of operations in fourth quarter 2013 and/or future periods.”

Indeed, Target evidently determined when filing its Form 10-K for 2012 that the risk of a data security breach was material enough to warrant disclosure in its risk factors:

If our efforts to protect the security of personal information about our guests and team members are unsuccessful, we could be subject to costly government enforcement actions and private litigation and our reputation could suffer.”

The nature of our business involves the receipt and storage of personal information about our guests and team members. We have a program in place to detect and respond to data security incidents. To date, all incidents we have experienced have been insignificant.  If we experience a significant data security breach or fail to detect and appropriately respond to a significant data security breach, we could be exposed to government enforcement actions and private litigation. In addition, our guests could lose confidence in our ability to protect their personal information, which could cause them to discontinue usage of REDcards, decline to use our pharmacy services, or stop shopping with us altogether. The loss of confidence from a significant data security breach involving team members could hurt our reputation, cause team member recruiting and retention challenges, increase our labor costs and affect how we operate our business.” (emphasis added)

Of course, there is no time limit for filing under Item 8.01 of Form 8-K due to it being a voluntary filing, so a filing may still be forthcoming from Target.  In any event, one can only imagine that the risk factor language above will look very different in Target’s next Form 10-K filing in two months.

Article by:

Of:

Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C.

I Scream, You Scream, We All Scream For…Ascertainability? Re: How Ben & Jerry’s Defeated an “All Natural” Class Certification Motion

Sheppard Mullin 2012

 

On January 7, 2014, the Northern District of California refused to certify a class of Ben & Jerry’s purchasers who allegedly had purchased ice cream that was falsely advertised as “all natural.” Astiana v. Ben & Jerry’s Homemade, Inc., No. C 10-4387 PJH, 2014 U.S. Dist. LEXIS 1640 (N.D. Cal. Jan. 7, 2014).  This opinion shows the continuing viability of arguments based on ascertainability and the Supreme Court’s decision in Comcast Corp. v. Behrend, 133 S. Ct. 1426 (2013) to defeat consumer class actions.  Thus, for many defendants, this opinion will get 2014 off to a delicious start.

In Astiana, the plaintiff alleged that certain Ben & Jerry’s ice creams were not “all natural” because they contained “alkalized cocoa processed with a synthetic ingredient.”  Astiana, p. 4.  After asserting claims under the Unfair Competition LawFalse Advertising Law, as well as common law fraud and unjust enrichment, the plaintiff sought to certify a class of all California purchasers of “Ben & Jerry’s ice cream products that were labeled ‘All Natural’ but contained alkalized cocoa processed with a synthetic ingredient.”

The court denied class certification.  First, the court held that the class was not ascertainable so that it was “administratively feasible to determine whether a particular person is a class member.” Astiana, p. 5.  The court found that the plaintiff provided no evidence as to how the plaintiff could tell which consumers purchased ice cream with the synthetic ingredients because the synthetic ingredient was not present in every ice cream labeled as “all natural.”  Furthermore, because cocoa could be processed with a “natural” alkali, the ingredient list that only said “processed with alkali” was insufficient to identify the non-natural ice creams.  Even though only one supplier provided Ben & Jerry’s with the alkalized cocoa, the evidence demonstrated that the supplier did not know whether a synthetic ingredient was used in every instance.  Thus, even if every package was labeled “all natural,” it was impossible to tell which products actually contained the synthetic ingredients that would make the advertised claim false under California law.

Second, applying Comcast, the court held that the plaintiff was required to show “that there is a classwide method of awarding relief that is consistent with her theory of deceptive and fraudulent business practices.”  Astiana, p. 21.  The plaintiff offered no expert testimony on calculating damages, contending, instead, that it would be “simple math” to calculate Ben & Jerry’s profits and award “restitutionary disgorgement.”  The court held that this was insufficient: there was no evidence that the price of Ben & Jerry’s “all natural” ice cream was higher than its ice cream without that label, thus there was no evidentiary model tying damages to plaintiff’s theory of the case.  Since Ben & Jerry’s sold its products at wholesale (rather than to the public directly), these calculations would be extremely difficult, thereby debunking the plaintiff’s claim that the damages could be figured out with “simple math” and proving the need for expert testimony.  In light of the plaintiff’s failure to present evidence of “a damages model that is capable of measurement across the entire class for purposes of Rule 23(b)(3),” class certification was denied.

Astiana demonstrates that plaintiffs seeking to certify class actions involving small consumables will continue to run into ascertainability problems.  See e.g. Carrera v. Bayer, Corp., 727 F.3d 300 (3d Cir. 2013).  Astiana also represents the application of the strong reading of Comcast, essentially telling plaintiffs “No damages expert, no certification.”  If courts continued to adopt this reading of Comcast, plaintiffs will no longer be able to gloss over these significant (and oftentimes difficult) damages issues by simply asserting that the court can certify now and figure out the damages later.

Article by:

Paul Seeley

Of:

Sheppard, Mullin, Richter & Hampton LLP

Wisconsin Supreme Court Upholds Broad Asbestos Exclusion

vonBriesen

 

In Phillips v. Parmelee, 2013 WI 105 (Dec. 27, 2013), the Wisconsin Supreme Court upheld the validity of a broad asbestos exclusion.

In 2006, Daniel Parmelee and Aquila Group (“Sellers”) sold an apartment building to Michael Phillips, Perry Petta and Walkers Point Marble Arcade, Inc. (“Buyers”) covered by an American Family business owners policy. Prior to selling the building to Buyers, Sellers received a property inspection report noting the probable presence of asbestos. However, Buyers claimed Sellers never put them on notice that the property probably contained asbestos and eventually filed suit.

The trial court granted American Family’s motion for declaratory judgment due to the policy’s broadly worded asbestos exclusion. The court of appeals upheld the trial court’s decision.

The asbestos exclusion at issue stated as follows:

This language does not apply to … “property damage” … with respect to:

a. Any loss arising out of, resulting from, caused by, or contributed to in whole or in part by asbestos, exposure to asbestos, or the use of asbestos. “Property damage” also includes any claim for reduction in value of real estate or personal property due to its contamination with asbestos in any form at any time.

b. Any loss, cost, or expense arising out of or in any way related to any request, demand, order, or statutory or regulatory requirement that any insured or others identify, sample, test for, detect, monitor, clean up, remove, contain, treat, detoxify, neutralize, abate, dispose of, mitigate, destroy, or any way respond to or assess the presence of, or the effects of, asbestos.

….

f. Any supervision, instructions, recommendations, warnings or advice given or which should have been given in connection with any of the paragraphs above.

The only issue presented to the Wisconsin Supreme Court was whether the asbestos exclusion in the American Family policy precluded coverage for the losses claimed by Buyers.

First, Buyers argued the term “asbestos” is ambiguous because it is undefined in the American Family policy and there are various forms and meanings of “asbestos.” The court was unpersuaded and found a reasonable person reading the policy would understand the word “asbestos” to mean any form of asbestos.

Buyers then argued the broad language of the asbestos exclusion invites multiple reasonable interpretations and it should be narrowly construed against American Family. The court found the case law cited by Buyers in support of their position to be factually distinguishable because the exclusion language in that policy was materially different from the broad, comprehensive language in the American Family policy, which included a wider range of asbestos-related losses than the case law cited by Buyers.

Finally, Buyers asserted that the Sellers negligently failed to disclose defective conditions or any other toxic or hazardous substances contained on the property. However, the court found nothing in the record to demonstrate the Buyers sustained any loss related to electrical or plumbing issues. Rather, the loss arose from asbestos.

For the aforementioned reasons, the Wisconsin Supreme Court upheld the court of appeals’ decision giving force to American Family’s broadly worded asbestos exclusion.

Article by:

Of:

von Briesen & Roper, S.C.

Dark Sites Re: Secret Websites

DrinkerBiddle

 

In our modern media age, it sometimes feels as though everyone in the entire world has noticed the same thing at the same time.  So it is with the Deep Web and the darknes that lurk in the shadows – it was an obscure topic until few months ago, and now your grandparents have probably heard of them.  Once the type of thing that only geeks (like me!) would think and/or talk about, the topic has now made the front cover of Time Magazine (in a piece by legendary fantasy author and critic Lev Grossman).  It has also made national news (with the takedown of the infamous SIlk Road marketplace) and inserted itself into a far more noticeable place of prominence in our culture.

These hidden sites can be found through a collection of anonymous servers that enable a vivid underground of dissidents, hackers, criminals, law enforcement, drug runners and folks who seem like refugees from a James Bond movie.  All you need is a specialized tool like TOR, and (if you believe the stories) you can live a secret life online.  But should you care?  As a character says in one of my novels, “you may not be interested in the deep web, but the deep web is very interested in you.”

In the past when we talked with clients about the dark sites of the deep web, people really thought that it sounded like something out of a William Gibson story, like Chiba City in Neuromancer, or the Night Market in Nick Harkaway’s Angelmaker.   But now companies are suddenly finding themselves confronting deep web issues as never before, whether because someone has “doxed” their employees or executives (by releasing personally identifiable information on persistent sites that cannot be taken down), because their products are being counterfeited and distributed by online networks, because they are being defamed on chat boards that cannot be reached let alone turned off, because someone has used TOR to anonymously hack their passwords — the possibilities are endless, troubling, and happening now.  If you want to steal someone’s trade secrets and want to ensure that the transaction is untraceable, suddenly there are tools to accomplish exactly that.  If you’ve learned how to copy a product using a 3-D printer, you can distribute the plans.  If you want to cause trouble, you can hire someone directly to do that, pay them in bitcoins, and watch the damage from afar.

As a lawyer, it is impossible not to see how this is going to have a dramatic impact on IP, privacy, and nearly every other thing we do.  The Internet of Things is coming shortly (the FTC just held a workshop on the topic this week), and the facial recognition technologies and environmental advertising predicted in Minority Report are no longer futuristic fictions.  3-D and electronic printing promises to give ever smaller groups the ability to make things based on electronic schematics without access to heavy industry.  More and more information will be available about more people, and will be available to more people – and the fact that there are genuinely secure ways where those who are so inclined can use that data for criminal purposes should give everyone pause.

To be sure, all of this seems rather abstract, and it can sound like a tabloid scare tactic.  But there are some things that everyone can do to deal with the risks in their own lives.  First, engage in some data security hygiene: change your passwords regularly, don’t pass them out, don’t allow them to be easily engineered by people who know a few random facts about you.  Second, think about whether you are in a business where people will want to copy your products, will want to pretend to be you, will want to steal your information.  If you are that type of business, it is worth checking from time to time to see if you have been targeted.  And finally, as always, if is critical that everyone in this day and age try to stay abreast of what is happening in the world of tech – it is easy to assume that because you make donuts, or own a small clothing store, or manage a bank, or run a hedge fund, that you don’t need to know about the cutting edge developments coming down the pipe.  But you do.  The time when you could just stick to your knitting and ignore the tech world is past, and you need to assume that the tech world is very interested in you, indeed.

Article by:

Darren S. Cahr

Of:

Drinker Biddle & Reath LLP