Hunton Retail Law Resource

This month, the US Senate Committee on Commerce, Science, and Transportation released its investigative report on the CPSC’s data handling breaches from the spring. In April, the CPSC issued notices to multiple manufacturers explaining that “nonpublic manufacturer information” was released to the public without complying with Section 6(b) of the Consumer Product Safety Act. Section 6(b) prohibits the CPSC from disclosing information reported by product manufacturers without complying with the procedures for and restrictions on the commission’s public disclosure of such information. Section 6(b) aims to incentivize manufacturers to provide more safety information without fear of public backlash. The Senate committee’s report is troubling. It found that the CPSC made “improper disclosures to 29 unique entities” that “contained information on approximately 10,900 unique manufacturers, as well as street addresses, ages, and genders of approximately 30,000 consumers.” The Senate committee reviewed “hundreds of documents and emails and conducted multiple interviews” to conclude that the CPSC’s violations of Section 6(b) “were due to a lack of training, ineffective management, and poor information technology implementation.” The report cited several examples, such as that CPSC employees had “little to no Section 6(b) training” and were provided with “three different software applications to access and process relevant data without the necessary training on how to use these often confusing and idiosyncratic systems.” The Senate committee ended with a list of recommendations for the CPSC to remedy these problems and avoid future data-handling breaches.