Products Liability Law Daily Senate Committee finds CPSC data breaches resulted from incompetence, mismanagement
Friday, October 18, 2019

Senate Committee finds CPSC data breaches resulted from incompetence, mismanagement

By Colleen Kave, J.D.

Investigation report advises agency to improve training, internal oversight.

Recently, the U.S. Senate Committee on Commerce, Science, and Transportation released a final report centered on the Consumer Product Safety Commission’s (CPSC) violation of section 6(b) of the Consumer Product Safety Act (CPSA) and subsequent data breaches. The Committee began investigating the violations in April 2019 as part of its oversight responsibility, and Committee Chairman Senator Roger Wicker (R-Miss.) delivered a letter and the final report to CPSC Acting Chairman Robert Adler this week. The report concluded that accidental disclosures violating section 6(b) of the CPSA occurred because of a lack of formal training, ineffective management, and poor information technology implementation at CPSC, rather than deliberate malfeasance by CPSC employees (U.S. Senate Committee on Commerce, Science, and Transportation Press Release, October 17, 2019).

The investigation began after a senior CPSC official informed the Committee that requests for information related to reported injuries and deaths associated with consumer products had been fulfilled by CPSC without redacting manufacturer information and consumers’ personal information, in violation of section 6(b) of the CPSA. The CPSC official expressed frustration at the lack of information about the situation from then-Acting Chairman Ann Marie Buerkle.

After sending two requests for additional information about the disclosures to then-Acting Chairman Buerkle, reviewing hundreds of documents and emails, and conducting interviews with employees who handled the disclosures, as well as their supervisors, the Committee concluded:

  • The series of improper disclosures was likely attributable to incompetence and mismanagement rather than deliberate, bad-faith efforts by senior managers or commissioners;
  • There was little to no section 6(b) training for front line employees;
  • There may not have been any official training implemented since the disclosures were discovered;
  • The systems used by front line employees for accessing CPSC data are convoluted and ineffective; and
  • Then-Acting Chairman Buerkle’s communications to the Committee concerning this matter may not have been completely accurate.

Accordingly, the Committee recommended that CPSC implement several procedures to ensure that data requests are handled appropriately. First, the agency was instructed to conduct an internal review of training programs for new hires, and to provide new hires with formal training on proper data handling procedures as well as all applicable CPSA requirements. Second, the agency should review and simplify information technology systems used to access and process data requests. Finally, CPSC was advised to implement clear and consistent review processes by which sensitive disclosures are reviewed by CPSC management to potentially include CPSC Office of General Counsel (OGC) employees.

MainStory: TopStory ReportsandStudiesNews

Back to Top

Interested in submitting an article?

Submit your information to us today!

Learn More

Product Liability Law Daily: Breaking legal news at your fingertips

Sign up today for your free trial to this daily reporting service created by attorneys, for attorneys. Stay up to date on product liability legal matters with same-day coverage of breaking news, court decisions, legislation, and regulatory activity with easy access through email or mobile app.