The Future of Product Liability and IoT
Posted by Angela Lambert | 17th Oct 2019
Recapping the UW’s 2019 Product Liability Conference
Recently, I had the opportunity to be a speaker at the University of Wisconsin-Madison’s 31 st Annual Product Liability Conference. Year over year participating in this conference, my colleagues and I at Clarion Safety have found these events hosted by the UW’s College of Engineering Professional Development to be both gratifying in sharing thoughts that safety engineers at industrial and commercial equipment manufacturers can apply to their everyday work and inspiring to hear from other thought leaders in product safety.
This year’s 3-day conference focused on emerging topics or concerns for product safety management professionals, with my session honing in on warnings and instructions for domestic and global markets. I used examples from my work with the ANSI and ISO standards – and with heading Clarion Safety’s standards compliance initiatives, helping safety engineers solve their product liability and warnings challenges – to explain the groundwork that standardization provides, touching on new updates and real-life cases.
My fellow presenters continued on this theme of leading-edge issues in product safety management, lecturing on important topics that effect not only machine safety and product liability, but the global safety industry and its future. What I found particularly interesting were the topics on the Internet of Things (IoT) and how modern technology is impacting product liability.
What
is the Internet of Things (IoT)?
As we inch closer and closer to the year 2020, most
people would find it hard to imagine a life without the Internet. In terms of
convenience, the wealth of information at our disposal, connectivity, learning
opportunities and the entertainment value alone, the Internet has made massive
improvements to our personal and professional lives. With that, though, comes
some disadvantages, particularly related to data protection and product
liability. In a nutshell, the IoT is a host of technologies and applications
that equip devices and locations to populate all kinds of information.
Essentially, IoT is where physical products meet the Internet to communicate
data. Some everyday IoT products we all regularly use include smartphones,
vehicles, home security, medical devices and more. With over eight billion
Internet-connected products currently in use, security threats to our private,
personal data is an unfortunate (and ever-increasing) likelihood.
Examples
of IoT’s Impact
Remember the widely publicized, large-scale Target
hack back in 2013? This was due to an HVAC vendor’s weakened software security,
which allowed access to the vendor’s log-on credentials. This, in turn, allowed
Target’s customer database to be cyber hacked and breached. Information from up
to 40 million credit and debit cards was stolen. In 2017, Target agreed to pay
$18.5 million for the debacle. Another publicized attack took place in October
2016 when a series of distributed denial-of-service attacks (DDoS attacks)
targeted systems operated by Domain Name System (DNS) provider Dyn. The attack
employed hundreds of thousands of devices and tens of millions of messages from
IoT devices (baby monitors, printers, IP cameras) with weakened security.
Through malware, bots sent trillions of bits of data per second to Dyn’s
servers, the largest data breach in history. As a result, major companies like
Netflix, Twitter and PayPal were shut down. It’s estimated that the disruption
lost companies up to $100 million in revenue and sales.
An even more alarming example: In July 2015, Wired magazine reported on a hack where the critical safety systems of a Chrysler Jeep were taken control of remotely. As a result, 1.4 million effected vehicles were recalled within days and the company was subjected to a government investigation. While IoT brings about progressive new apps and software platforms, it also has the ability to unleash a wave of potentially weakened entry points, giving way to privacy and security information that can ultimately be collected and sold. In the case of Fiat-Chrysler, IoT breaches can potentially cause bodily harm – even death.
Risk
and Legal Liability in the IoT Products Landscape
These lapses in security in IOT products naturally
increase the risk of litigation and product recalls. While there are currently
no established standards governing IoT products, headway is being made. To
reduce the potential for data breaches, bodily harm and litigation, companies
are now employing more and more experts, from software engineers to cybersecurity specialists (safety specialists), to assess products during various
phases of development. The Federal Trade Commission recommends that several of
a company’s departments, including hardware designers/engineers, software and
app developers, IT security, privacy personnel, marketing and legal, be
involved in anticipating security issues. Privacy and security should be
included in the design process, not considered an afterthought, and security
protections should always be in place.
Interestingly, insurance companies are starting to add IoT conditions to their coverage policies for cyber-related risks arising from malicious acts and non-malicious acts involving both tangible and intangible assets. Underwriters Laboratory has developed an ANSI and FDA approved Cybersecurity Assurance Program (UL CAP) to help vendors minimize cybersecurity risks by:
- Assessing software vulnerabilities
- Minimizing exploitation
- Addressing known malware
- Reviewing security controls
- Increasing security awareness
More companies are now critically reviewing everything from design processes/product testing, product warranties, data storage, supply chains, and corrective actions and recalls to minimize potential IoT threats and their devastating aftermaths. They’re also considering foreseeable tampering, code defects, vulnerabilities, malfunctions, consumer modifications, compromises and other foreseeable product uses and misuses. Are product manuals and technical data sheets communicated in a language the user will understand to avoid possible confusion? In the event of a liability suit, courts will look at all of the preventative measures a company has taken to minimize liability.
From product development to end of product lifecycle, it is now critical for product designers and manufacturers to consider all potential IoT threats to minimize product liability risks. For small to medium-sized companies, the costs of a lawsuit payout and a diminished reputation can be devastating and, oftentimes, irrecoverable.
Continuing
Education in Product Liability and Warning
What’s clear from the UW’s latest conference and
ones like it is that we need to keep these important discussions on product
liability and warnings ongoing – continuing to educate ourselves and others on
the latest developments and viewpoints in this space. Here at Clarion Safety,
my colleagues and I are dedicated to using
our
expertise
to be an expert resource on safety compliance,
whether through
industry articles or presentations to other
safety professionals. Our staff serve as members of the ANSI Z535 committee,
U.S. TAG to ISO/TC 145 and U.S. TAG to ISO/TC 283 and are well versed in
different areas of safety compliance. If your company or educational
institution is hosting a product liability-related event and is interested in
having one of our experts speak, please
let us
know
. We’re readily available for speaking engagements and
interviews (get in touch easily through our
media
inquiry form
) and would be happy to align with your
organization to help advance safety and minimize risk.
Angela Lambert, head of standards compliance at Clarion Safety, has fifteen years of experience in the field of warnings and liability. Angela is actively involved at the leadership level in the ANSI and ISO standards for product safety, including as a delegate representative to ANSI for the ISO/TC 145 SC2 WG 1 committee, responsible for the library of ISO 7010 registered symbols and the ISO 3864 set of standards. She’s also an expert speaker on product safety and visual safety communication at universities and associations across the country.