Advertising Law - August 2015 #4

by Manatt, Phelps & Phillips, LLP
Contact

In This Issue:

  • In Case You Missed It: Possible Jail Time for TCPA Violations, Microsoft Gets Slammed With Solicitation Scam Class Action, and 'Do Not Disturb' Technology Gets Pushed on FCC
  • FTC Letter Provides Lessons in Data Security
  • Pharmaceutical Cos. Can Make Truthful, Non-Misleading Claims About Off-Label Uses, New York Court Rules
  • Kardashian + Instagram + Drug Endorsement = FDA Warning Letter
  • Data Broker Operation Settles With FTC
  • Noted and Quoted . . . Wasserman Helps NutraIngredients-USA Remember the Importance of Substantiating Memory Claims for Dietary Supplements and Discusses the Confusion Surrounding the Use of Stevia Leaves

In Case You Missed It: Possible Jail Time for TCPA Violations, Microsoft Gets Slammed With Solicitation Scam Class Action, and 'Do Not Disturb' Technology Gets Pushed on FCC

The world of the Telephone Consumer Protection Act is never quiet, and in last week's issue of TCPA Connect, Manatt's newsletter devoted to all things TCPA, we turned up the volume on a few cases and proposed congressional changes. The Quell Unnecessary, Intentional and Encroaching Telephone Calls Act of 2015 (the QUIET Act) was introduced by Sen. Charles Schumer (D-N.Y.) which would impose criminal penalties for violations of the TCPA. Also, Microsoft made headlines in a class action filed in California based on violations of the Federal Trade Commission's new declaratory order. To read more on the QUIET Act and other recent TCPA developments and cases, click here.

FTC Letter Provides Lessons in Data Security

The Federal Trade Commission offered industry some lessons in data security by way of a letter to Morgan Stanley Smith Barney LLC that closed an investigation into possible privacy violations at the company.

"[D]ata security is an ongoing process," Maneesha Mithal, associate director of the FTC's Division of Privacy and Identity Protection, wrote to Morgan Stanley's counsel. "As risks, technologies, and circumstances change over time, companies must adjust security practices accordingly."

Allegations that a Morgan Stanley employee misappropriated information about wealth management clients triggered the investigation. The employee purportedly transferred data from the company's computer network to a personal website that he accessed at work and then onto his personal devices. Clients were exposed to potential harm because the data appeared on multiple websites, the FTC said.

But the agency decided to close the investigation instead of moving forward with an enforcement action based on Morgan Stanley's preexisting policies, which were designed to protect against the insider theft of information, and its prompt response when it discovered that a set of controls was improperly configured, Mithal explained.

"Morgan Stanley had established and implemented comprehensive policies designed to protect against inside theft of personal information," the letter stated. "For example, the company established and implemented a policy allowing employees to access only the personal data for which they had a business need, monitored the size and frequency of data transfers by employees, prohibited employee use of USB or other devices to ex-filtrate data, and blocked employee access to certain high-risk Web applications and websites."

The employee at issue gained access to client data despite the controls only because "the access controls applicable to a narrow set of reports were improperly configured," the FTC said. "However, Morgan Stanley promptly fixed the problem when it came to the company's attention."

Emphasizing that data security is not a static, unchanging task for a business, the FTC reminded Morgan Stanley—and other businesses—to stay on top of the issue. "As employees increasingly use personal websites and a host of online applications, companies should deploy appropriate controls to address the potential risks of broad access to such resources on work devices," Mithal concluded. "We hope and expect that all companies that handle sensitive consumer information will employ reasonable and appropriate safeguards to protect against unauthorized misuse of such data."

To read the FTC's letter closing the investigation, click here.

Why it Matters: In a blog post discussing the Morgan Stanley investigation, the agency said the incident provided three lessons for businesses that handle sensitive consumer information: prevention efforts—such as monitoring the size and frequency of data transfers by employees—are key, as are limiting access to confidential material and adjusting data security practices in light of changing technologies and current risks.

Pharmaceutical Cos. Can Make Truthful, Non-Misleading Claims About Off-Label Uses, New York Court Rules

Respecting the First Amendment rights of businesses to make truthful claims, a federal court judge in New York said the Food and Drug Administration could not limit Amarin Pharma, Inc.'s statements about off-label uses of its drug Vascepa because the claims were not misleading.

In granting the pharmaceutical manufacturer's motion for a preliminary injunction against the agency, U.S. District Court Judge Paul A. Engelmayer said the company could make statements about the omega-3 drug's benefits for patients with "persistently high triglycerides" (with levels between 200 and 499 mg/dL) even though it does not have FDA approval to treat such a population. Currently Amarin only has clearance to market Vascepa to adult patients with "very high triglycerides," with levels above 500 mg/dL.

The dispute arose from a criminal action against Alfred Caronia, a pharmaceutical sales rep for Amarin Pharma. The FDA charged Caronia with violating the Food, Drug and Cosmetic Act after he promoted Vascepa for off-label use. Caronia appealed his conviction for conspiring to introduce a misbranded drug into interstate commerce to the Second Circuit Court of Appeals, which the three-judge panel reversed in 2012.

According to the court in U.S. v. Caronia, the misbranding provisions of the FDCA must be construed "as not prohibiting and criminalizing the truthful off-label promotion of FDA-approved prescription drugs" where the off-label use itself is lawful.

Amarin then sought to make statements to doctors about the off-label use of Vascepa based on two clinical trials. But the FDA rejected the proposals and threatened to take legal action. Amarin filed suit seeking an injunction to halt the agency from bringing misbranding charges against the company and its employees.

Relying heavily upon Caronia, Judge Engelmayer granted the relief.

The court rejected the FDA's narrow reading of Caronia as a "fact-bound decision" that turned on the jury instructions in his trial. "The Court's considered and firm view is that, under Caronia, the FDA may not bring such an action based on truthful promotional speech alone, consistent with the First Amendment," the court wrote, quoting the Second Circuit opinion: "To the extent there is any ambiguity as to whether off-label promotion is tantamount to illegal misbranding, we construe the FDCA narrowly to avoid a seriously constitutional question."

"Speech in the aid of pharmaceutical marketing is a form of expression protected by the First Amendment, the court said. Because off-label use of approved drugs is lawful, prohibiting the truthful promotion of off-label drug usage by a particular class of speakers would not enhance the FDA's approval process or reduce patient exposure to unsafe or ineffective drugs. Instead, allowing such actions paternalistically interferes with the ability of physicians and patients to receive potentially relevant information, the court explained."

"Therefore, insofar as Amarin seeks preliminary relief recognizing its First Amendment right to be free from a misbranding action based on truthful speech promoting the off-label use of an FDA-approved drug, Amarin has established a substantial likelihood of success on the merits on this point," Judge Engelmayer wrote.

To read the opinion and order in Amarin Pharma, Inc. v. FDA, click here.

Why it Matters: In a resounding victory for Amarin (and the pharmaceutical industry in general), the court rejected the FDA's concerns that the holding could undermine the drug approval process. Judge Engelmayer emphasized that the First Amendment does not protect false or misleading commercial speech and that "the dynamic nature of science and medicine is that knowledge is ever-advancing." He placed the burden on Amarin going forward to ensure that its communications—while fair and balanced today—remain truthful and non-misleading as new studies are done and new data is acquired.

Kardashian + Instagram + Drug Endorsement = FDA Warning Letter

Did Kim Kardashian violate the Food and Drug Administration's marketing regulations with a social media post about morning sickness medication?

According to a warning letter from the FDA to pharmaceutical company Duchesnay, Kardashian's July Instagram post that its drug Diclegis cured her morning sickness ran afoul of the agency's regulations.

Text accompanying a photo of the reality star holding a bottle of Diclegis read: "OMG. Have you heard about this? As you guys know my #morningsickness has been pretty bad. I tried changing things about my lifestyle, like my diet, but nothing helped, so I talked to my doctor. He prescribed me #Diclegis, and I felt a lot better and most importantly, it's been studied and there was no increased risk to the baby. I'm so excited and happy with my results that I'm partnering with Duchesnay USA to raise awareness about treating morning sickness. If you have morning sickness, be safe and sure to ask your doctor about the pill with the pregnant woman on it and find out more www.diclegis.com; www.DiclegisImportantSafetyInfo.com."

In a letter from the division director of the FDA's Office of Prescription Drug Promotion, Robert Dean, the agency said the social media posts (Kardashian's Instagram is linked to her Facebook and Twitter accounts) were false and misleading in violation of the Food, Drug and Cosmetic Act.

While Kardashian highlighted the positive benefits of Diclegis, she failed "to communicate any risk information associated with its use" and omitted material facts, Dean wrote. "These violations are concerning from a public health perspective because they suggest that Diclegis is safer than has been demonstrated."

The post misbranded Diclegis in two ways, the FDA said. First, the post "entirely omits all risk information," and the suggestion to visit the drug's website "does not mitigate the misleading omission of risk information." Secondly, the post failed to provide material information about Diclegis' approved indications, including an important limitation that the drug has not been studied in women with hyperemesis gravidarum.

Of particular concern to the FDA is the fact that this wasn't the first time the agency has written to Duchesnay about misbranding Diclegis. The pharmaceutical manufacturer received a similar letter from the agency in November 2013 regarding promotional activities that omitted all risk information and material facts about Diclegis' limitation of use.

Duchesnay should immediately stop misbranding the drug, the agency wrote, and provide the FDA with a plan for discontinuing the use of such promotional materials. Given the company's prior history of misbranding, the company must further submit "a comprehensive plan of action to disseminate truthful, non-misleading, and completely corrective messages" about the issues discussed in the letter.

To read the FDA's warning letter to Duchesnay, click here.

Why it Matters: Despite the FDA's action, Kardashian's high-profile social media presence has already given Duchesnay and Diclegis a sizable boost. The Instagram post at issue—which has since been removed from the reality star's account—gathered 450,000 likes and Treato, an Internet-based intelligence company that analyzes social media, found that the drug got a 500 percent increase in digital activity in July. Although Kardashian herself is out of the reach of the FDA, the Federal Trade Commission could decide to make an example of the situation and take action against her as an endorser.

Data Broker Operation Settles With FTC

The Federal Trade Commission recently charged a group of data brokers and individuals with selling financial information regarding payday loan applicants to a third party that made millions of dollars in unlawful charges.

The FTC alleged that the defendants—Florida-based Sequoia One LLC, Gen X Marketing Group LLC, and four individuals—purchased payday loan applications submitted by consumers to third-party sites and collected similar applications from their own sites. The applications contained personal information such as consumers' bank accounts, routing numbers and Social Security numbers. But instead of passing the application on to a legitimate payday lender, the agency said the defendants violated Section 5 of the Federal Trade Commission Act by selling data on almost 500,000 consumers to third parties that had no legitimate need for the information.

Third parties such as Ideal Financial Services, the subject of an agency enforcement action in 2013 that resulted in a $25 million settlement with a company executive, used the information to unlawfully debit consumers' bank accounts and charge their credit cards without consent for approximately $7 million in fraudulent transactions. Unknowing consumers faced bank fees for insufficient funds or were forced to close their accounts, the FTC alleged.

While legitimate payday lenders will pay up to $100 for a loan application, Ideal Financial purchased applications for about 50 cents each—an indication that the third parties were engaging in a scam, the FTC said. The defendants knew about Ideal Financial's unlawful activities, the agency added, and even tried to help cover up the fraud by establishing a front company.

Three of the individual defendants agreed to settle with the Commission. In proposed consent orders, they agreed to a $10.8 million judgment suspended upon a payment of $15,000, as well as a prohibition from selling or otherwise benefitting from customers' personal information.

Litigation continues against the other defendants.

To read the complaint and stipulations in FTC v. Sequoia One LLC, click here.

Why it Matters: The FTC's enforcement action demonstrates the agency's continued oversight of data brokers following a staff report from the agency last year or as Director of the FTC's Bureau of Consumer Protection Jessica Rich noted in a press release about the action, "Companies that collect people's sensitive information and give it to scammers can expect to hear from the FTC."

Noted and Quoted . . . Wasserman Helps NutraIngredients-USA Remember the Importance of Substantiating Memory Claims for Dietary Supplements and Discusses the Confusion Surrounding the Use of Stevia Leaves

"With the aging population and the seeming increase in the number of Alzheimer's cases … we can expect that the close scrutiny of memory claims will continue," Ivan Wasserman, partner in the firm's Advertising, Marketing and Media practice, told NutraIngredients-USA last week in an article touching on the boundaries around memory improvement claims of dietary supplements. The article discusses a recent batch of letters sent by Sen. McCaskill (D-M.O.) to retailers inquiring how they prevent sales of harmful or fraudulently marketed products in their stores, and reviews the implications of an Federal Trade Commission action from 2014 in which the FTC deemed a product's memory claims unsubstantiated. To read "Remember to Back Up Memory Claims with Precise Substantiation, Expert Says," click here.

FoodNavigator-USA also caught up with Wasserman in lieu of a recent FDA warning letter reminding food and beverage manufacturers that whole-leaf stevia is not recognized as safe for conventional foods. Wasserman said that "[…] many manufacturers have become more comfortable with using stevia in foods and beverages since the FDA first accepted with no objection a GRAS notification for a highly purified extract of the plant in 2008." This article, "FDA Warning Letter Reminds Industry Whole Stevia Leaf is not GRAS or an Approved Food Additive" explores the issue in more detail, touching on the difference between using whole-leaf stevia and highly purified stevia and other details that are adding the industry-wide confusion surrounding this ingredient. To read the article, click here.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Manatt, Phelps & Phillips, LLP | Attorney Advertising

Written by:

Manatt, Phelps & Phillips, LLP
Contact
more
less

Manatt, Phelps & Phillips, LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):
hide

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.

Security

JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.