Hunton Retail Law Resource

March was an eventful month in the world of recalls. Children’s products have always been a CPSC focus, and for good reason. A recent study by Nationwide Children’s Hospital examined data over a 21-year period and found that a young child visits the emergency room for an accident involving a nursey product about every eight minutes. That is roughly 66,000 children annually. Last month alone, children’s products were the subject of six recalls. That trend continued in March as six children’s products were again recalled—infant caps, toys, games, sleepwear, bibs and rattles. The CPSC also approved unanimously a new federal safety standard for infant bath tubs. This serves as a notable development because, under the 1981 Amendments to the Consumer Product Safety Act, the CPSC must defer to an existing industry standard if it adequately addresses the risk and fosters adequate compliance. Accordingly, the CPSC has only issued 37 safety standards and roughly one-third of them (14) are for children’s products. The new standard serves as additional evidence that the CPSC is taking a more proactive approach to regulating children’s products.

This past week, several consumer actions made headlines that affect the retail industry.

Health App Makers Settle with NY Attorney General Over Heart Rate Claims and Murky Privacy Policies 

Three mobile health app developers have agreed to a settlement with the NY AG over allegations that they made false claims about their apps’ ability to measure vital statistics and failed to inform users what data the apps collected and stored. The app makers promised their products accurately measured heart rates and detected fetal heart beats, but the NY AG alleged the companies lacked sufficient information to back these claims. The companies’ privacy policies also neglected to inform consumers that the apps collected and stored sensitive information such as unique device identifiers and geolocation data. The app developers have agreed collectively to pay the AG $30,000 in penalties, revise their privacy policies to enhance disclosure and require users’ affirmative consent, and refrain from making misleading claims about their products.

As posted on the Hunton Privacy and Information Security Law blog, recently, Virginia passed an amendment to its data breach notification law that adds state income tax information to the types of data that require notification to the Virginia Office of the Attorney General in the event of unauthorized access and acquisition of such data. Under the amended law, an employer or payroll service provider must notify the Virginia Office of the Attorney General after the discovery or notification of unauthorized access and acquisition of unencrypted and unredacted computerized data containing a Virginia resident’s taxpayer identification number in combination with the income tax withheld for that taxpayer.

This past week, several consumer actions made headlines that affect the retail industry.

NARB Permits Unilever’s Challenge of Colgate Palmolive’s Tom’s of Maine “Natural” Claims

The National Advertising Review Board (“NARB”), the appellate body of the advertising industry’s self-regulation system, upheld Unilever’s challenge regarding the truthfulness of Colgate Palmolive’s claims for Tom’s of Maine antiperspirant, despite the fact that the challenged claims were the subject of a court-ordered settlement in class action litigation. Unilever had challenged claims that Tom’s is “Naturally Dry,” “It really works. Naturally,” and “meets our stewardship model for safe, effective and natural” before the NAD. Colgate argued that the challenge should be dismissed based on NAD procedures for providing closure where the challenged claims are subject to pending litigation. The NARB found that the settlement order did not make any findings with respect to the claims challenged by Unilever, and that NAD’s exercise of jurisdiction posed no danger of conflicting court findings.

Recently, Kurt Larkin and Ryan Glasgow, partners on Hunton & Williams’ Labor & Employment team, discussed the possible effects of a recent Fourth Circuit Court of Appeals case that creates an altogether new and incredibly broad joint employment standard under the Fair Labor Standards Act (“FLSA”). They opine that the decision threatens to redefine the contours of joint employer liability under the FLSA and severely impact key business arrangements, like the franchise model.

Read the full article.

The Second Circuit recently held that Rite-Aid lawfully fired a long-tenured pharmacist after he refused to comply with the company’s new mandate that pharmacists must administer immunizations. The court’s decision overturned a jury verdict of $2.6 million in the pharmacist’s favor and reminds employers what it takes to show that a given function is “essential” and what accommodations are reasonable. The former pharmacist had claimed Rite-Aid illegally discharged and retaliated against him, and refused to accommodate his disability—trypanophobia, or needle phobia—under the Americans with Disabilities Act and similar state law.

Since the beginning of 2017, the SEC has announced three enforcement actions charging companies, activist hedge funds and related individuals with violating the Securities Exchange Act of 1934. These enforcement actions targeted parties who allegedly failed to comply with disclosure obligations in the context of hostile takeovers and shareholder activism campaigns.

Read the full alert.

On March 14, 2017, the Consumer Review Fairness Act of 2016 (the “Fairness Act”) will come into effect, 90 days after it was signed into law by President Obama. The Fairness Act voids any provision in a form contract between a consumer and a business that (1) restricts the consumer’s ability to leave reviews, (2) imposes penalties for leaving negative reviews or (3) transfers intellectual property rights in reviews or feedback content from the consumer to the business. The Fairness Act was passed in response to an increase in the use of so-called “non-disparagement clauses” that prohibited consumers from sharing their honest opinions about a seller’s goods, services or conduct.

Emboldened by its recent victory in SAP v. Diageo (2017) EWHC (TCC) 189, SAP may become even more opportunistic when it comes to auditing its customers’ use of various SAP products. On February 16, 2017, the England and Wales High Court of Justice, Queen’s Bench Division (Technology and Construction Court) ruled that the use by Diageo’s sales representatives and customers of various software systems that pulled data from and pushed data to Diageo’s instance of mySAP ERP, even though there was no direct access to or use of mySAP ERP by such sales representatives or customers, constituted impermissible access to and use of mySAP ERP under Diageo’s license agreement with SAP.

On March 17, 2017, retailer Neiman Marcus agreed to pay $1.6 million as part of a proposed settlement (the “Settlement”) to a consumer class action lawsuit stemming from a 2013 data breach that allegedly compromised the credit card data of approximately 350,000 customers.