Oregon has recently passed a new cybersecurity statute, joining California in requiring manufacturers of “connected devices” to equip qualifying technology with “reasonable security features.” The new law will go into force on January 1, 2020. For further analysis, visit our recent client alert.

Cheryl A. Falvey
Cheryl A. Falvey helps clients launch innovative new products while protecting their brand and reputation, avoiding and defending liability in the marketing of their products, building safety and security into their products with science-based risk assessment, and successfully navigating product safety challenges with rapid response.
An experienced trial lawyer, and a former general counsel of the United States Consumer Product Safety Commission (CPSC), Cheri defends class actions, unfair competition, product liability and other mass tort claims arising out of consumer, occupational, and environmental exposures. She also provides brand and consumer protection counseling services, with a focus on product safety and security, including the Internet of Things; privacy; anti-counterfeiting; and digital media. Cheri represents a wide range of clients, from emerging companies to multinational Fortune 500 conglomerates.
Cheri is widely recognized as a leader in her field. She is one of an elite group of attorneys to be ranked in Chambers USA, Band 1 for Product Liability: Regulatory. She is highly regarded for her considerable experience advising clients on regulatory issues, including risk assessments, product recalls and CPSC investigations.
She represents clients on litigation and counseling matters regarding:
- Compliance with statutes and regulations enforced by the CPSC, FDA, NHTSA, and the FTC.
- Handles product recalls conducted in cooperation with NHTSA, CPSC, and FDA, and defends clients in agency enforcement actions seeking civil and criminal penalties.
- Advises manufacturers faced with the potential release of unfair and inaccurate information by the government.
- Counsels and defends clients on the sale and marketing of consumer products on the Internet, including compliance with the Children's Online Privacy Protection Act, the FTC's Green Guides, and state and federal privacy laws.
Prior to joining Crowell & Moring, Cheri served as the general counsel of the CPSC. In that capacity, she oversaw all federal court litigation, including civil and criminal cases referred by the Commission to the Department of Justice. Her tenure at the CPSC included advising the agency on the implementation of the Consumer Product Safety Improvement Act, a sweeping change to its statutes that had an impact across diverse industry sectors.
Cheri serves as Vice -chair of the American Bar Association’s Consumer Products Regulation Committee, Administrative Law & Regulatory Practice Section. She was named to the National Law Journal's 2014 list of Governance, Risk & Compliance Trailblazers & Pioneers. Prior to joining the CPSC, Cheri had over 20 years of private practice experience as a partner with another international law firm where she chaired the firm's D.C. litigation practice. Cheri is also a former member of Crowell & Moring’s Management Board.
NIST Surveys and Assesses Broad Landscape of IoT Cybersecurity Standards in Interagency Report
Following a draft Interagency Report published in February, the National Institute of Standards and Technology (“NIST”) has published NISTIR 8200: Interagency Report on the Status of International Cybersecurity Standardization for the Internet of Things (IoT), which seeks to assess the “current state of international cybersecurity standards development for IoT.” In this effort, the Report defines the major areas where IoT is currently being used and evaluates various IoT cybersecurity standards commonly applied in those areas. To evaluate the surveyed IoT standards, the Report relies on a framework that breaks the standards down into twelve core areas, each of which designates a distinct, common element of cybersecurity measures.
Where IoT is Being Used the Most
To help evaluate the current understanding of cybersecurity risks involved in IoT applications and the methods used to measure them, the Report overviews major IoT technologies and how they are deployed. It then breaks down the network-connected devices, systems, and services comprising IoT into five major categories of application, explaining the common components of each:Continue Reading NIST Surveys and Assesses Broad Landscape of IoT Cybersecurity Standards in Interagency Report
New Internet of Things (IoT) NIST Draft Publication Provides Welcomed Guidance
Responding to the rise of interconnected technology, the National Institute for Standards and Technology (NIST) has recently issued an introductory document in a planned series of cybersecurity publications addressing Internet of Things (IoT) privacy risks. Open for comment through October 24, 2018, the Draft NISTIR 8228, Considerations for Managing Internet of Things (IoT) Cybersecurity and…
Report on the Autonomous Vehicle Safety Regulation World Congress 2017
The big takeaways from The Autonomous Vehicle Safety Regulation World Congress centered on the importance of a federal scheme for AV regulation and the reality of the states’ interest in traditional issues such as traffic enforcement, product liability, and insurance coverage. In keeping with those messages, the World Congress kicked off with NHTSA Deputy Administrator and Acting Director, Heidi King, speaking about NHTSA’s goals and interest followed almost immediately with wide participation from the states including California, Michigan, and Pennsylvania, among others.
Deputy Administrator King emphasized NHTSA’s desire to foster an environment of collaboration among all stakeholders, including the states. Ms. King emphasized that safety remains the top priority at NHTSA. NHTSA has provided some guidance, and looks forward to hearing from stakeholders about the best way to support and encourage growth in autonomous vehicles. NHTSA wants to provide a flexible frame work to keep the door open for private sector innovation. It is necessary to build public trust and confidence in the safety of autonomous vehicles, and that can only accomplished by all stakeholders working together.
NHTSA is working on the next version of AV guidance, having already issues its 2.0 version, with an expected release of 3.0 in 2018. The guidelines will remain voluntary, but NHTSA is ready to support entities as they try to implement the voluntary guidance. Working with the states, DOT, OEMs, and other stakeholders, NHTSA hopes to continue to be flexible and allow for rapid changes. Later in the conference lawyers emphasized the importance of compliance with the guidance in minimizing liability particularly in no-fault states such as Michigan.
Dr. Bernard Soriano, deputy director, California Department of Motor Vehicles, similarly confirmed that California’s overarching interest in regulating AV is the safe operation of vehicles on its roadways. In summarizing California’s recent October 11, 2017 release of revised regulations, he emphasized that “change happens fast,” and that the state is pleased to now be close to allowing completely driverless testing. He recognized the federal preemption on the design of the vehicle and its crashworthiness and emphasized the state’s interest in the operation of the vehicles and compliance with state traffic laws.
Continue Reading Report on the Autonomous Vehicle Safety Regulation World Congress 2017