Tag Archives: risk

Cybersecurity

Food Defense in the Age of AI: Are We Prepared?

By Radojka Barycki
No Comments
Cybersecurity

I watched a movie last year where a woman was being framed for murder using her facial features that were captured by a technology used in a bus that allowed passengers to get in based on facial recognition. In the movie, the woman, who was a cop, was investigating suspicious activity relating to the research of the facial recognition self-driven bus that a high-profile tech company was trying to approve for massive production and introduction into the market. The cop was getting too close to confirm her suspicions. So, the tech company got her face profile and embedded it in a video where another person was killing an executive of the company. This got me thinking about how we use face recognition nowadays and how technology is included in everything we do. So, I pose the question: are we at risk in the food industry in terms of Food Defense?

Recent cybersecurity attacks in the food industry have highlighted the urgency of this question. For instance, in 2021, the world’s largest meat processing company fell victim to a ransomware attack that disrupted its operations across North America and Australia. The company had to shut down several plants, leading to significant financial losses and potential supply chain disruptions.

Similarly, earlier that year, a cyberattack targeted a U.S. water treatment facility, where hackers attempted to alter the chemical levels in the water supply. Although this attack was prevented, it underscored the vulnerabilities within critical infrastructure systems, including those related to food production and safety.

Additionally, in 2022, a large fresh produce processing company experienced a cyber incident that disrupted its operations. The attack temporarily halted production and distribution of packaged salads and other products, causing delays and financial losses. The company paid $11M in ransom to the hackers to restitute order for their operations. This incident further underscores the importance of cybersecurity in the food industry and the potential risks posed by inadequate security measures.

These incidents illustrate the growing threat of cyberattacks in the food industry and the potential consequences of inadequate cybersecurity measures. As technology becomes more integrated into food production, processing, and distribution, the need for robust food defense strategies that encompass cybersecurity has never been more critical.

Understanding Food Defense
Food defense refers to the protection of food products from intentional contamination or adulteration by biological, chemical, physical, or radiological agents. Unlike food safety, which focuses on unintentional contamination, food defense addresses the deliberate actions of individuals or groups aiming to cause harm. In an era where technology permeates every aspect of food production, processing, and distribution, ensuring robust cybersecurity measures is crucial for effective food defense.

The Intentional Adulteration Rule, part of the FDA’s Food Safety Modernization Act (FSMA), mandates measures to safeguard the food supply from deliberate adulteration aimed at causing large-scale public health harm. Key requirements of this rule include conducting vulnerability assessments, implementing mitigation strategies, performing monitoring, verification, and corrective actions, as well as providing employee training and maintaining thorough records.

The Intersection of Technology and Food Defense
The integration of advanced technology into the food industry brings numerous benefits, such as increased efficiency, improved traceability, and enhanced quality control. However, it also introduces new vulnerabilities that can be exploited by cybercriminals. As technology becomes more sophisticated, so do the methods employed by those who seek to manipulate or sabotage our food supply.

AI and Technology: A Double-Edged Sword
Artificial intelligence (AI) and other advanced technologies are revolutionizing the food industry. Automated systems, IoT devices, and data analytics enhance productivity and provide real-time monitoring capabilities. However, these technologies also present new avenues for white-collar crime and cyberattacks. For instance, a cybercriminal could hack into a food processing plant’s control system, altering ingredient ratios or contaminating products, which could lead to widespread public health crises.

Pros and Cons of Using AI and Technology in Food Safety
The adoption of AI and technology in the food industry has both advantages and disadvantages:
Pros:
1. Enhanced Efficiency: Automation and AI can streamline food production processes, reducing human error and increasing output. This leads to more consistent product quality and improved overall efficiency.
2. Improved Traceability: Advanced tracking systems allow for real-time monitoring of food products throughout the supply chain. This enhances the ability to trace the source of contamination quickly, thereby reducing the impact of foodborne illness outbreaks.
3. Predictive Analytics: AI can analyze vast amounts of data to predict potential risks and prevent contamination before it occurs. This proactive approach can significantly enhance food safety.
4. Real-Time Monitoring: IoT devices and sensors can provide continuous monitoring of environmental conditions, ensuring that food storage and transportation are maintained within safe parameters.

Cons:
1. Cybersecurity Risks: As seen in recent cyberattacks, the integration of technology introduces new vulnerabilities. Hackers can exploit these weaknesses to disrupt operations or intentionally contaminate food products.
2. High Implementation Costs: The initial investment in AI and advanced technologies can be substantial. Small and medium-sized enterprises may find it challenging to afford these technologies.
3. Dependence on Technology: Over-reliance on technology can be problematic if systems fail or are compromised. It is essential to have robust backup plans and manual processes in place.
4. Privacy Concerns: The use of AI and data analytics involves the collection and processing of large amounts of data, raising concerns about data privacy and the potential misuse of sensitive information.

The Role of Cybersecurity in Food Defense
To safeguard against such threats, the food industry must prioritize cybersecurity as an integral component of food defense strategies. Here are key strategies to consider:
1. Conduct Regular Risk Assessments: Identify potential vulnerabilities within your technological infrastructure. Regular risk assessments can help detect weaknesses and prioritize areas needing immediate attention.
2. Implement Robust Access Controls: Ensure that only authorized personnel have access to critical systems and data. Use multi-factor authentication and monitor access logs for suspicious activity.
3. Invest in Employee Training: Employees are often the first line of defense against cyber threats. Provide comprehensive training on cybersecurity best practices, including recognizing phishing attempts and other common attack vectors.
4. Update and Patch Systems Regularly: Ensure that all software and hardware are up-to-date with the latest security patches. Regular updates can mitigate the risk of exploitation through known vulnerabilities.
5. Develop Incident Response Plans: Prepare for potential cyber incidents by developing and regularly updating incident response plans. These plans should outline specific steps to take in the event of a security breach, including communication protocols and recovery procedures.
6. Utilize Advanced Threat Detection Systems: Employ AI-driven threat detection systems that can identify and respond to unusual activity in real-time. These systems can provide an added layer of security by continuously monitoring network traffic and system behavior.
7. Collaborate with Cybersecurity Experts: Partner with cybersecurity professionals who can provide insights into emerging threats and recommend best practices tailored to the food industry’s unique challenges.

Current Efforts to Standardize the Use of AI
Recognizing the critical role of AI and technology in modern industries, including food production, international efforts are underway to standardize their use and ensure safety, security, and reliability. Two notable standards introduced recently are ISO/IEC 23053:2022 and ISO/IEC 42001:2023.
• ISO/IEC 23053:2022: This standard focuses on the transparency and interpretability of AI systems. It aims to make AI-driven processes understandable and explainable to users, which is crucial for maintaining trust and accountability. In the context of food safety, this standard can help ensure that AI decisions, such as those related to quality control and contamination detection, are transparent and can be audited.
• ISO/IEC 42001:2023: This standard provides guidelines for the governance of artificial intelligence, ensuring that AI systems are developed and used responsibly. It addresses ethical considerations, risk management, and the continuous monitoring and improvement of AI systems. For the food industry, adhering to this standard can help ensure that AI technologies are implemented in a way that supports food safety and defense.

As the food industry continues to embrace technological advancements, the importance of integrating robust cybersecurity measures into food defense strategies cannot be overstated. By understanding the potential risks and implementing proactive measures, we can protect our food supply from malicious actors and ensure the safety and security of the public. The scenario depicted in the movie may seem far-fetched, but it serves as a stark reminder of the potential consequences of unchecked technological vulnerabilities. Let us learn from fiction to fortify our reality

The author will be presenting Food Defense in the Digital Era at the Food Safety Consortium Conference. More Info

2024 FSC animated banner

Food Safety Tech Hazards Series:  Salmonella

From leafy greens to poultry, Salmonella continues to cause outbreaks and trigger recalls in food products. Experts will review the incidence of Salmonella and relevant recalls, and how companies can approach reducing the pathogen’s presence, along with a review of the incidence of Salmonella in food products and strategies that focus on prevention as the goal.

Megan Coy-Moran, AIB

Be Confident in Your PCQI’s Training

By Megan Coy Moran
No Comments
Megan Coy-Moran, AIB

With allergens being the leading cause of recalls in the U.S., accounting for approximately 47 percent of recalls as of the most recent FDA reportable food registry annual report, FDA has placed “an emphasis on preventing allergen contamination, protecting consumers, and reducing the need for food recalls.” So, when FDA makes allergen control a priority, how can you be confident that it is a priority for your team and in your facility? By providing your designated Preventive Controls Qualified Individual (PCQI) with the right PCQI training.

Introduced in the Preventative Controls for Human Food Regulation final rule that exists within the FDA’s Food Safety Modernization Act (FSMA), a PCQI is required to be on staff in all food and beverage facilities registered under section 415 of the Federal Food, Drug, and Cosmetic Act (FD&C) Act. In this role, the PCQI oversees development of the Food Safety Plan, hazard analysis, preventive controls, verification activities, and validation of process preventive controls. Further, FSMA mandates that all food manufacturing facilities conduct Hazard analysis and risk-based preventive controls (HARPC), while also implementing science-based preventive control measures to reduce the potential risk of food product adulteration. Each of these are managed by the PCQI and critical to achieving food safety.

With the goal of preventing foodborne illness and maintaining compliance with the FDA, the PCQI also needs to possess an in-depth knowledge of the facility’s Environmental Monitoring Program, food allergen controls, sanitation controls, supply chain controls, and recall plan. The importance of the PCQI’s many responsibilities means they need to have the necessary training and skills for the creation, application, and verification of these and other measures as applicable to their facility.

The PCQI’s oversight and familiarity with the Food Safety Plan also suggests they are likely the primary contact when FDA arrives at your facility for an inspection. Their ability to answer the inspector’s questions and successfully manage this process helps ensure that those visits are as concise and positive as possible. Having this single point of contact is also beneficial for the inspector, as they know they can count on the PCQI as a resource to provide them with necessary information without having to chase down multiple sources. Too, having a PCQI on site makes it easier to then implement regulatory requirements and any necessary preventive controls within the designated time, as they are already familiar with the facility and team.

The best PCQI training will prompt participants to think through real-world scenarios, preparing them to identify best practices to achieve food safety. By then putting this theory into practice in their facilities, they will help ensure compliance. Further, it is important that any course they take features consistently updated information, so you can be assured that what they are being trained on is current and accurate. For instance, when the U.S. Congress passed and President Biden signed the FASTER Act into law in April 2021, including sesame as an allergen of concern, this was an important update. As new information becomes available, their training should remain timely and accurate, ensuring that the experience is relevant and responsive to changing regulations.

Because production right now is priority and many teams are short-staffed, it can be difficult for some to find the time to travel to participate in an in-person training course. This makes online training appealing, as it can be completed when time becomes available, while also saving on travel costs.

With the right training, your PCQI will be an invaluable member of your team. By aligning priorities with regulators and prioritizing food safety throughout their responsibilities, they will improve your facility’s ability to produce safe food.

With our PCQI Online training, your PCQI will be an invaluable member of your team. By aligning priorities with regulators and prioritizing food safety throughout their responsibilities, they will improve your facility’s ability to produce safe food.

Jeff Witte, DNV

Does Your Organization Need a Tool to Assess Risks to the Psychological Well-being of Its Employees?

By Jeff Witte
No Comments
Jeff Witte, DNV

The current pandemic has faced us with unexpected feelings of uncertainty, loneliness and loss. For many people the hustling and bustling environment of productive interaction and communication was the world, within which they gladly spent most of their lives. Recognition, encouragement, appreciative looks, words of respect, collaboration, competition, and workplace friendships have been abruptly taken away. This has left us face to face with computer screens and outdated icons of co-worker’s faces.

As a result, the psychological well-being of employees has become a key factor in performance and productivity at work. To assist organizations with best practices in addressing employee well-being, the International Organization for Standardization has developed ISO 45003 standard.

ISO 45003 – Occupational health and safety management – Psychological health and safety at work – Guidelines for managing psychosocial risks, is an occupational health and safety management standard, which now covers “many areas that can impact a worker’s psychological health, including ineffective communication, excessive pressure, poor leadership and organizational culture”, as stated in the description on ISO.org. It will also help to meet the requirements of ISO 45001 (previously known as OHSAS), the world’s standard for a physical occupational health and safety management system.

Today, organizations can take preventative measures for securing their staff’s mental and physical well-being by implementing ISO 45003. This best practice guidance document covers elements such as:

  • How to identify, recognize and assess risk factors that may psychologically impair the workforce
  • How to determine necessary changes for improvement
  • How to control potential hazards and manage them effectively

Norma McCormick, Project Leader of the ISO technical committee that developed the standard, said on ISO.com, “While many have felt powerless about the impact of recent events, there are many things that can be done to build the resilience of staff and promote a strong organizational culture. This standard brings together international best practice in this area and is relevant to companies of all types and sizes.”

This global standard provides simple and practical ways for organizations to prioritize protection of employees, and others, who are associated with the organization’s activities.

This compilation of best practices will assist organizations with the recognition of psychosocial hazards and risks such as stress, bullying, harassment, violence in the workplace and the like.
These risks, if ignored or unchecked, can cause negative effects on the health, safety and well-being of employees, thus affecting total organizational performance. More importantly, these risks and hazards can lead to health conditions such as diabetes, cardio-vascular disorders and insomnia which, oftentimes, leads to behavior changes like overeating and alcohol and drug abuse.

The potential detrimental impact on employees’ commitment, productivity, and job satisfaction are clear. Organizations that do not recognize the risks and hazards, or choose to ignore them, will see increased absence from work due to sick leave, high turnover, declining quality of products and/or services, which in turn can cause additional expenses or layoffs, litigation and incident investigations resulting in low morale and damage to the brand.

If you’ve been looking for guidance and best practice in dealing with workforce health and safety in these trying times, take a look at 45003 and its potential benefits:

  1. High levels of discretionary effort
  2. Improved recruitment, retention and diversity
  3. Enhanced worker engagement
  4. Increased innovation
  5. Legal compliance
  6. Reduced absence from workplace due to stress, burnout, anxiety, and depression.1

As a guideline, ISO 45003 is a non-certifiable standard that can be assessed for compliance by an independent third party, like DNV. It can be conducted as a stand-alone assessment or in combination with an ISO 45001 (Occupational Health and Safety) management system certification audit.

Having achieved compliance to ISO 45003, you will demonstrate that you care and have the right measures in place for improvement of your workers’ health and well-being.

1Source: https://www.dnv.us/services/iso-45003-psychological-health-and-safety-at-work-204506

Susanne Kuehne, Decernis
Food Fraud Quick Bites

Deter, Identify and Prosecute Food Fraud

By Susanne Kuehne
No Comments
Susanne Kuehne, Decernis
Canada, food fraud
Find records of fraud such as those discussed in this column and more in the Food Fraud Database, owned and operated by Decernis, a Food Safety Tech advertiser. Image credit: Susanne Kuehne

A study from the Canadian Arrell Food Institute lays out the current status of the fight against food fraud and a comprehensive list of interventions for governments, industry, suppliers, consumers, NGOs and academia. The focus is on collaboration along all stages of the food supply chain. Examples are global harmonization of regulations and testing, implementation of traceability systems, raising awareness for food fraud, using science to identify fraud, and much more.

Resource

  1. Hanner, R.H. and Kelly, J. (June 16, 2021). “Food Fraud in Canada – Understanding the Risks and Exploring Opportunities for Leadership”. Arrell Food Institute, Department of Integrative Biology, University of Guelph.

 

Cybersecurity

As Cyber Threats Evolve, Can Food Companies Keep Up?

By Maria Fontanazza
No Comments
Cybersecurity

The recent cyberattack that shut down meat supplier JBS should be a wakeup call to the food industry. These attacks are on the rise across industries, and food operations both large and small need to be prepared. In a Q&A with Food Safety Tech, Brent Johnson, partner at Holland & Hart, breaks down key areas of vulnerability and how companies in the food industry can take proactive steps to protect their operations and ultimately, the consumer.

Food Safety Tech: Given the recent cyberattack on JBS, how vulnerable are U.S. food companies, in general, to this type of attack? How prepared are companies right now?

Brent Johnson, Holland & Hart
Brent Johnson, partner, Holland & Hart

Brent Johnson: Food companies are in the same boat as other manufacturers. Cyber threats are constantly evolving and hackers are developing increasingly sophisticated delivery systems for ransomware. Food companies are obviously focused on making and delivering safe and compliant products and getting paid for them. Cybersecurity is important, but it’s difficult for manufacturers to devote the resources necessary to make their systems bulletproof when it’s an ancillary part of their overall operations and a cost driver. Unfortunately, hackers only have one job.

We tend to think of big tech and financial services companies as the prime targets for ransomware attacks because of the critical nature of their technology and data, but food companies are really no different. Plus, unlike tech companies and the financial services industry, food companies haven’t, as a general matter, developed the robust defenses necessary to thwart attacks, so they’re easier targets.

Food Safety Tech: What is the overall impact of a cyberattack on a food company, from both a business as well as a consumer safety perspective?

Johnson: It may come as a bit of a surprise to those who don’t work in the food industry, but food production (from slaughterhouses to finished products) is highly automated and data driven. That’s one of the lessons of the JBS ransomware attack. The attack shut down meat processing facilities across the United States and elsewhere. I work in Utah and the JBS Beef Plant in Hyrum was temporarily shut down. JBS cancelled two shifts at its meatpacking operation in Greeley, Colorado where my firm has a large presence as well, because of the ransomware attack. So, the impact on a food company’s business from a successful ransomware attack is dramatic.

On the consumer safety side, a ransomware attack that impacts automated safety systems would cause significant problems for a food manufacturer. Software controls much of the food industry’s safety systems—from sanitation (equipment washdowns and predictive maintenance) to traceability (possible pathogen contamination and recalls) to ingredient monitoring (including allergen detection). Every part of a food company’s production system is traced, tracked, and verified electronically. A ransomware attack on a food maker would very likely compromise the company’s ability to produce safe products.

Food Safety Tech: What proactive steps should food companies be taking to protect themselves against a cyberattack?

Johnson: I wish there was an easy and foolproof system for food companies to implement to protect against cyber attacks, but there isn’t. The threats are always changing. The Biden Administration’s recent memorandum to corporate executives and business leaders on strengthening cyber defenses is a good starting point, however. The White House’s Deputy National Security Adviser for Cyber and Emerging Tech, Anne Neuberger, reiterated the following “Five Best Practices” from President Biden’s executive order. These practices are multifactor authentication, endpoint detection and response, aggressive monitoring for malicious activities on the company’s networks and blocking them, data encryption, and the creation of a skilled cyber security team with the ability to train employees, detect threats and patch system vulnerabilities.

Food Safety Tech: Are there specific companies within the food industry that are especially susceptible?

Johnson: Not really. Hackers are opportunistic and look for the paths of least resistance. That said, as can be seen from the recent Colonial Pipeline and JBS ransomware attacks, hackers have transitioned from the early days of going after individuals and small businesses to whale hunting. The money is better.

It’s important to observe that the recent attacks have been directed at industries that present national infrastructure concerns (oil, the food supply). There’s no evidence of any involvement by a foreign government in these attacks, but it’s a fair question as to whether the hackers, themselves, expect that the federal government will step in at some point to assist the victims of cyber attacks financially due to their critical importance.

Food Safety Tech: Where do you see the issue of cybersecurity and cyberattacks related to the food industry headed in the future?

Johnson: Other than the certainty that the attacks will increase in both intensity and sophistication, I have no prediction. It’s not a time for complacency.

magnifying glass

Surveying the Phthalate Litigation Risk to Food Companies

By Kara McCall, Stephanie Stern
1 Comment
magnifying glass

Boxed macaroni and cheese—comforting, easy, and, according to a 2017 article by The New York Times, containing “high concentrations” of “[p]otentially harmful chemicals.” Roni Caryn Rabin, The Chemicals in Your Mac and Cheese, N.Y. TIMES, June 12, 2017. Those “chemicals” referenced by the Times are phthalates—versatile organic compounds that have been the focus of increased media, advocacy, and regulatory scrutiny. But what are phthalates and what is the litigation risk to food companies who make products that contain trace amounts of this material?

Background

Phthalates are a class of organic compounds that are commonly used to soften and add flexibility to plastic.1 Ninety percent of phthalate production is used to plasticize polyvinyl chloride (PVC).2 Di-(2-ethylhexl) phthalate (DEHP) is the most commonly used phthalate plasticizer for PVC.3 Due to the prevalence of plastics in the modern world, phthalates are everywhere—from food packaging to shower curtains to gel capsules. Consequently, almost everyone is exposed to phthalates almost all of the time and most people have some level of phthalates in their system.4

Recently, various epidemiological studies have purported to associate phthalates with a range of different injuries, from postpartum depression to obesity to cancer. However, as the Agency for Toxic Substances and Disease Registry (ATSDR) stated in its 2019 toxicology profile for DEHP, these epidemiology studies are flawed because, inter alia, they often rely on spot urine samples to assess exposure, which does not provide long-term exposure estimates or consider routes of exposure.5 To date, claims regarding the effects of low-level phthalate exposure on humans are not supported by human toxicology studies. Instead, phthalate toxicology has only been studied in animals, and some phthalates tested in these animal studies have demonstrated no appreciable toxicity. Two types of phthalates—DBP and DEHP—are purported to be endocrine disrupting (i.e., affecting developmental and reproductive outcomes) in laboratory animals, but only when the phthalates are administered at doses much higher than those experienced by humans.6 Indeed, there is no causal evidence linking any injuries to the low-level phthalate exposure that humans generally experience. Nonetheless, advocacy and government groups have extrapolated from these animal studies to conclude that DEHP may possibly adversely affect human reproduction or development if exposures are sufficiently high.7 Indeed, in the past two decades, a number of regulatory authorities began taking steps to regulate certain phthalates. Most notably:

  • In 2005, the European Commission identified DBP, DEHP, and BBP as reproductive toxicants (Directive 2005/84/EC), and the European Union banned the use of these phthalates as ingredients in cosmetics (Directive 2005/90/EC).
  • In 2008, Congress banned the use of DBP, DEHP, and BBP in children’s toys at concentrations higher than 0.1%. See 15 U.S.C. § 2057c.
  • The EU added four phthalates (BBP, DEHP, DBP, and DIBP) to the EU’s list of Substances of Very High Concern (SVHCs) and, subsequently, to its Authorization List, which lists substances that cannot be placed on the market or used after a given date, unless authorization is granted for specific uses. BBP, DEHP, DBP, and DIBP were banned as of February 21, 2015, except for the use of these phthalates in the packaging of medicinal products.
  • In 2012, the FDA issued a statement discouraging the use of DBP and DEHP in drugs and biologic products. At the time, the agency said that these phthalates could have negative effects on human endocrine systems and potentially cause reproductive and developmental problems.8

More recently, phthalate exposure through food has become a trending topic among consumer advocates. Phthalates are not used in food, but can migrate into food through phthalates-containing materials during food processing, storing, transportation, and preparation. Certain studies report that ingestion of food accounts for the predominant source of phthalate exposure in adults and children. However, in assessing DEHP, the ATSDR noted that the current literature on “contamination of foodstuffs comes from outside the United States or does not reflect typical exposures of U.S. consumers; therefore, it is uncertain whether and for which products this information can be used in U.S.-centered exposure and risk calculations.”9 Further, the concentration of phthalates found in food are very low-level—multiples lower than the doses used in animal toxicology studies.10

In 2017, a study published on the advocacy site “kleanupkraft.org” stated that phthalates were detected in 29 of 30 macaroni and cheese boxes tested.11 The study notes that “DEHP was found most often in the highest amounts.” Notably, however, the “amounts” are provided without any context, likely because there is no universally accepted threshold of unsafe phthalate consumption. Thus, although the boxed macaroni and cheese study found “that DEHP, DEP, DIBP, and DBP were frequently detected in the cheese items tested,” and “[t]he average DEHP concentration was 25 times higher than DBP, and five times higher than DEP,” none of this explains whether these numbers are uniquely high and/or dangerous to humans. Meanwhile, on December 10, 2019, the European Food Safety Authority announced an updated risk assessment of DBP, BBP, DEHP, DINP, and DIDP, and found that current exposure to these phthalates from food is not of concern for public health.12

Phthalate Litigation

For years, phthalates in food have been targeted by environmental groups seeking to eliminate use of phthalates in food packaging and handling equipment. Most recently, several lawsuits were filed against boxed macaroni and cheese manufacturers alleging misrepresentation and false advertising due to their undisclosed alleged phthalate contamination. See, e.g., McCarthy, et al. v. Annie’s Homegrown, Inc., Case No. 21-cv-02415 (N.D. Cal. Apr. 2, 2021). Perhaps acknowledging that the amounts contained in the food packages have not been shown to present any danger, these claims are being pursued as consumer fraud claims based on failure to identify phthalates as an ingredient, rather than as personal injury claims.

Besides this recent litigation, however, there has been a notable dearth of phthalate litigation. This is likely due to several factors: First, in general, courts have rejected false claim lawsuits involving trace amounts of a contaminant chemical. See, e.g., Tran v. Sioux Honey Ass’n, Coop., 471 F. Supp. 3d 1019, 1025 (C.D. Cal. 2020) (collecting cases). For example, in Axon v. Citrus World, Inc., 354 F. Supp. 3d 170 (E.D.N.Y. 2018), the Court dismissed plaintiff’s claim that the use of the word “natural” constituted false advertising because the product contained trace amounts of weed killer. Id. at 182–84. The Court based this dismissal, in part, on the fact that the trace amounts of the commonly used pesticide was “not an ‘ingredient’ added to defendant’s products; rather, it is a substance introduced through the growing process.” Id. at 183. Similarly, phthalate is not an intentionally added ingredient—instead, it is a substance introduced, if at all, in trace amounts at various points throughout the manufacturing, handling, and packaging process. Second, proving that phthalate exposure from a particular food item caused an alleged injury would be extremely difficult. As mentioned above, there is no direct scientific evidence linking low-level phthalate exposure in humans to reproductive problems, cancer, or any other injury. Instead, plaintiffs must rely on animal studies where the subject, most commonly a rat, was exposed to enormous amounts of phthalates, many multiples of the amount that would be found in food. Moreover, the pervasive nature of phthalates makes it difficult to pinpoint any particular product as the source of the injury. If every food item a plaintiff ever consumed has been touched by a phthalate-containing material, it seems near impossible to prove that one particular food caused the alleged injury.

Although phthalate litigation has thus far proven unpopular, this landscape could change in the near future due to increased regulatory scrutiny. On December 20, 2019, the EPA stated that DEHP, DIBP, DBP, BBP, and dicyclohexyl phthalate were five of 20 high-priority chemicals undergoing risk evaluation pursuant to the Toxic Substances Control Act.13 The categorization of these phthalates as high-priority initiates a three- to three-and-a-half-year risk evaluation process, which concludes in a finding of whether the chemical substance presents an unreasonable risk of injury to health or the environment under the conditions of use.14 Although the same causation and product identification issues will remain, a revised risk analysis by the EPA may lead to increased phthalate litigation.

The views expressed in this article are exclusively those of the authors and do not necessarily reflect those of Sidley Austin LLP and its partners. This article has been prepared for informational purposes only and does not constitute legal advice. This information is not intended to create, and receipt of it does not constitute, a lawyer-client relationship. Readers should not act upon this without seeking advice from professional advisers.

References

  1. The most commonly used phthalates are di-(2-ethylhexyl) phthalate (DEHP), diisononyl phthalate (DINP), benzyl butyl phthalate (BBP), di-n-butyl phthalate (DBP), and diethyl phthalate (DEP). See Angela Giuliani, et al., Critical Review of the Presence of Phthalates in Food and Evidence of Their Biological Impact, 17 INT. J. ENVIRON. RES. PUBLIC HEALTH 5655 (2020).
  2. COWI A/S, Data on Manufacture, Import, Export, Uses and Releases of Dibutyl Phthalate (DBP), As Well As Information on Potential Alternatives To Its Use 10-11 (Jan. 29, 2009). http://echa.europa.eu/documents/10162/
    13640/tech_rep_dbp_en.pdf (observing European Council for Plasticizers and Intermediates (ECPI)); Agency for Toxic Substances & Disease Registry, DI-n-BUTYL PHTHALATE, Production, Import/Export, Use, and Disposal (Jan. 3, 2013). http://www.atsdr.cdc.gov/ToxProfiles/tp135-c5.pdf; Peter M. Lorz, et al., Phthalic Acid and Derivatives. ULLMANN’S ENCYCLOPEDIA OF INDUSTRIAL CHEMISTRY (Wiley-VCH: Weinheim, 2000); Lowell Center for Sustainable Production, Phthalates and Their Alternatives: Health and Environmental Concerns 4 (Jan. 2011). https://www.sustainableproduction.org/downloads/PhthalateAlternatives-January2011.pdf.
  3.  Michael D. Shelby, NTP-CERHER Monograph on the Potential Human Reproductive and Developmental Effects of Di (2-Ethylhexyl) Phthalate (DEHP). National Toxicology Program, HHS. NIH Publication No. 06-4476 at 2–3 (Nov. 2006).
  4.  See Chris E. Talsness, et al., Components of Plastic: Experimental Studies in Animals and Relevance for Human Health, 364 PHIL. TRANS. R. SOC. B 2079, 2080 (2009). https://www.ncbi.nlm.nih.gov/pmc/articles/PMC2873015/pdf/rstb20080281.pdf.
  5. Agency for Toxic Substances & Disease Registry, Toxicology Profile for Di(2-Ethylhexyl) Phthalate (DEHP), Draft for Public Comment 3 (Dec. 2019). https://www.atsdr.cdc.gov/toxprofiles/tp9.pdf.
  6. FDA Guidance for Industry, Limiting the Use of Certain Phthalates as Excipients in CDER-Regulated Products. HHS, FDA. (Dec. 2012).
  7. NIH Publication No. 06-4476 at 2–3, supra n.3.
  8. FDA Guidance for Industry. Limiting the Use of Certain Phthalates as Excipients in CDER-Regulated Products. HHS, FDA. (Dec. 2012).
  9. Toxicology Profile for Di(2-Ethylhexyl) Phthalate (DEHP) at 362, supra n.5.
  10. Compare id. at 5 (measuring effects of phthalate oral exposure in mg/kg/day) with Samantha E. Serrano, et al., Phthalates and diet: a review of the food monitoring and epidemiology data, 13 ENVIRON. HEALTH 43 (2014) (measuring phthalate concentration in food in μg/kg).
  11. Testing Finds Industrial Chemical Phthalates in Cheese, Coalition for Safer Food Processing and Packaging. http://kleanupkraft.org/data-summary.pdf.
  12. FAQ: phthalates in plastic food contact materials. European Food Safety Authority. (Dec. 10, 2019).
  13. EPA Finalizes List of Next 20 Chemicals to Undergo Risk Evaluation under TSCA. U.S. Environmental Protection Agency. (Dec. 20, 2019).
  14.  Risk Evaluations for Existing Chemicals under TSCA. U.S. Environmental Protection Agency.
Julie Holt, Decernis
FST Soapbox

California Proposition 65: Every Company Should Know Their Risk

By Julie Holt
No Comments
Julie Holt, Decernis

Known officially as The California Safe Drinking Water and Toxic Enforcement Act of 1986, California Proposition 65 reaches far beyond state boundaries and has potential regulatory implications for almost any company that manufactures, imports, and / or sells products containing listed chemicals in the state. California Prop 65 prohibits the sale of a product in California that knowingly and intentionally exposes an individual to a California Office of Environmental Health Hazard Assessment (OEHHA) listed chemical without a specific stated warning. For many food and supplement companies, the risk of opportunistic litigation based on California Prop 65 drives the need to monitor updates, new amendments and enforcement of the law.

Prop 65 Background

California Proposition 65, also known by the shortened name Prop 65, is not a ban on products or ingredients. The law is intended to inform consumers in California about exposure to a list of chemicals exceeding a defined level in products for sale, including product packaging. The regulation mandates a warning label for exposure to chemicals at a level that could cause cancer, birth defects or other reproductive harm. Guidance for upper limits (“Safe Harbor Level”) on chemicals is based on expected daily exposure. If no Safe Harbor Level exists for a chemical, the product containing a listed chemical must include a warning, unless the exposure level can be proven to not pose a significant risk of causing harm.

With the size of the California economy and the interconnected U.S. supply chain, the state law effectively reaches other states and U.S. importers. More recently, the Prop 65 requirements impact online and catalog sales, which have increased significantly during the global pandemic.

Know Your Suppliers

All companies need to proactively evaluate and document Prop 65 risks. Enforcement occurs primarily through civil litigation, resulting in specialized legal firms profiting from a company’s ignorance of the law’s extent. Even the threat of publicity from a lawsuit can cause targeted companies to settle a case.
At each point of manufacturing and distribution—supplier, manufacturer, packager, importer or distributor—regulatory teams should ask about Prop 65 compliance. The main point of responsibility is at the manufacturer, but a retailer can also be obligated for introducing a chemical at point-of-sale.

What’s New with Prop 65

The OEHHA issues notices regarding amendments to the California Code of Regulations Title 27, Article 6, covering “Clear and Reasonable Warnings”. Recently the OEHHA requested public comments on proposed amendments that would modify the content and methods for providing “short-form” warnings. The short form was originally intended for products with restricted label space.

The proposed rule would modify the existing short-form warning provisions to:

  • Only allow use of the short-form warning on products with five square inches or less of label space.
  • Eliminate use of short-form warnings for products sold via the Internet and catalogs.
  • Clarify how short-form warnings can be used for food products.
  • Require the name of at least one chemical be included in the short-form warning.

Bottomline: Know Your Business and Risk

As an advisor with more than 20 years of regulatory compliance experience in food and food ingredients, my guidance for business best practice on Prop 65 is to be proactive, maintain supply chain knowledge, and understand risk. Regulatory or legal staff, or consultant teams specializing in Prop 65, should regularly monitor for additions to the chemical list and rulemaking changes to the far-reaching law.

Roberto Bellavia, Kestrel
FST Soapbox

How Integrated Compliance Management Systems Maximize Efficiency

By Roberto Bellavia
No Comments
Roberto Bellavia, Kestrel

Managing the complexities of a management system is challenging for any food and beverage company, particularly for the team tasked with implementing the system throughout the organization. That is because every regulatory agency (e.g., FDA, USDA, OSHA, EPA) and voluntary certification (e.g., GFSI-benchmarked standards, gluten-free, organic, ISO) calls for companies to fulfill compliance requirements—many of which overlap. Supply chain and internal requirements can create further complications and confusion.

In today’s “New Era of Smarter Food Safety,” having a common system to organize, manage and track compliance offers an ideal solution. Dynamic tools are becoming available—systems that can manage employee training, pest control, laboratory testing, supply chain management tools, regulatory compliance and certification requirements, etc.

Unfortunately, these systems are often not set up to “talk” to each other, leaving company representatives to navigate many systems, databases, folders, and documents housed in many different locations.

The Solution: Compliance Management Systems

An integrated compliance management system (CMS) is intended to bring all these tools together to create one system that effectively manages compliance requirements, enables staff to carry out daily tasks and manage operations, and supports operational decision making by tracking and trending data that is collected daily by the team charged with implementation.

A CMS is used to coordinate, organize, control, analyze and visualize information to help organizations remain in compliance and operate efficiently. A successful CMS thinks beyond just access to documents; it manages the processes, knowledge and work that is critical to helping identify and control business risks. That may include the following:

  • Ensuring only authorized employees can access the right information.
  • Consolidating documents and records in a centralized location to provide easy access
  • Setting up formal business practices, processes and procedures
  • Implementing compliance and certification programs
  • Monitoring and measuring performance
  • Supporting continuous improvements
  • Documenting decisions and how they are made
  • Capturing institutional knowledge and transferring that into a sustainable system
  • Using task management and tracking tools to understand how people are doing their work
  • Enabling data trending and predictive analytics

CMS Case Study: Boston Sword and Tuna

In early 2019, Boston Sword and Tuna (BST) began the process of achieving SQF food safety certification. We initially started working with BST on the development, training and implementation of the program requirements to the SQF code for certification—including developing guidance documents for a new site under construction.

The process of attaining SQF certification included the development of a register of SQF requirements in Microsoft SharePoint, which has since evolved into a more comprehensive approach to overall data and compliance management. “We didn’t plan to build a paperless food safety management system,” explains BST President Larry Dore, “until we implemented our SQF food safety management program and realized that we needed a better way to manage data.”

We worked with BST to structure the company’s SharePoint CMS according to existing BST food safety management processes to support its certification requirements and overall food safety management program. This has included developing a number of modules/tools to support ongoing compliance efforts and providing online/remote training in the management of the site and a paperless data collection module.

The BST CMS has been designed to support daily task activities with reminders and specific workflows that ensure proper records verifications are carried out as required. The system houses tools and forms, standards/regulatory registers, and calendars for tracking action items, including the following:

  • Ambient Temperature
  • Corrective and Preventive Action (CAPA)
  • Chemical Inventory/Safety Data Sheets (SDS)
  • Compliance Management
  • Customer Complaints
  • Document Control
  • Employee Health Check
  • Food Safety Meetings Management Program
  • Forklift Inspections
  • Good Manufacturing Practices (GMP) Audit
  • SQF Register
  • Maintenance (requests/work orders/assets/repairs)
  • Nightly Cleaning Inspections
  • Operational/Pre-Operational Inspections
  • Sanitation Pre-Op Inspections
  • Scale Calibration
  • Sharp/Knife Inspections
  • Shipping/Receiving Logs
  • Thawing Temperature Log
  • Thermometer Calibration

Key Considerations for Designing a Successful CMS

An effective CMS requires an understanding of technology, operational needs, regulatory compliance obligations and certification requirements, as well as the bigger picture of the company’s overall strategy. There are several key considerations that can help ensure companies end up with the right CMS and efficiency tools to provide an integrated system that supports the organization for the long term.

Before design can even begin, it is important to first determine where you are starting by conducting an inventory of existing systems. This includes not only identifying how you are currently managing your compliance and certification requirements, but also assessing how well those current systems (or parts of them) are working for the organization.

As with many projects, design should begin with the end in mind. What are the business drivers that are guiding your system? What are the outcomes you want to achieve through your system (e.g., create efficiencies, provide remote access, reduce duplication of effort, produce real-time reports, respond to regulatory requirements, foster teamwork and communication)? Assuming that managing compliance and certification requirements is a fundamental objective of the CMS, having a solid understanding of those requirements is key to building the system. These requirements should be documented so they can be built into the CMS for efficient tracking and management.

While you may not build everything from the start, defining the ultimate desired end state will allow for development to proceed so every module is aligned under the CMS. Understand that building a CMS is a process, and different organizations will be comfortable with different paces and budgets. Establish priorities (i.e., the most important items on your list), schedule and budget. Doing so will allow you to determine whether to tackle the full system at once or develop one module at a time. For many, it makes sense to start with existing processes that work well and transition those first. Priorities should be set based on ease of implementation, compliance risk, business improvement and value to the company.

Finally, the CMS will not work well without getting the right people involved—and that can include many different people at various points in the process (e.g., end user entering data in the plant, management reviewing reports and metrics, system administrator, office staff). The system should be designed to reflect the daily routines of those employees who will be using it. Modules should build off existing routines, tasks, and activities to create familiarity and encourage adoption. A truly user-friendly system will be something that meets the needs of all parties.

Driving Value and Compliance Efficiency

When thoughtfully designed, a CMS can provide significant value by creating compliance efficiencies that improve the company’s ability to create consistent and reliable compliance performance. “Our system is allowing us to actually use data analytics for decision making and continuous opportunity,” said Dore. “Plus, it is making remote activities much more practical and efficient”.

For BST, the CMS also:

  • Provides central management of inspection schedules, forms, and other requirements.
  • Increases productivity through reductions in prep time and redundant/manual data entry.
  • Improves data access/availability for reporting and planning purposes.
  • Effectively monitors operational activities to ensure compliance and certifications standards are met.
  • Allows data to be submitted directly and immediately into SharePoint so it can be reviewed, analyzed, etc. in real time.
  • Creates workflow and process automation, including automated notifications to allow for real-time improvements.
  • Allows follow-up actions to be assigned and sent to those who need them.

All these things work together to help the company reduce compliance risk, create efficiencies, provide operational flexibility, and generate business improvement and value.

Mitzi Baum, Stop Foodborne Illness
Food Safety Culture Club

Our Petition to USDA: The Time for Change Is Now

By Mitzi Baum
1 Comment
Mitzi Baum, Stop Foodborne Illness

On January 25, 2021 Stop Foodborne Illness (STOP), in collaboration with Center for Science in the Public Interest, Consumer Reports, Consumer Federation of America and five STOP constituent advocates filed a petition with USDA Food Safety Inspection Service (FSIS) to reform and modernize poultry inspections. The goal of these reforms is to reduce the incidence of Salmonella and Campylobacter contamination in raw poultry thus drastically decreasing foodborne illnesses due to these pathogens.

According to the CDC, in 2019, these two pathogens combined were responsible for more than 70% of foodborne illnesses in the United States. As Mike Taylor, former FDA Deputy Commissioner for Foods and Veterinary Medicine, shares in his
Op-Ed, the time for change is now as the current regulatory framework is inadequate and has not delivered the desired results of reducing Salmonella and Campylobacter outbreaks.

Today, the USDA’s mark of inspection is stamped on poultry, although birds may exceed the performance standards; there are no clear consequences for establishments that do not meet the current guidelines. Without science-based standards or penalties for non-compliance, the burden of this problem falls upon consumers.

At STOP, we share the voices of consumers whose lives have been altered due to preventable problems such as this. Our constituent advocates share their journeys through severe foodborne illness to share the WHY of food safety. Real people, real lives are impacted when we do not demand action. STOP board member, Amanda Craten, shares her son Noah’s story:

“My toddler suddenly came down with a fever and diarrhea, but it wasn’t until weeks later that I learned that his symptoms, which nearly killed him, were caused by a multi-drug resistant strain of Salmonella.

After being admitted to the hospital, his doctors found abscesses in the front of his brain caused by infection and they were creating pressure on his brain. He underwent surgery and weeks of antibiotic treatments.

My 18-month son was seriously injured and permanently disabled as a result of Salmonella-contaminated chicken.” – Amanda Craten.

Unfortunately, Noah’s story is not rare, which is why Amanda supports this petition for change and has provided a powerful video about Noah’s foodborne disease journey and his life now.

Because there are too many stories like Noah’s, STOP and its partner consumer advocacy organizations want to work with FSIS and industry to:

  1. Develop real benchmarks that focus on reduction of known, harmful pathogens in poultry
  2. Modernize standards to reflect current science
  3. Implement on-farm control measures
  4. Re-envision the standards to focus on the risk to public health

As a new administration begins, capitalizing on this opportunity to modernize poultry inspection that can benefit consumers and the food industry makes sense. STOP and its partners are hopeful that leadership at USDA/FSIS will take this opportunity to create consequential and relevant change. Ultimately, this transformation will reduce the incidence of foodborne illness due to contamination of poultry and increase consumer confidence in the USDA’s mark of inspection. Please comment on this petition.

Have you been impacted by foodborne illness? Tell STOP Foodborne Illness about it.