Hunton Retail Law Resource

On April 18, 2017, the state of Washington passed House Bill 1493 (“HB 1493”), which sets forth requirements for businesses who collect and use biometric identifiers for commercial purposes. Under HB 1493, a biometric identifier includes a fingerprint, voiceprint, retina, iris or other unique biological pattern or characteristic used to identify a specific individual. Commercial use includes “a purpose in furtherance of the sale or disclosure to a third party for the purpose of marketing of goods or services when such goods or services are unrelated to the initial transaction in which a person first gains possession of an individual’s biometric identifier.” This bill comes after several other states have passed similar legislation regulating the commercial use of biometric identifiers, including the Illinois Biometric Information Privacy Act (740 ILCS 14) (“BIPA”) and the Texas Statute on the Capture or Use of Biometric Identifier (Tex. Bus. & Com. Code Ann. §503.001). 

In May, Hunton & Williams is pleased to host in-person forums in its Charlotte and Dallas offices, bringing together industry experts in technology and procurement to discuss some of the most pressing legal and business issues facing customers in this space. These forums are hosted with the support of ISG. Our program topics include software audits and contract lifecycle management. These forums are designed to provide an in-depth understanding of these issues, as well as key practical and legal principles to apply on a routine basis.

This past week, several consumer actions made headlines that affect the retail industry.

Public Comment Period Extended for FTC’s Connected Car Workshop

The FTC has announced that the public now has until May 1, 2017, to submit public comment ahead of its June 28 workshop on connected cars.

On April 19, 2017, the Federal Trade Commission issued warnings to more than 90 brands and “influencers” that their social media posts should more clearly and conspicuously disclose brand connections. The warning letters follow petitions filed by consumer advocacy groups aimed at influencer advertising on Instagram. The FTC’s warning letters show that the agency is committed to capitalizing on its recent enforcement actions against brands and influencers, and will continue to scrutinize social media compliance with the Endorsement Guides.

Read the full client alert.

The Maui County Liquor Control Commission, which regulates licenses for the importation, manufacture and sale of alcohol within Maui County, has liberalized certain County rules on the sale of alcohol: holders of liquor licenses are now generally permitted to sell alcohol to customers 24 hours per day. Retailers had previously been restricted to selling alcohol during the hours of 6:00 a.m. to 11:00 p.m., while hotels were permitted to serve until 4:00 a.m. Under the new rules, both are subject to the same standards.

This past week, several consumer actions made headlines that affect the retail industry.

Grocers and Convenience Stores Argue FDA's Menu Label Rule Too Broad

The National Grocers Association (“NGA”) and the National Association of Convenience Stores (“NACS”) filed a citizen petition claiming that the FDA's final menu rule, effective on May 5, 2017, requiring calorie counts on menus for "restaurants and similar retail food establishments," is overbroad and imposes significant costs for compliance. The NGA and NACS petition makes several arguments for delaying or changing the proposed final rule, including: (1) the $1 billion compliance cost estimate over 10 years is too low, and instead the $1 billion will be "initial" costs to comply, (2) the FDA has failed to show any evidence that the rule will actually address obesity and consumer health, so the rule would violate the First Amendment, and (3) the rule sweeps in any business that sells prepared food, which was not contemplated by Congress in the Affordable Care Act. The FDA stated that it is considering the petition and an extension of time.

As media outlets recently highlighted Equal Pay Day on April 4, 2017, publicly held retailers should be aware that the focus on pay equity is becoming increasingly popular among activist shareholders. This proxy season, more than 20 publicly traded companies are facing shareholder proposals at their annual meetings to vote on whether they should research and report on pay gaps by gender and race.

With less than two months before the May 31 deadline for public companies to report to the Securities and Exchange Commission (“SEC”) on the inclusion of conflict minerals in their products, the United States District Court for the District of Columbia entered a final judgment in National Association of Manufacturers v. Securities and Exchange Commission, the litigation surrounding the SEC conflict minerals rule. This alert provides a summary of legal developments over the past year on the topic of conflict minerals, including the SEC’s most recent action, and provides our ...

This past week, several consumer actions were made that affect the retail industry.

NetSpend Settles Deceptive Advertising Claims with FTC

NetSpend Corp recently agreed to settle FTC allegations that the company deceived consumers about access to funds deposited to debit cards. The FTC voted to approve the stipulated final order, with Commissioner McSweeney and former Commissioner Ramirez voting to approve and Acting Chairman Ohlhausen dissenting.

Product recalls are on the rise in many industries. As regulatory and consumer protection standards get tougher, product supply chains are becoming more complex. This increases the risk of errors, defects and contamination at all levels of operation. Too often, these problems do not manifest themselves until after a product hits the market. All of this can lead to staggering expenses for food and product manufacturers facing the risks and realities of product recalls.

On April 3, 2017, the Antitrust Division of the U.S. Department of Justice announced that it completed its review of Danone S.A.’s acquisition of The WhiteWave Foods Company Inc. (“WhiteWave”). In order to allow the $12.5 billion acquisition to proceed, the Antitrust Division is requiring Danone to divest the Stonyfield Farms business to an independent buyer approved by the U.S. government.

In March 2017, Syed Ahmad, a partner with Hunton & Williams LLP’s insurance practice, and Eileen Garczynski, partner at insurance brokerage Ames & Gough, co-authored an article, Protecting Company Assets with Cyber Liability Insurance, in Mealey’s Data Privacy Law Report. The article describes why cyber liability insurance is necessary for companies and provides tips on how it can make a big difference. Ahmad and Garczynski discuss critical questions companies seeking to protect company assets through cyber insurance should be asking.

Read the full article.

March was an eventful month in the world of recalls. Children’s products have always been a CPSC focus, and for good reason. A recent study by Nationwide Children’s Hospital examined data over a 21-year period and found that a young child visits the emergency room for an accident involving a nursey product about every eight minutes. That is roughly 66,000 children annually. Last month alone, children’s products were the subject of six recalls. That trend continued in March as six children’s products were again recalled—infant caps, toys, games, sleepwear, bibs and rattles. The CPSC also approved unanimously a new federal safety standard for infant bath tubs. This serves as a notable development because, under the 1981 Amendments to the Consumer Product Safety Act, the CPSC must defer to an existing industry standard if it adequately addresses the risk and fosters adequate compliance. Accordingly, the CPSC has only issued 37 safety standards and roughly one-third of them (14) are for children’s products. The new standard serves as additional evidence that the CPSC is taking a more proactive approach to regulating children’s products.

This past week, several consumer actions made headlines that affect the retail industry.

Health App Makers Settle with NY Attorney General Over Heart Rate Claims and Murky Privacy Policies 

Three mobile health app developers have agreed to a settlement with the NY AG over allegations that they made false claims about their apps’ ability to measure vital statistics and failed to inform users what data the apps collected and stored. The app makers promised their products accurately measured heart rates and detected fetal heart beats, but the NY AG alleged the companies lacked sufficient information to back these claims. The companies’ privacy policies also neglected to inform consumers that the apps collected and stored sensitive information such as unique device identifiers and geolocation data. The app developers have agreed collectively to pay the AG $30,000 in penalties, revise their privacy policies to enhance disclosure and require users’ affirmative consent, and refrain from making misleading claims about their products.

As posted on the Hunton Privacy and Information Security Law blog, recently, Virginia passed an amendment to its data breach notification law that adds state income tax information to the types of data that require notification to the Virginia Office of the Attorney General in the event of unauthorized access and acquisition of such data. Under the amended law, an employer or payroll service provider must notify the Virginia Office of the Attorney General after the discovery or notification of unauthorized access and acquisition of unencrypted and unredacted computerized data containing a Virginia resident’s taxpayer identification number in combination with the income tax withheld for that taxpayer.