Kaye Tells Whirlpool His Office's IoT Report to Be Ready Soon

Expect a separate, early report on the Internet of Thing (IoT) prior to the one being worked on by CPSC staff. This one would be from Commissioner Elliot Kaye's office. Look for it in early 2019, he told visitors from Whirlpool, who met with the five commissioners December 13.

He characterized it as a discussion opener and acknowledged that his office cannot be the source of final expertise. Indeed, he said he welcomed contrary, even oppositional, feedback. He said the impetus was his desire that sufficient urgency be given to IoT safety as well as the need of industry to better understand safety vulnerabilities. He had mentioned the project in October when discussing IoT work in the FY2019 operating plan.

The pending release of his staff's paper arose in a discussion of safety and IoT adoption. That conversation touched on issues that have become typical – safety worries about a range of issues like faulty updates but also potential benefits like recall effectiveness or product monitoring.

Nathan Mouw, director of Whirlpool's product safety team, said the monitoring aspect could be promising. Data sent from units could identify operating conditions that trigger safety investigations. He later observed, however, that how to handle such data must be sorted out. If monitoring indicates an X% chance of something happening, what response would be appropriate and when triggered?

As for a general approach, Mouw pointed to existing voluntary standards as a start. They establish the safety expectations for products, so the challenge for SDOs is ensuring both that mandates continue to be met in connected devices and that IoT adaptations do not introduce new hazards.

On recall data generally, Laura Siegrist, Whirlpool's government relations manager, pointed to a challenge manufacturers face with retailers. Who bought a product often is not information sellers are comfortable sharing for competitiveness reasons. Thus, the makers often use third parties for customer contacts. Each retailer has different demands and needs. She wondered if CPSC has a role – not to demand behavior but, for example, to recommend best practices.

On the other hand, Mouw noted the IoT potential of better recall registration rates but said traditional consumer reluctance likely would remain a challenge. Companies would need to ensure that the contact information they provide would not be used for other purposes like marketing, he said.

Kaye agreed it is a challenge, adding that single companies cannot not always effectively reassure customers about privacy. Lone bad actors can affect the reputation of an industry because consumers might not distinguish between the good and bad.

Related to Mouw's observation about using existing standards, UL staff recently told CPSCers about a strategy of setting broad IoT safety expectations to be adapted for particular standards (PSL, 11/19/18). They said the hope is that panels will initiate actions themselves but indicated willingness to prompt projects if needed.

At the November meeting, CPSC staffers told the UL visitors that the timing of their report was uncertain but that the later it comes out in FY2019, the more thorough it will be.

Commissioners added the project to the FY2019 operating plan via an amendment offered by Kaye (PSL, 10/15/18). They will identify and outline the statuses of CPSC's IoT efforts. At the October decisional meeting, Kaye urged them to go beyond the directive and to provide timelines and strategies.

Other points arising at the meeting with Kaye included:

• Counterfeits: For Whirlpool and the appliance industry generally, Mouw said, the problem leans more towards replaceable parts and aftermarket accessories than to whole products. The discussion revolved around the trigger for CPSC with counterfeits – clear safety problems. Those affects both how fakes are handled at the border by Customs and whether CPSC will act. For example, with the concern about counterfeit water filter replacements for refrigerators (PSL, 5/21/18), Kaye said, agency staff want strong data. Additionally, handling them at the ports can be complicated, he noted. Their potential safety defects are not obvious, being inside the casings, so they need more attention than do some other products. He pointed to the 15(j) example of hair dryers that lack readily observable immersion protection devices as easily noticed safety defects.

 

• Company Standards: Mouw lauded Whirlpool's internal requirements, which he said often go beyond what is expected by standards and rules. Moreover, he said, the company's practices have pushed voluntary standards advances. He pointed to recent UL provisions for containment of clothes dryer fires originating in loads or bases (PSL, 12/10/18). Kaye urged telling CPSC about such "above and beyond" practices.

 

• Compliance Programs: Mouw explained his company's product safety program, which involves a panel of four senior level people (including him) that reports directly to the CEO to avoid competing needs if under another division. Aspects include safety audits, forced failures, defined roles and responsibilities, training and setting competency expectations. There also are keyword-based complaint reviews that can trigger escalation to safety investigations and related responses. Kaye asserted that companies need to have good compliance programs, and he said he has been surprised at otherwise sophisticated companies that lack them. The value of CPSC's recent compliance program seminar arose (watch a three-hour recording at bit.ly/2PE4OJr).