The Future of Product Liability and IoT
Recapping the UW’s 2019 Product Liability Conference
Recently, I had the opportunity to be a speaker at the University of Wisconsin-Madison’s 31st Annual Product Liability Conference. Year over year participating in this conference, my colleagues and I at Clarion Safety have found these events hosted by the UW’s College of Engineering Professional Development to be both gratifying in sharing thoughts that safety engineers at industrial and commercial equipment manufacturers can apply to their everyday work and inspiring to hear from other thought leaders in product safety.
This year’s 3-day conference focused on emerging topics or concerns for product safety management professionals, with my session honing in on warnings and instructions for domestic and global markets. I used examples from my work with the ANSI and ISO standards – and with heading Clarion Safety’s standards compliance initiatives, helping safety engineers solve their product liability and warnings challenges – to explain the groundwork that standardization provides, touching on new updates and real-life cases.
My fellow presenters continued on this theme of leading-edge issues in product safety management, lecturing on important topics that effect not only machine safety and product liability, but the global safety industry and its future. What I found particularly interesting were the topics on the Internet of Things (IoT) and how modern technology is impacting product liability.
is the Internet of Things (IoT)?
As we inch closer and closer to the year 2020, most people would find it hard to imagine a life without the Internet. In terms of convenience, the wealth of information at our disposal, connectivity, learning opportunities and the entertainment value alone, the Internet has made massive improvements to our personal and professional lives. With that, though, comes some disadvantages, particularly related to data protection and product liability. In a nutshell, the IoT is a host of technologies and applications that equip devices and locations to populate all kinds of information. Essentially, IoT is where physical products meet the Internet to communicate data. Some everyday IoT products we all regularly use include smartphones, vehicles, home security, medical devices and more. With over eight billion Internet-connected products currently in use, security threats to our private, personal data is an unfortunate (and ever-increasing) likelihood.
of IoT’s Impact
Remember the widely publicized, large-scale Target hack back in 2013? This was due to an HVAC vendor’s weakened software security, which allowed access to the vendor’s log-on credentials. This, in turn, allowed Target’s customer database to be cyber hacked and breached. Information from up to 40 million credit and debit cards was stolen. In 2017, Target agreed to pay $18.5 million for the debacle. Another publicized attack took place in October 2016 when a series of distributed denial-of-service attacks (DDoS attacks) targeted systems operated by Domain Name System (DNS) provider Dyn. The attack employed hundreds of thousands of devices and tens of millions of messages from IoT devices (baby monitors, printers, IP cameras) with weakened security. Through malware, bots sent trillions of bits of data per second to Dyn’s servers, the largest data breach in history. As a result, major companies like Netflix, Twitter and PayPal were shut down. It’s estimated that the disruption lost companies up to $100 million in revenue and sales.
An even more alarming example: In July 2015, Wired magazine reported on a hack where the critical safety systems of a Chrysler Jeep were taken control of remotely. As a result, 1.4 million effected vehicles were recalled within days and the company was subjected to a government investigation. While IoT brings about progressive new apps and software platforms, it also has the ability to unleash a wave of potentially weakened entry points, giving way to privacy and security information that can ultimately be collected and sold. In the case of Fiat-Chrysler, IoT breaches can potentially cause bodily harm – even death.
and Legal Liability in the IoT Products Landscape
These lapses in security in IOT products naturally increase the risk of litigation and product recalls. While there are currently no established standards governing IoT products, headway is being made. To reduce the potential for data breaches, bodily harm and litigation, companies are now employing more and more experts, from software engineers to cybersecurity specialists (safety specialists), to assess products during various phases of development. The Federal Trade Commission recommends that several of a company’s departments, including hardware designers/engineers, software and app developers, IT security, privacy personnel, marketing and legal, be involved in anticipating security issues. Privacy and security should be included in the design process, not considered an afterthought, and security protections should always be in place.
Interestingly, insurance companies are starting to add IoT conditions to their coverage policies for cyber-related risks arising from malicious acts and non-malicious acts involving both tangible and intangible assets. Underwriters Laboratory has developed an ANSI and FDA approved Cybersecurity Assurance Program (UL CAP) to help vendors minimize cybersecurity risks by:
- Assessing software vulnerabilities
- Minimizing exploitation
- Addressing known malware
- Reviewing security controls
- Increasing security awareness
More companies are now critically reviewing everything from design processes/product testing, product warranties, data storage, supply chains, and corrective actions and recalls to minimize potential IoT threats and their devastating aftermaths. They’re also considering foreseeable tampering, code defects, vulnerabilities, malfunctions, consumer modifications, compromises and other foreseeable product uses and misuses. Are product manuals and technical data sheets communicated in a language the user will understand to avoid possible confusion? In the event of a liability suit, courts will look at all of the preventative measures a company has taken to minimize liability.
From product development to end of product lifecycle, it is now critical for product designers and manufacturers to consider all potential IoT threats to minimize product liability risks. For small to medium-sized companies, the costs of a lawsuit payout and a diminished reputation can be devastating and, oftentimes, irrecoverable.
Education in Product Liability and Warnin
What’s clear from the UW’s latest conference and ones like it is that we need to keep these important discussions on product liability and warnings ongoing – continuing to educate ourselves and others on the latest developments and viewpoints in this space. Here at Clarion Safety, my colleagues and I are dedicated to using our expertise to be an expert resource on safety compliance, whether through industry articles or presentations to other safety professionals. Our staff serve as members of the ANSI Z535 committee, U.S. TAG to ISO/TC 145 and U.S. TAG to ISO/TC 283 and are well versed in different areas of safety compliance. If your company or educational institution is hosting a product liability-related event and is interested in having one of our experts speak, please let us know. We’re readily available for speaking engagements and interviews (get in touch easily through our media inquiry form) and would be happy to align with your organization to help advance safety and minimize risk.
Angela Lambert, head of standards compliance at Clarion Safety, has fifteen years of experience in the field of warnings and liability. Angela is actively involved at the leadership level in the ANSI and ISO standards for product safety, including as a delegate representative to ANSI for the ISO/TC 145 SC2 WG 1 committee, responsible for the library of ISO 7010 registered symbols and the ISO 3864 set of standards. She’s also an expert speaker on product safety and visual safety communication at universities and associations across the country.