March 6, 2019

 

Thank you and good morning. 

 

I would like to begin by thanking the Acting Chairman for scheduling this hearing to examine the Commission’s product safety information database, SaferProducts.gov.[1]

 

Today marks the first public hearing the Commission has held since I joined the agency back in October of last year. 

 

The work of the CPSC, and our mission to protect the public, are too important for us to become a “do nothing” agency.

 

So I welcome hearing your comments on how we can improve generally, and on SaferProducts.gov, specifically.

 

I am glad we are here today to examine one of the key marketplace surveillance tools the agency uses to hear directly from consumers, service providers, healthcare professionals, government officials and public safety entities about potentially harmful consumer products.

 

As a threshold matter, this database is only as useful as the consumers who know about it. 

 

In examining consumers’ awareness of SaferProducts.gov, the Government Accountability Office (GAO) found in 2013 that none of the participants in the GAO-convened consumer focus groups had heard of the website, and few had heard of CPSC.[2]

 

I am concerned that CPSC has not fully implemented GAO’s recommendations, including its recommendation to improve the awareness, use, and usefulness of SaferProducts.gov.[3] 

 

GAO has recommended that CPSC implement cost-effective usability improvements to the database, taking into account the results of existing usability testing.[4]

 

And while the agency has taken some steps to address this recommendation, clearly there is more work to be done.

 

I ask unanimous consent that this report be included in the record.

 

It is important that CPSC comply with the statutory directive underpinning the database. 

 

Section 212 of Consumer Product Safety Improvement Act of 2008 directs the agency to establish and maintain this database, and this section includes specific direction with respect to how information is submitted and verified, how the database is to be organized, and for the correction of inaccurate information, among other things.[5]

 

I am also mindful of the other general duties that apply to the agency’s information security management, including those arising under the Federal Information Security Management Act (FISMA).[6] 

 

In the most recent report on CPSIA Activity for Fiscal Year 2018, the CPSC Inspector General (IG) contracted with a management consulting firm to perform a review of CPSC’s compliance with FISMA reporting requirements for FY 2018.[7] 

 

That review found that CPSC was not compliant with all of FISMA’s requirements, and that the agency’s noncompliance has a direct impact on the confidentiality, integrity, and availability of SaferProducts.gov.[8] 

 

While the agency is making progress in implementing requirements, the IG reported 17 findings of noncompliance and made 52 recommendations to improve the agency’s information security posture, all of which remain open.[9]

 

I ask unanimous consent that the 2018 report be included in the record.

 

I am also aware that 8 separate IG recommendations remain open from June 2012 with respect to SaferProducts.gov.[10]

 

I ask unanimous consent that the 2012 report be included in the record.

 

This is a high dollar, high visibility program specifically called out in statute and we must do better.

 

As we work to improve SaferProducts.gov, it is incumbent that we do so with an eye toward the agency’s overall IT architecture, security and overall technical competency.

 

So it is my hope that the agency will work to close out those open recommendations and raise awareness of the website to improve its usefulness.

 

Thank you and I yield the balance of my time.

 

[1] Consumer Prod. Safety Comm’n, Publicly Available Consumer Product Safety Information Database, http://www.saferproducts.gov (last visited March 6, 2018).

[2] U.S. Gov’t Accountability Office, GAO-13-306, Consumer Product Safety Commission: Awareness, Use, and Usefulness of SaferProducts.gov 27 (2013).

[3] Id. at 31.

[4] Id.

[5] Consumer Product Safety Improvement Act of 2008, 15 U.S.C. § 2055a (2017).

[6] Federal Information Security Management Act of 2002, as amended, 44 U.S.C. § 3541 (2017). 

[7] Office of Inspector Gen., U.S. Consumer Prod. Safety Comm’n, 19-A-04, Report of Consumer Product Safety Improvement Act Activity for Fiscal Year 2018 4 (2018).

[8] Id.

[9] Id.

[10] Office of Inspector Gen., U.S. Consumer Prod. Safety Comm’n, Consumer Product Safety Risk Management System Information Security Review Report (2012).