BBB National Programs Blog

Employing AI in the recruiting and hiring process voluntarily, under the auspices of independent industry self-regulation, is often far preferable to being forced to do so under a regime of top-down government regulation.

Pop culture powerhouse Barbie teaches us that corporations can have a long-lasting impact on children and teens, and the FTC seems to agree, adopting an aggressive stance on children’s and teen privacy in the last few months. We break down what this means for companies in looking to engage a child or teen audience.

The NTIA recently issued a request for comment to gather stakeholder feedback on AI accountability measures and policies to assist in the crafting of a report on AI accountability policy and the AI assurance regime. Nearly 200 organizations responded and we pulled a diverse, representative sample of the responses to summarize stakeholder feedback on this important question.

The FTC and HHS sent a warning letter to nearly 130 hospitals and health systems cautioning them about their data privacy and security practices. Notably, these are entities that comply with HIPAA. Aren’t companies in compliance with HIPAA already covering their consumer data privacy bases? Not completely.

The NTIA’s recent request for comment focuses on a lesser documented angle in the public discourse: the role of soft law mechanisms to supplement the enforcement objectives of federal agencies. These accountability mechanisms – including compliance certifications, audits, and third-party verification practices – can serve as a policy solution to further the goals of the White House’s national strategy on AI.

Substantiating product claims is required by law and may help brands avoid an inquiry from the FTC or other regulatory bodies. The founders of The Benchmarking Company, a consumer research firm for the beauty and personal care industries, interviewed NAD attorney Jennifer Santos to uncover what every brand should know about NAD.

This piece includes a list of routine examples of consumer health information, that, at face value may have one level of risk. But, depending on the context and the risk associated with the use of that data, and whether it is combined with other data sources and data elements or made available in the public domain, it could lend itself to differing levels of regulation and enforcement activity.

While momentum continues to build around what a regulated consumer health privacy landscape looks like, the environment remains shrouded in shades of gray. To date, a risk-based approach to consumer health data does not exist, but we believe a sliding scale for the risks carried by consumer health data should.

The California Privacy Rights Act of 2020 went into effect bringing new privacy rights to California consumers and created the California Privacy Protection Agency. CCPA will continue to be enforced by the California Office of the Attorney General. Which begs the question: Whose enforcement is it anyway?

The U.S. economy is built on a fair and transparent product marketplace. It is the responsibility of companies to have adequate substantiation for health and safety claims and to hold their competitors to the same standard.