While many today returned to work after the Holiday season, things remained quieter than usual here in the nation’s capital – with many federal workers furloughed until further notice as the federal government continues to be in a partial shutdown.  President Trump is reportedly meeting with congressional leaders today ahead of Thursday’s start to a new congressional session but, at least for now, there’s no immediate end to the shutdown in sight.

Here’s how the shutdown is affecting federal agencies responsible for overseeing and enforcing advertising and privacy laws:

  • The FTC closed as of midnight December 28, 2018.  All events are postponed and website information and social media will not be updated until further notice.  While some FTC online services are available, others are not.  More information here.
  • The CPSC is also closed, although a December 18, 2018 CPSC memorandum summarizing shutdown procedures indicates that certain employees “necessary to protect against imminent threats to human safety” will be excepted employees and continue work during the shutdown.  The CPSC consumer hotline also continues to operate. Companies should remember that obligations to report potential safety hazards are not furloughed, so the mantra of “when in doubt, report” still applies, even if public announcement of a recall may be delayed.
  • Roughly 40% of FDA is furloughed according to numbers released by its parent agency, the Department of Health and Human Services.  In a post on its website, the agency explained that it will be continuing vital activities, to the extent permitted by law, including monitoring for and responding to public health issues related to the food and medical product supply.  The agency is also continuing work on activities funded by carryover user fee balances, although it is unable to accept any regulatory submissions for FY 2019 that require a fee payment.
  • Because the CFPB is funded through the Federal Reserve and not Congress, it remains in operation.

The Federal Trade Commission furthered its outreach to the mobile app developer community last week by issuing new guidance for integrating privacy and security into mobile health apps, as well as an interactive online tool for determining whether key laws apply. As referenced in Consumer Protection Bureau Director Rich’s testimony a few weeks ago, the FTC has been working with a number of other agencies to address concerns about collection, storage, and use of consumer health information in light of the proliferation of consumer-directed health technology and consumers’ engagement in this area.

To use the tool, developers answer a series of high-level questions about the nature of their app, including about its function and the data it collects. Based on the answers to those questions, the tool advises the developer about whether the FTC Act, the FTC’s Health Breach Notification Rule, HIPAA, or the Federal Food, Drug and Cosmetic Act likely applies to the app.  In some cases, the tool links out to other guidance that may be relevant for the app, such as FTC’s guidance for complying with the Health Breach Notification Rule.  The FTC developed the tool in conjunction with the Department of Health and Human Services’ Office of National Coordinator for Health Information Technology, Office for Civil Rights and the Food and Drug Administration.

Along with the tool, the FTC released recommended best practices for privacy and security in mobile health apps.  The guidance encourages developers to minimize the information their apps collect, to limit and control access to the apps and to the data they collect, and to implement “security by design.” This health-app-specific guidance builds upon the FTC’s general guidance for mobile app developers.  For those developing apps, FDA’s policies regarding whether such apps are regulated as medical devices should also be considered.

The main lesson that is underscored in all of these tools is the same: Consider the nature of the information collected and its potential use at the concept phase and rather than after development is complete.   All too often, as companies rush to submit apps for approval on an app store, legal compliance is an afterthought.  As we have learned from the 100+ privacy and data security settlements that the FTC has released, these issues can be very difficult to cure on the back end.

The Food and Drug Administration (“FDA”) has released a question and answer guide to its implementation of the fee provisions of the Food Safety Modernization Act of 2011. The purpose of the fee provisions is to allow the FDA to recover reinspection, recall noncompliance, and importer program related costs from domestic and foreign facilities and importers.

Persons responsible for facilities subject to the fees should review the guidance and note that although the FDA began assessing fees for reinspection of domestic and foreign facilities and for failure to comply with a recall order on October 1, 2011, the fees for import reinspection will not be assessed until the FDA has resolved the issues raised in comments on the fee schedule released in the August 1, 2011 Federal Register.

The Food Safety Modernization Act (FSMA), signed into law on January 4, 2011, requires the Food and Drug Administration (FDA) to undertake sweeping regulatory action to strengthen the safety of the nation’s food supply. Many of the items on FDA’s “to do” list require significant and swift action. Over the next two years, FDA must engage in a number of rulemakings and issue several guidance documents to implement the FSMA.

FDA must take certain actions in 2011, including:

  • Issue guidelines regarding new dietary ingredients in dietary supplements
  • Promulgate facility registration suspension guidelines

Several of FDA’s action items must be completed by January 4, 2012, including:

  • Issue notice of proposed rulemaking regarding safe fruit and vegetable harvest and processing
  • Designate high-risk foods requiring additional recordkeeping
  • Promulgate rules establishing the foreign supplier verification program for importers
  • Develop and publish a list of acceptable customer notification methods that grocery stores may use to post recall information

Other action items affecting a large portion of the food industry have a July 4, 2012 deadline:

  • Promulgate regulations establishing science-based minimum standards for hazard analyses and preventive controls
  • Promulgate rules regarding the sanitary transportation of food

Industry stakeholders should determine how the new law affects them and prepare to participate in the notice and comment process. For a copy of the Kelley Drye client advisory regarding the FSMA, please click here. For a timeline of all FDA actions required under the FSMA, please click here.