Liberty Mobile Puerto Rico advertised that it has the “best network” and the “best coverage” in Puerto Rico and disclosed that the claims were based on an “independent study” conducted by Global Wireless Solutions (or “GWS”). Although T-Mobile didn’t challenge the results of the study, it argued that because Liberty had paid GWS to conduct the study, the connection between the two companies should be clearly disclosed, in accordance with the FTC’s Endorsement Guides.

Liberty argued that GWS provides similar services to other wireless providers and that it didn’t have a close working relationship with GWS. Although NAD acknowledged that there was “nothing unusual about the relationship between Liberty and GWS,” it determined that consumers “should be made aware of that relationship through a clear and conspicuous disclosure as it may affect the credibility and weight consumers give to the claim if they are aware that Liberty paid GWS for the study.”

During the course of the challenge, Liberty stopped using the term “independent study” and started to use a disclosure which stated, in part, that the study was “paid for by Liberty.” Although NAD was OK with the language, it had several concerns with how it was presented. NAD recommended that Liberty (a) use some mechanism to direct consumers’ attention to the disclosure; (b) place the language at the beginning of the disclosure, rather than at the end; and (c) ensure that the disclosure was large enough to be readable.

Many companies fund studies and use the results to support their claims. As NAD noted, there’s nothing unusual or problematic about this type of relationship, but it will frequently require a disclosure. We’ve often posted about these types of disclosure requirements in the context of influencers and other endorsers, but this case serves as a good reminder that the requirements apply more broadly and can encompass these types of relationships, as well.

The FTC is focused on ensuring that consumers have options when it comes to repairing products. In 2019, they held a workshop to discuss manufacturer restrictions on repair rights. In a 2021 report, they concluded there was “scant evidence to support manufacturers’ justifications for repair restrictions.” After that, they issued a Policy Statement calling for more aggressive enforcement against manufacturers that impose these restrictions. Two weeks ago, we posted about settlements with Harley-Davidson and Westinghouse. Last week, the FTC announced a third settlement, this one involving Weber.

According to the FTC, Weber’s warranty included terms that conveyed that the warranty is void if customers use or install third-party parts on their grill products. For example, the warranty on certain Summit grills stated: “[t]he use and/or installation of parts on your WEBER products that are not genuine WEBER parts will void this warranty, and any damages that result hereby are not covered by this warranty.”

As we noted in our previous post, these types of restrictions violate the Magnuson Moss Warranty Act, which broadly prohibits companies from conditioning a consumer product warranty on the consumer’s use of any article or service which is identified by brand name unless it is provided for free. Companies can, however, exclude warranty coverage for defects or damage caused by unauthorized parts or service.

As with the Harley-Davidson and Westinghouse settlements, Weber is prohibited from telling consumers that their warranties will be void if they use third-party parts, or that they should only use Weber-brand parts. Weber will be required to add specific language to its warranty saying, “Using third-party parts will not void this warranty.” If the company violates these terms, the FTC will be able to seek civil penalties of up to $46,517 per violation in federal court.

Companies that offer product warranties should take a close look at their warranty terms and related communications to ensure that they comply with the Magnuson Moss Warranty Act and developing federal and state laws specific to right to repair. We’re likely to see more of these actions on the federal and state levels.

Last week, Chelsea Handler filed a lawsuit against ThirdLove, alleging that the lingerie company failed to honor its contractual commitments to her and refused to compensate her for an advertising campaign it had hired her to spearhead.

According to the complaint, the parties negotiated and finalized a term sheet by December 21, 2021 for a one-year deal under which Handler would exclusively promote the brand. The parties exchanged drafts of the full agreement, and were allegedly close by the time the term started on January 1, 2022. In anticipation of the deal going through,  Handler started preparing for the campaign by starting an exercise program, participating in meetings, attending wardrobe fittings, and preparing for a shoot.

In addition to preparing for the campaign, Handler alleges that she turned down opportunities to work with competing companies based on the exclusivity provision in the draft agreement with ThirdLove. For example, she passed on inquiries from various athletic-wear brands, she turned down the opportunity to have another athletic-wear company purchase ads on her podcast, and she was forced to discontinue ads from an existing sponsor.

On January 26, 2022, the night before the scheduled campaign shoot, ThirdLove cancelled the agreement. Handler believes that the creative team in charge of her campaign never obtained approval from the company’s Board, and when the Board learned of the campaign right before the shoot, it didn’t want to move forward with it. Handler alleges that she tried to reach a reasonable settlement with the company, but that they ignored her requests.

Last week, Handler filed a lawsuit in California alleging breach of contract and promissory estoppel. She seeks full payment under the agreement (which is over $1 million), recovery of the expenses she incurred while preparing to perform her obligations under the agreement, and the loss of income from the brand deals she was forced to turn down pursuant to the exclusivity clause.

It’s likely that anyone who works on these types of deals will recognize some elements of this fact pattern. To the discomfort of the lawyers involved, it’s not uncommon for the parties to start work on a campaign before the agreement is signed. Although the parties usually manage to work things out in the end, this case demonstrates that not every story has a happy ending.

Among the many details to absorb in the draft amendments to the CCPA regulations published by the California Privacy Protection Agency (“CPPA”) on May 27 (the “Draft Regulations”) are new and prescriptive disclosure requirements for notices at collection and privacy policies. While these disclosure provisions (and all of the other provisions of the Draft Regulations) are subject to further changes, it is important that businesses begin to assess carefully these provisions and devise strategies for operationalizing compliance with them, especially since disclosures provide some of the most visible signals of CCPA compliance.

In this post, we summarize the Draft Regulations’ disclosure provisions and provide outline steps for businesses to consider taking to prepare for these requirements.

New Disclosure Requirements

Citing a CCPA provision that authorizes regulations to ensure that notices and information required under the CCPA are provided to consumers at the appropriate time and in a manner that may be “easily understood by the average consumer,” the Draft Regulations would create new disclosure requirements for any business engaged in the collection of consumers’ personal information.

Notice at Collection

The Draft Regulations, citing a declared purpose in the CPRA of enabling consumers to “exercise meaningful control” over businesses’ use of their information, would require businesses to provide additional details about certain aspects of their information practices at or before the point of collection. These provisions include new requirements governing first parties’ and third parties’ notice at collection disclosures.

  • Required Content of a Notice at Collection. Building on existing requirements under the CCPA, the Draft Regulations would require a business to include the following information in its notice at collection:
    • the categories of personal information collected, including sensitive personal information;
    • the purposes for which the categories of personal information are collected and used;
    • whether the categories of personal information listed are sold or shared;
    • the length of time the business intends to retain each category of personal information listed (or the criteria used to determine the retention period);
    • a link to the business’ notice of the right to opt out of the sale/sharing of personal information (or, in the case of an offline notice, where the webpage can be found online);
    • if the business allows third parties to control the collection of personal information on its property, the names of all such third parties or information about their business practices; and
    • a link to the business’ privacy policy (or, in the case of an offline notice, where the privacy policy can be found online).
  • Presentation of the Notice at Collection. The Draft Regulations also prescribe how a business must present its notice at collection. According to the Draft Regulations, it is insufficient to direct consumers to the top of a privacy policy or to require consumers to scroll to find the notice at collection disclosures. Instead, a business must include a link that takes consumers directly to the section of its privacy policy that includes the required information. The link to the notice at collection must be made “readily available where consumers will encounter it at or before the point of collection.” As an example, the Draft Regulations provide that, when a business collects personal information from a consumer via a webform, it should include a “conspicuous link” to the notice at collection in “close proximity” to either the fields where the consumer enters his/her personal information or the button the consumer hits to submit his/her personal information.
  • First and Third Party Disclosures. Based on the view that “more than one business may control the collection of a consumer’s personal information, and thus, have an obligation to provide a notice at collection,” Section 7012(g) of the Draft Regulations would require a business to include in its notice at collection extensive information about third parties that “control” the collection of personal information. In particular, the Draft Regulations provide that if a business owns a physical or digital property from which consumers’ personal information is collected (a “first party”) and allows third parties to control the collection of personal information on its property, the business must include in its notice at collection either (i) the name of all such third parties or (ii) details about such third parties’ “business practices” (which the third parties would be required to provide to the first party). Additionally, the Draft Regulations provide that if a third party collects information from the first party’s physical premises, the third-party business must provide a notice at collection “in a conspicuous manner” at the physical location(s) where it collects the information.

Privacy Policy

The Draft Regulations would also require businesses to include more granular disclosures in their privacy policies. These requirements include:

  • a detailed description of the business’ online and offline information handling practices, including a statement indicating whether the business uses or discloses sensitive personal information for purposes other than those enumerated in Section 7027(l);
  • details about the rights consumers have with respect to their personal information under the CCPA, as amended by the CPRA (which we will discuss in a subsequent blog post);
  • an explanation of how consumers can exercise their rights and what they can expect from the process, including details about how the business processes opt-out preference signals;
  • the date the privacy policy was last updated; and
  • the business’ consumer rights requests metrics for the previous calendar year (or a link to such information), where applicable.

Takeaways

While the CPPA may revise the Draft Regulations before they are finalized, the direction toward more detail in notices at collection and privacy policies – particularly about third parties – seems clear. Satisfying the notice at collection requirements in the Draft Regulations would likely present significant challenges. While the Draft Regulations provide businesses with some flexibility in terms of how they disclose the presence of third parties on their properties, presenting all of the required information in a clear and meaningful manner to consumers could be difficult. Additionally, the need to disclose extensive information about third parties could interfere with consumers’ online experiences.

To prepare for these potential changes, a valuable step for many businesses would be to take stock of the third-party information collection occurring on their sites and in their apps and to consider how to provide more detailed disclosures to consumers in a concise, intelligible, and easily accessible form.

Stay tuned for additional blog posts in which we will summarize how the Draft Regulations contemplate some of the CPRA’s other amendments to the CCPA.

*   *   *   *

Join us today for State Attorneys General 102.

TINA.org recently announced that it had filed complaints with the FTC and the Connecticut Department of Consumer Protection, urging them to investigate Hello Fresh’s marketing practices related to a campaign advertising “free” meals in order to encourage consumers to sign up for a subscription. The complaints touch on a number of issues we post about frequently, including automatic renewals, “dark patterns,” and the use of influencers. Here are some of the highlights.

TINA argues that although Hello Fresh prominently advertises “free” meals, it doesn’t actually provide consumers with free meals. Instead, HelloFresh merely provides consumers with a discount on a set number of meals over time. Notably, the marketing materials TINA attaches to the complaint include a disclosure explaining how the number of “free” meals is calculated. It will be interesting to see whether the regulators find that disclosure to be sufficient.

TINA alleges that the automatic renewal disclosures are not sufficiently clear or conspicuous. For example, they note that terms are included on the back of cards glued to mailers advertising the offer. Moreover, when consumers redeem the offer online, TINA alleges that HelloFresh only provides an abbreviated summary of the automatic renewal terms after the company has collected credit card information, in violation of the Restore Online Shoppers’ Confidence Act (or “ROSCA”).

TINA alleges that Hello Fresh employs “dark patterns” to pressure consumers into signing up for the offer. For example, when consumers start to redeem the offer online, they find a five-minute timer with the text “expiring in” that counts down and suggests that consumers will not be able to redeem the offer after the clock runs out. In reality, this just creates a “false sense of urgency” because the offer does not expire when the clock runs out.

TINA argues that Hello Fresh’s attempts to present consumers with other options when they try to cancel is also a “dark pattern” called “confirmshaming” – in other words, “guilting consumers into taking actions they had not intended.” Although various state laws require companies to make it easy for consumers to cancel subscriptions, TINA seems to take the position that even offering consumers options to change their subscriptions or obtain information about their reasons for cancelling violates ROSCA.

TINA takes issue with the way Hello Fresh’s influencers disclose their relationship to the company. Although the influencers use the #hellofreshparter hashtag, the majority of posts TINA found included that disclosure “below the fold.” In other words, consumers had to click on “more” in order to see it. The FTC has taken the position – both in a recent settlement and in their proposed edits to the Endorsement Guides – that these disclosures need to be visible without consumers having to click on anything.

It will be interesting to see whether the FTC or the Connecticut Department of Consumer Protection take action based on these complaints. Regardless of what happens in this instance, though, we’re likely to see these types of allegations repeated in many other cases over the coming year.

The FTC is focused on ensuring that consumers have options when it comes to repairing products. In 2019, they held a workshop to discuss manufacturer restrictions on repair rights. In a 2021 report, they concluded there was “scant evidence to support manufacturers’ justifications for repair restrictions.” After that, they issued a Policy Statement calling for more aggressive enforcement against manufacturers that impose these restrictions. Last week, we may have seen the start of that enforcement.

According to the FTC, Harley-Davidson and Westinghouse both included illegal terms that voided warranties if customers used anyone other than the companies and their authorized dealers to get parts or repairs for their products. For example, a Harley warranty encouraged consumers to “insist that your authorized Harley-Davidson dealer uses only genuine Harley-Davidson replacement parts and accessories to keep your Harley-Davidson motorcycle and its limited warranty intact.”

These types of restrictions violate the Magnuson Moss Warranty Act, which broadly prohibits companies from conditioning a consumer product warranty on the consumer’s use of any article or service which is identified by brand name unless it is provided for free. Companies can, however, exclude warranty coverage for defects or damage caused by unauthorized parts or service.

Under the terms of the settlements, the companies are prohibited from telling consumers that their warranties will be void if they use third-party services or parts, or that they should only use branded parts or authorized service providers. Moreover, the companies both agreed to affirmatively inform consumers of their rights. For example, warranties must disclose that “taking your product to be serviced by a repair shop that is not affiliated with or an authorized dealer of [Company] will not void this warranty. Also, using third-party parts will not void this warranty.”

While the FTC took action under existing law, federal and state legislatures continue efforts to pass legislation specific to right to repair. For example, earlier this month New York passed the first “right to repair” bill that requires all manufacturers of “digital electronic equipment” to make available to consumers and repair shops the information, tools, and spare parts needed to fix covered devices.

Companies that offer product warranties should take a close look at their warranty terms and related communications to ensure that they comply with the Magnuson Moss Warranty Act and developing federal and state laws specific to right to repair. We’re likely to see more of these actions on the federal and state levels.

Even as states continue to pass comprehensive privacy laws, Attorneys General remain active enforcing their data breach laws and utilizing their deceptive trade practice authority in the privacy space.  Just last week, 46 State AGs signed on to a settlement, which took the form of an Assurance of Voluntary Compliance, with international cruise corporation Carnival for its 2019 data breach. This breach of employee email accounts purportedly exposed sensitive personal information contained in email contents, thereby impacting state consumers. The payment to the states is $1.25 million total.

While this settlement joins a long list of AG privacy cases, it serves as a useful roadmap for companies wishing to stay on top of what AGs expectations are for data security, and what type of enforcement terms you can expect if you suffer a breach.

In its agreement, Carnival has agreed to comply with state laws prohibiting unfair and deceptive trade practices, as well as specific data security and breach notification laws, specifically in connection with securing Personal Information (as defined by state statutes) against Security Incidents, defined as confirmed unauthorized access to or acquisition of a Consumer’s personal information owned, licensed, or maintained by Carnival. It also agrees to comply with consumer protection acts with respect to representations regarding privacy and security of personal information.

Within 180 days of the effective date Carnival must maintain a comprehensive information security program, appropriate to the size and complexity of operations, nature and scope of activities, and the sensitivity of personal information. Carnival must employ a Chief Information Security Officer and must further must provide security awareness and privacy training to all personnel with access to the network or responsibility for personal information every year and after hiring.  Carnival also must update its written incident response and data breach notification plan to ensure compliance addressing preparation, detection and analysis, containment, eradication, and recovery workflows.

Carnival must further develop, implement and maintain retention of personal information policies, use email filtering and protection, establish encryption policies, and maintain an appropriate system to collect logs and monitor network activity through and establish policies to analyze security events and real time. Carnival must implement appropriate policies to audit accounts, ensure protected passwords, multifactor authentication for remote access, firewall policies, penetration testing, and conduct an annual risk assessment. The company also must obtain a risk assessment from a third party within 18 months of the effective date and provide a copy to the State of Washington for review.

While several of the specific provisions expire after 5 years, it should be apparent that State AGs will demand detailed compliance programs and continued oversight if they find a lapse in security practices.  Ensuring you have a detailed security program now and continually seeking ways to enhance your security practices are valuable ways to minimize AG scrutiny later.  Note also that some of the injunctive terms are broadly applicable even beyond the specific incident in question, which potentially can subject the company to heightened penalties should there be another, albeit unrelated, security incident.

*   *   *   *

Join us tomorrow for State Attorneys General 102. This short 30-minute webinar picks up where State Attorneys General 101 left off and answers a number of questions regarding:

  • Pre-suit/investigation notice requirements for Attorneys General
  • Additional information on the scope of Attorneys General investigative authority and how to challenge an investigation
  • Consumer Complaints: differences among the AGs on handling and use

Register here

For those not following every detail regarding the progress of the “three corners” federal privacy bill, here’s a summary of where things stand.

In brief, on June 23, the House E&C Consumer Protection Subcommittee held a markup during which it considered a substitute version of the bill (HR 8152), approved it by voice vote, and forwarded it to the full E&C Committee for consideration. The amended bill contains a host of changes, many of which push it in a more business-friendly direction. Senate Commerce Chair Cantwell is more critical of the bill than ever, and has told the media that she won’t take it up in the Senate without substantial improvements. Meanwhile, the FTC, not to be forgotten, released another notice stating that it intends to launch its “commercial surveillance” rule in June 2022. (Yeah, this month.)

That may be all that many of our readers need to know. However, for more details, read on!

The Amended Bill

As noted above, the amended bill contains lots of changes – some small, some big, and some just moving text around.  A few of the changes enhance protections for consumers, but most create more flexibility for businesses. Here are some of the changes that jumped out at us:

  • The amended bill completely revamps its approach to service providers and third parties. Instead of imposing multiple obligations on these entities directly, the bill moves closer to the GDPR-style approach of characterizing these entities as “processors” whose obligations flow primarily from the contracts with, and/or disclosures of, the first parties from whom they receive data. These changes appear in the service provider/third party provisions (§302) and elsewhere, too. For example, each provision in the bill now specifies whether it applies to service providers and/or third parties (most don’t), and the bill now defines “covered entity” as an entity or person that “alone or jointly with others determines the purposes and means of collecting, processing, or transferring covered data…” §2(9)
  • The new bill provides more leeway to engage in marketing and advertising. Of note, it adds exceptions for first party marketing and targeted advertising to the data minimization provisions (§101(b)(11) & (12)); deletes “online activities” from the sensitive data category (§2(24)); and allows the collection and processing of sensitive data, without opt in, to provide a product or service requested by an individual and for a range of other permissible purposes. §102(a)(2) (Transfers still require opt in, subject to limited exceptions. §102(a)(3)). Other provisions remain somewhat confusing in this regard. For example, the bill now excludes first party marketing from the opt out of data transfers (§204(b)(2)) but not targeted advertising. §204(c) Further, even as the bill deletes online activities from the sensitive data category, it now requires opt in for, not just the transfer, but also the collection and processing of aggregated internet search or browsing history. §102(a)(4)
  • The bill also exempts from coverage government agencies and their service providers (§2(9)(C)); broadens the exceptions for small businesses (§209); expands the provisions allowing loyalty programs (§104(b)(2)); and limits the PRA to actual damages (vs. compensatory damages). §403(a)(2) On the other hand, it expands the restrictions on “dark patterns” (§§203(b) & 204(d)); requires the FTC to develop a Unified Opt Out (i.e., no study needed) (§210); authorizes enforcement by not just state AGs, but also other “State Privacy Authorities” (§402); and settles on a “knowledge” standard (in lieu of “actual knowledge”) for determining who is a minor, with some important caveats. §205

The Markup

The markup was fairly quick and uneventful. Members on both sides of the aisle noted their support for the bipartisan effort and stressed that the bill is not the final product. Two Republicans offered amendments – Rep. Lesko to address political bias by the platforms, and Rep. Armstrong to address concerns about the enforcement, preemption, and PRA schemes – but both agreed to withdraw them in the interest of getting the bill to the full Committee. The full Committee could mark up the bill – likely, another substitute amendment – after the House’s July 4th recess.

The Challenges Ahead    

Despite quick action by the Subcommittee, the bill still faces daunting challenges with little time to resolve them. It’s late June in an election year. Some of the issues raised in response to the “discussion draft” haven’t been addressed – including, as Chairman Pallone noted at the hearing, concerns about preemption and the PRA. In addition, the changes in the amended bill create additional questions that will need to be resolved.

Perhaps the darkest cloud over the bill is the lack of support from Senator Cantwell (and her Democratic colleagues Sens. Wyden, Blumenthal, and Schatz, too.). While Cantwell was critical of the “discussion draft,” she has excoriated the revised bill, telling the Washington Post and other news outlets that it has “enforcement loopholes,” that it’s “too weak” to justify preempting state privacy laws, and that Schumer backs her decision not to even bring up the bill in the Senate. (In comments to a reporter last week, her staff also cited concerns about women’s privacy in light of the then-likely, now official, reversal of Roe v. Wade.) Meanwhile, the frustration among the bill’s sponsors is palpable, with Rep. Schakowsky snapping back at Cantwell in the press, and all of the sponsors urging Cantwell to come the table. Without Cantwell’s support, the bill has little or no chance of becoming law.

FTC Privacy Rulemaking Imminent       

Meanwhile, in an updated filing with OMB, the FTC just announced that it will launch its “commercial surveillance” rulemaking this month by issuing an Advance Notice of Proposed Rulemaking with a 60-day comment period. As a reminder for our readers, the rulemaking would follow Mag-Moss rulemaking procedures, and would be designed to “curb lax security practices, limit privacy abuses, and ensure that algorithmic decision-making does not result in unlawful discrimination.” Per Mag-Moss procedures, the ANPR will seek public comment but will not yet propose rule text.

If the FTC keeps to this schedule, that means that we will see the ANPR this week. So, for folks who are already whipsawing between privacy developments in California, Colorado, Europe, and Congress (with big news often announced on Friday nights), add this to your late-night reading list. The FTC announcement also confirms that, even if HR 8152 falters, the FTC plans to run with the ball on privacy, perhaps emboldened by the bipartisan efforts and shared concerns that propelled HR 8152 forward.

We’ll continue to track privacy developments at the federal and state level here.

*  *  *  *

Join us June 30 for State Attorneys General 102 which answers  a number of questions regarding:

  • Pre-suit/investigation notice requirements for Attorneys General
  • Additional information on the scope of Attorneys General investigative authority and how to challenge an investigation
  • Consumer Complaints: differences among the AGs on handling and use

Register here

As discussed in State Attorneys General 101, State Attorneys General are the primary enforcers of consumer protection laws within their state and hold sweeping powers to protect the public they serve by launching investigations and litigation alone or in multi-state actions involving numerous states and territories across the country.

As requested by many, please join Kelley Drye State Attorneys General practice Co-Chair Paul Singer and Senior Associate Beth Chun for State Attorneys General 102. This short 30-minute webinar picks up where we left off and answers a number of questions regarding:

  • Pre-suit/investigation notice requirements for Attorneys General
  • Additional information on the scope of Attorneys General investigative authority and how to challenge an investigation
  • Consumer Complaints: differences among the AGs on handling and use

Register here

July 20

How To Protect Employee/HR Data and Comply with Data Privacy Laws
As workforces become increasingly mobile and remote work is more the norm, employers face the challenge of balancing the protection of their employees’ personal data and privacy against the need to collect and process personal data to recruit, support and monitor their workforces. Mounting regulations attempt to curb employers’ ability to gather and utilize employee data—from its historical use in processing employee benefits and leave requests to employers’ collection, use or retention of employees’ biometric data to ensure the security of the organization’s financial or other sensitive information systems. Learn what employers can do now to protect employee data and prepare for the growing wave of data privacy laws impacting the collection and use of employee personal data.

RSVP

Find more upcoming sessions, links to replays and more here

On June 14, the House E&C Subcommittee on Consumer Protection and Commerce held a hearing to consider issues and concerns raised by the “three corners” privacy “discussion draft” released to the public June 3. As we blogged last week, the American Data Privacy and Protection Act (ADPPA) is an historic bipartisan compromise among three key committee leaders in the House and Senate (Sen. Wicker and Reps. Pallone and McMorris Rodgers). So far, it lacks the backing of the fourth, Senator Cantwell.

The hearing came together quickly, reflecting the limited time and challenges in this election year to pass a bill of this significance. The 3+ hour event showcased myriad issues and concerns that the witnesses and other stakeholders have raised with respect to the draft. Still, Subcommittee leaders pledged to keep working on the bill and expressed optimism that they might be able to pass comprehensive federal privacy legislation this year. As of this writing, we understand that there will be subcommittee markup next Thursday and a full-committee markup sometime after the July 4th recess. Continue Reading Readout on House Privacy Hearing: Wide Attendance, Lots of Issues, Full Steam Ahead