California Law IoT Devised to Have “Reasonable Security Feature”

Robinson+Cole Data Privacy + Security Insider
Contact
LinkedIn
Facebook
X
Send
Embed

[author: John Souza]*

On September 28, 2018, California passed Senate Bill No. 327, Chapter 886, which regulates the security of all internet of things (IoT) devices sold in California.  Collectively, IoT broadly refers to all internet-enabled devices and includes everything from doorbells and lamps to cell phones and wearable devices. This bill, beginning on January 1, 2020, will require a manufacturer of a connected device to equip the device with “a reasonable security feature or features” to “protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure.” Additionally, this California law requires that any device capable of authentication outside a local area network either have a pre-programmed password that is unique to each device or require users to generate a new password before users are granted access to the device for the first time.

California’s passage of Senate Bill No. 327 indicates the government’s acknowledgement of the growing threat cyber-attacks pose to these popular technologies. Currently, there are approximately 7 billion internet-enabled devices in the world and this number is expected to reach 21.5 billion by 2025. This increase in widespread adoption of connected devices has amplified the growth of cyber-attacks. Specifically, many internet-enabled devices currently sold to consumers provide either no password protection or the same default login credentials across all devices, which make these devices exceptionally vulnerable to cyber-attacks. California’s Senate Bill No. 327 attempts to combat this with its revamped password requirements.

While California’s passage of Senate Bill No. 327 marks a positive step towards increased security for internet-enabled devices, deficient password requirements are only one of the many shortcomings that make internet-enabled devices vulnerable to cyber-attacks.

 

*This post was co-authored by John Souza, candidate juris doctor 2019, Roger Williams University School of Law. John is not yet admitted to practice law.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Robinson+Cole Data Privacy + Security Insider
Contact
more
less

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide