Data Privacy & Security
FTC Staff Comments on NIST’s Proposed Privacy Framework
- Federal Trade Commission (“FTC”) staff submitted a comment on the preliminary draft of the National Institute of Standards and Technology’s (“NIST”) Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management (“Framework”).
- NIST’s Framework is intended to help organizations build privacy foundations by driving better privacy engineering and facilitating intra-organization dialogue about privacy risks.
- The FTC staff’s comment suggests that the Framework be revised to address privacy breaches at each step of the Framework, clarify that an organization’s procedures for managing privacy should reflect the sensitivity of the information being protected, and more thoroughly discuss the analyses organizations should perform to ensure that consumers understand their privacy practices, among other things.
Massachusetts Attorney General Sues Exxon for Allegedly Misleading Consumers and Investors Regarding Risks of Climate Change
- Massachusetts AG Maura Healey sued Exxon Mobil Corporation (“Exxon”) for allegedly misleading consumers and investors about the risks that fossil fuel-driven climate change poses to Exxon’s business, in violation of the Massachusetts Consumer Protection Act and related regulations.
- According to the complaint, Exxon allegedly systematically and intentionally made misleading statements and failed to make material disclosures relating to the link between increased fossil fuel use and climate change and the catastrophic consequences of climate change, which were material to consumer investment and purchasing decisions about Exxon products.
- The complaint seeks injunctive relief, monetary damages, and costs and fees, among other things.
- AG Healey’s lawsuit follows a years-long investigation that paralleled one by the New York Attorney General’s Office under that state’s securities law which, as previously reported, went to trial earlier this month.
FTC Sends Warning Letters to Retailers Regarding Cosmetic Contact Lenses
- The FTC sent letters to seven brick-and-mortar retailers warning them that selling contact lenses without a prescription constitutes a violation of the Fairness to Contact Lens Consumers Act and the Contact Lens Rule (“Rule”).
- According to the letters, both corrective and cosmetic contact lenses are restricted medical devices and can only be sold with a valid prescription, which helps ensure that consumers have been examined and properly fitted for contact lenses by a licensed eye care professional. The letters warn that lack of guidance or supervision by a licensed eye care professional may result in serious injuries or complications from cosmetic contact lenses.
- The letters notify the retailers that violations of the Rule may result in legal action, including civil penalties, and request that the retailers respond with a plan to address the alleged violations.
Labor & Employment
Ten Attorneys General File Amicus Brief in Support of Continuing Collection of Employer Pay Data
- 10 AGs and 9 state and local civil rights enforcement agencies, led by California AG Xavier Becerra, filed an amicus brief in the U.S. Court of Appeals for the District of Columbia Circuit in the matter of National Women’s Law Center, et al. v. Office of Management and Budget, et al., No. 19-5130, urging the Court to affirm the lower court’s ruling that requires the Equal Employment Opportunity Commission (“EEOC”) to continue collecting certain pay data from private employers with over 100 employees as required by Title VII.
- In the brief, the AGs and agencies argue that they need pay data in order to prevent, deter, and remedy pay discrimination in their jurisdictions and explain how the data helps agencies set strategic enforcement priorities, assist employees in determining whether to file discrimination suits, and encourage voluntary compliance, among other things.
- The AGs urge the Court to affirm the U.S. District Court for the District of Columbia ruling that the stay was improper and order that the EEOC collect 2017 and 2018 pay data from private employers.
Washington Attorney General Reaches Settlement with Coffee Chain Over Non-Compete Agreements
- Washington AG Bob Ferguson reached a settlement with a local coffee chain, Mercurys Madness Inc. d/b/a Mercurys Coffee (“Mercurys Coffee”), over allegations that Mercurys Coffee’s use of non-compete agreements violated the state Unfair Business Practices-Consumer Protection Act.
- According to the AG’s office, Mercurys Coffee allegedly required all employees, including those earning minimum wage, to sign restrictive non-compete agreements that generally prevented the former employees from working for other local coffee shops for 18 months after termination of employment, and enforced these agreements against low-wage workers.
- Under the terms of the settlement and consent decree, Mercurys Coffee waives its right to enforce existing non-compete agreements against current and former employees and is prohibited from including non-compete provisions in current or future employment contracts with employees earning less than $100,000 per year, among other things.
Kentucky Attorney General Settles with Bayer Over Alleged Failure to Disclose Risks Associated with Oral Contraceptives
- Kentucky AG Andy Beshear reached a settlement with Bayer Corporation (“Bayer”) to resolve allegations that Bayer misled consumers about risks associated with certain birth control products in violation of the Kentucky Consumer Protection Act.
- The lawsuit, filed in 2013, alleged that Bayer failed to inform women about the higher risk of blood clots associated with oral contraceptives Yasmin and YAZ, and that Bayer’s misleading advertising violated a 2007 multistate consent decree in which Bayer agreed not to make any false, misleading or deceptive representation regarding any of its pharmaceutical products, which later was modified to specify a ban on misleading advertising of YAZ.
- Under the terms of the settlement, Bayer agrees to pay $17 million to the state but does not admit liability.