BakerHostetler 2021 Data Security Incident Response Report – Disruption and Transformation
The report provides risk mitigation and compromise response intelligence from more than 1,250 data security incidents the firm helped manage responses to in 2020, including ransomware and vendor incidents.
BakerHostetler released the seventh edition of its annual Data Security Incident Response (DSIR) Report, which features insights and metrics from the response to more than 1,250 incidents (and their aftermaths) the firm helped clients manage in 2020. The data and analysis in the report – from security incidents to regulatory enforcement matters, class actions, compliance projects, data governance and advisory matters – can be used by organizations to identify and quantify likely risks and to develop a prioritized security and compliance road map. Download the report here.
From Strike Suits to Strike Settlements?
Yet another “vanilla” case adds to the frothy flood of class actions
Some artists contain multitudes—like Picasso, they constantly grow and evolve, taking on new styles, trying on new personas. Others are good for one great trick that they play over and over again—like Mark Rothko (or, less charitably, Ed Sheeran).
But no matter how repetitive they become, there’s always room for slight variation within their given art form that helps keep things from getting stale.
Consider the artistes behind the recently settled Biegel v. Blue Diamond Growers. We’ve met them before. They brought us three separate-but-related lawsuits against Mars Wrigley Confectionary (see here, here and here) and a fourth against Kingsford Products Co.
They’re natural lawyers. Not natural, as in “born with the gift for contract review”, but natural—as in “enthused about suing companies for making ‘natural’ claims”.
In the case of the Kingsford suit, they represented a class of consumers upset over the company’s use of the “100% Natural Hardwood Briquets.” And in the case of the Mars Wrigley disputes, it was all about “natural” vanilla, berries, and chocolate ingredients.
Mars claimed that the “vanilla” lawsuit, was a “strike suit”—one of about “100 putative class actions” that employ “a raft of recycled complaints” against food manufacturers alleging they “intentionally deceived consumers by failing to flavor their products with flavoring 100% derived from the ‘tropical orchid of the genus Vanilla.’”
Biegel doesn’t exactly dispel the whiff of the litigation mill—it levied “vanilla” charges against Blue Diamond Growers in the Southern District of New York regarding claims about the company’s vanilla almond milk, vanilla almond milk coconut milk blend, and vanilla almond milk yogurt.
The charges will be familiar to anyone who’s gone over the earlier Mars Wrigley suit. The products are labeled as “vanilla” or “vanilla with other natural flavors” and include imagery of the vanilla plant. They do not include any “artificial flavor” disclosures, a point that the complaint emphasizes. The ingredients list on the back of some of the Blue Diamond drinks allegedly mentioned only “natural flavors” rather than any actual vanilla ingredient, or if there was a vanilla ingredient, it was behind “natural flavors’ on the list. Plaintiffs have alleged this is misleading because consumers will expect a vanilla flavor to derive from vanilla itself, so if some other ingredients are providing the flavor, consumers have been deceived.
Blue Diamond settled, agreeing to fork over $2 million in claims for class members, $575,000 in attorney’s fees, and $25,000 in awards to the lead plaintiffs.
This development is more surprising than it would be otherwise because the company won on a motion to dismiss against these same attorneys on the same issue in December 2020 in the same court. In that decision, the court noted, a reasonable consumer would associate the representation of “vanilla” — with no additional language modifiers — to refer to a flavor and not to vanilla beans or vanilla extract as an ingredient.” Maybe the plaintiffs’ lawyers saw the writing on the wall in that case because the Biegel complaint was filed well before that decision, and it highlighted Blue Diamond products that state “vanilla with other natural flavors,” which more expressly implies the flavor is not artificial. It’s difficult to know, however, whether that would have proven a winning argument, or Blue Diamond was simply ready to move on from the litigation. Either way, the case is a cautionary tale that when making vanilla claims, it’s best to ask your attorney how to minimize risk.
Maty’s Healthy Products Exacts Sweet, Syrupy Revenge on Zarbee’s
Brings honey-based cough product rival before NAD
World War Twee
Less than a year ago we reported on a National Advertising Division (NAD) decision regarding claims made by Maty’s Healthy Products about their cough syrup dietary supplements.
As part of that case, NAD recommended that Maty’s modify the “helps soothe hacking cough” claim to make clear that this benefit is attributable to the honey in the product. If one ingredient provides the benefit, the advertiser should make that clear to avoid implying that the product’s mix of ingredients has some effect. Maty’s agreed to go along with the decision. But they must have been seething.
After all, their claims had been challenged by Zarbee’s, a rival maker of cough syrup (and other products), whose advertising, as demonstrated by this decision, suffers from the same defect. While we noted back in 2020 that the companies share an “earnestly cutesy” vibe, it appears that the slight against Maty’s didn’t simply go up in a puff of health and wellness.
Because here we are, months later, reviewing new charges—this time brought by Maty’s against Zarbee’s in a classic clapback.
Keep ‘Em Separated
“Both the advertiser and challenger sell honey-based cough relief products, including lozenges, cough syrups, and related products,” NAD notes.
The honey is key here. Maty’s challenged a jumble of claims, all of which lionized the cough-soothing properties of Zarbee’s products—some of which were tied to the effectiveness of the honey, others of which were not. As it turns out, Zarbee’s products operate the same as Maty’s with respect to cough soothing – it’s the honey that provides this benefit. And, as we now know, advertising for the product must make this clear.
So, once again, there was a mixed decision. NAD let several claims that identified honey as the magic ingredient stand. For instance, a claim on CVS’s website that “Zarbee’s Naturals 99% Honey Cough Soothers ease your child’s throat and calm coughs associated with hoarseness, dry throat, and irritants. Made with 99% honey, these soothing drops feature a delicious natural cherry flavor,” passed muster. And Zarbee’s will especially appreciate that NAD found its product labels made clear that the benefit derives from honey.
More subtle, perhaps, was NAD’s decision regarding claims with proximity to honey ingredient statements, such as “[a] safe and delicious way to soothe your cough from hoarseness, dry throats, and irritants,” which appeared on a website tile labeled “99% Honey Cough Soothers.” This passed as well.
Several other claims ran aground, however: All of them were found on various websites. For instance, the claim that Zarbee’s “[s]oothes coughs associated with hoarseness, dry throat and irritants while promoting peaceful sleep,” on the website tile for its “Cough Syrup + Mucus Nighttime.” NAD found that the claim failed to specify honey as the source of the benefit and that it instead implied that the product generally was responsible.
Zarbee’s agreed to conform to NAD’s recommendations, and thus ended the second battle in the Maty’s v. Zarbee’s ad war. Will it continue? Stay tuned for more.
Direct Seller Bulavita’s Claims Kicked Upstairs to the Feds
The price of ignoring industry self-regulation is steep
Ever heard of the Direct Selling Self-Regulatory Council (DSSRC)?
That makes sense—it’s relatively new, founded in 2019 when it took its place among the Better Business Bureau’s (BBB) national programs administered by the Advertising Self-Regulatory Council (ASRS). Today, it’s ensconced next to everybody’s favorite watchdog groups—the National Advertising Division, the Children’s Advertising Review Unit, the National Advertising Review Board, and so on.
As a member of that august pantheon, the DSSRC provides preliminary regulatory oversight for companies (and individuals) that choose to forgo traditional retail outlets to sell products, well, directly.
A recent decision by the DSSRC to seek Federal Trade Commission (FTC or Commission) review of a direct selling company provides a convenient case study of the types of claims the DSSRC reviews and regulates.
Because of the nature of the market it serves, the DSSRC will frequently have to consider both product claims made to the end consumer and earnings and lifestyle claims made to direct sales forces.
By its own testimony Bulavita is “your premier source for natural health, robust wellness, and a rewarding lifestyle you can enjoy for generations.” (Their company timeline begins in the 16th century.) The DSSRC investigated the company regarding both product and earnings claims.
Among the product claims examined were tags that focused on the country’s least-favorite inescapable topic. “How are you boosting your immune system?" one ad read, accompanied by a COVID-19 virus image with further copy stating, “3 Strategies to Bolster your Immune System.” Another asked “are you worried about the Corona Virus [sic] with your health or finances?"
As far as earnings and lifestyle claims go, DSSRC found that the company could not support claims such as “Building a significant income,” “We know there’s a better way to earn unlimited income,” and “create that walk-away income for you and your family for generations to come.”
It’s notable that with the pandemic on the wane in the United States, claims of treating COVID-19 are still in the crosshairs of regulatory organizations. NAD has brought several similar cases, but, just as a refresher, it’s always risky to reference immune benefits in combination with a disease. Disease prevention is a significant claim that would require substantial support. This is all the more true for COVID-19, considering consumers’ justified fears on that topic.
While the DSSRC doesn’t have any legal authority on its own to enforce its decisions, if companies choose not to comply, it can send recommendations to the FTC. The FTC does carry the force of law, and traditionally it pays close attention to recommendations from ASRC programs in an effort to make self-regulation more effective. Here, the DSSRC sent a recommendation to the FTC after Bulavita did not participate, which should serve as a cautionary tale to direct sellers.
For more information on the DSSRC, its background, and its governing principles, checkout this helpful overview from the BBB.
FCC Announces Compliance Tool to Rout Criminal Robocallers
Are We There Yet?!
One casualty of the pandemic that you might have missed: As phone centers closed in response to the pandemic, robocalls also lessened.
But, as one would expect, the numbers are staring to go back up again as restrictions are being lifted.
As companies return to operation, however, it may not be business as usual. They’ll have to account for the Federal Communications Commission’s (FCC) latest measure: The Robocall Mitigation Database.
We’ve Got a Little List
The Telephone Robocall Abuse Criminal Enforcement and Deterrence Act, which went into effect in 2020, requires “voice service providers to implement STIR/SHAKEN caller ID authentication technology in the Internet Protocol (IP) portions of their networks” by June 30, 2021. The STIR/SHAKEN protocol was developed by industry in response to regulatory concerns and is designed to ensure that the displayed ID of a phone call matches the number of its source.
The Robocall Mitigation Database will track compliance with the new protocol; carriers that requested an extension of the June deadline must use the database to file with the FCC “reports on the steps they are taking to ensure they are not the source of illegal calls.”
The FCC recently released details about the database in a public notice.
There’s another deadline looming—Sept. 28, 2021. On that day, voice service providers that are not registered in the Robocall Mitigation Database will be refused service by the nation’s phone companies.
For an excellent overview of STIR/SHAKEN, click here.
FTC Highlights Wins in Face of Supreme Court Decision
Congressional testimony, buoyed by staff report, demonstrates the Commission’s importance
As the FTC itself will tell you, it has a lot to brag about one year into the COVID-19 crisis.
The Commission recently published a staff report highlighting the FTC’s pandemic-related efforts. Among its successes, the Commission maintains, are warnings to more than 350 companies to remove deceptive COVID-19 claims of every stripe—from unapproved treatments and cures to financial relief scams. The Commission also took a bow for its enforcement actions against companies that failed to deliver paid-for personal protective equipment.
The FTC credits its success to its Consumer Sentinel Network, which “collects millions of reports from the public about fraud, identity theft, and other consumer problems and makes them available to thousands of law enforcement users across the country.” According to the Commission, the massive amount of data it collects allows it to target specific areas of concern as they appear—for instance, the explosive growth of delivery scams within a few weeks of COVID-19’s advent.
“Sentinel…serves as an invaluable barometer in spotting and responding to changes in the types of problems consumers are experiencing and reporting,” the report says. “These include shifts related to longer-term changes in economic conditions and patterns of consumer behavior, as well as frauds that invariably follow the headlines.”
Fire, Fear, Foes! Awake!
In contrast to this self-assured optimism, the Commission is also sounding an alarm.
A day after the staff report was released, the FTC’s chairwoman and three commissioners testified before Congress, outlining much of the same celebratory material covered by the staff report. But the testimony ends with a cri de coeur—a plea for Congress to clarify the role of the Commission, which it claims is under attack in the nation’s courts.
This fear proved well-founded – on April 22, 2021, the Supreme Court held in AMG Capital Management LLC v. FTC that Section 13(b) of the FTC Act does not authorize the award of equitable monetary relief. This decision removed one of the most important tools in the FTC’s arsenal. Without legislation from Congress, the FTC will not be able to seek monetary relief unless it goes through administrative proceedings or finds a violation of a relevant rule or statute or a violation of a previous order. This significantly hampers the Commission’s leverage in seeking to settle cases and makes an important enforcement tool more difficult to wield.
The expectation is that Congress will act rapidly to expressly give the FTC authority to seek monetary remedies. However, relying on congressional action can be fraught when considering current partisan divides. Ultimately, we expect a reaffirmation of the FTC’s traditional role. Anything otherwise would be a seismic shift in the regulatory landscape. In the meantime, the FTC has also suggested it may seek to promulgate more rules, look more closely to see whether companies have violated existing rules or statutes and will work even more closely with state attorneys general, who still have the ability to obtain monetary redress in investigations and bring enforcement actions. Stand by for further developments.