Wicker Releases Investigation Report on CPSC Data Breaches
October 17, 2019
WASHINGTON – U.S. Sen. Roger Wicker, R-Miss., chairman of the Senate Committee on Commerce, Science, and Transportation, has delivered an investigation report to Acting Chairman Robert Adler of the Consumer Product Safety Commission (CPSC). The committee’s investigation centered on the CPSC’s violation of section 6(b) of the Consumer Product Safety Act (CPSA) and subsequent data breaches. As part of its oversight responsibility, the committee has been investigating the violations since April and released the final report this week.
Excerpt from the Chairman’s letter accompanying the investigative report to Acting Chairman Adler:
Under my direction, committee staff has conducted a thorough review of then-Acting Chairman Buerkle’s two letters and the documents she produced. Committee staff has also interviewed the staff responsible for the disclosures. Committee staff concluded this investigation this month, determining that accidental disclosures violating section 6(b) of the CPSA occurred because of a lack of formal training, ineffective management, and poor information technology implementation at CPSC rather than deliberate malfeasance by CPSC employees.
The lack of formal training on section 6(b) requirements for frontline CPSC employees is of particular concern. Some employees interviewed during the investigation reported learning of these requirements for the first time only after the improper disclosures were discovered. These employees were also provided a set of three difficult, often idiosyncratic software applications that convoluted the process of accessing and processing the relevant data, increasing the likelihood of inadvertent disclosure.
These findings are concerning. As then-Acting Chairman Buerkle wrote in her June 14 letter, CPSC’s Office of Inspector General (OIG) is investigating these matters further. I look forward to reviewing the OIG’s report and to working with you and your staff to improve CPSC’s internal processes and protect the consumers and manufacturers that entrust their sensitive information with CPSC.
To read the full letter, click here.
To read the full report, click here.
The Commerce Committee has jurisdiction over the CPSC and conducted its investigation as part of the committee’s oversight responsibilities over agencies within its jurisdiction.