California Signs the First IoT Security Bill into Law, and the FTC Submits Comments to the Consumer Product Safety Commission Regarding the IoT
California’s New IoT Law
On September 28, 2018, California Governor Jerry Brown signed into law a cybersecurity bill governing Internet of Things (IoT) devices, the first law of its kind in the nation. SB 327 requires manufacturers of internet-connected, or “smart” devices, to ensure the devices have “reasonable” security features by January 1, 2020.
The law applies to any “device, or other physical object that is capable of connecting to the Internet, directly or indirectly, and that is assigned an Internet Protocol address or Bluetooth address.” This definition is broad and includes not only smart TVs, smart speakers, and other smart home devices, but also computers (laptops and desktops), connected cars, smartphones, smartwatches, and many other modern electronics.
The law does not contemplate further rulemaking, and it is unclear whether revisions to the law will be sought. Continue Reading