Menu

IoT FEATURE NEWS

Securing Devices in California: Regulations Call for Compliance By 2020

By

California has become the first state in the U.S. to put cybersecurity regulations on the ever-growing Internet of Things, giving companies who produce those devices until January 1, 2020 to include specific security features.

The legislation requires security measures for any device that can connect to the internet and that has an IP or Bluetooth address, regardless of whether it processes personal information.

The law does not include a private right of action (unlike the California Consumer Privacy Act) and can only be enforced by the state attorney general, county counsel or a district attorney.

Palo Alto-based Morrison & Foerster partner Chris Lyon, who advises companies on issues related to the collection, use, sharing, and safeguarding of data, and helps them develop strategies to comply with U.S. and international privacy and data protection laws, said about the impact  “This new law sends a strong message that California expects manufacturers of IoT devices to take the lead in building data security into their products, regardless of the nature or sensitivity of data transmitted through those devices.”

California has taken “major strides toward regulating the Internet of Things, the network of internet-connected devices that includes everything from televisions and cars, to refrigerators, fitness trackers, and baby monitors,” Lyon wrote in a short article about the new law.

When Governor Jerry Brown signed Assembly Bill 1906 and Senate Bill 327 into law, “California took major strides toward regulating the Internet of Things, the network of internet-connected devices that includes everything from televisions and cars, to refrigerators, fitness trackers, and baby monitors.”

Lyon’s article, co-authored by Allison Lauterbach Dale also explained, “The legislation focuses in particular on user authentication, requiring the manufacturer of a connected device to equip the device with reasonable measures ‘appropriate to the nature and function of the device, appropriate to the information it may collect, contain, or transmit, (and) designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure.’”

The requirement is not limited to devices that collect personal information, Lyon wrote. “In fact, the legislation makes no reference to the concept of personal information. For devices ‘equipped with a means for authentication outside a local area network,’ the law provides that either of the following will be deemed a reasonable security feature: the preprogrammed password is unique to each device manufactured, or the device contains a security feature that requires a user to create a new means of authentication before access is first granted.”

“The law creates a strong incentive for manufacturers to use one of these two approved security measures, particularly because the law provides no guidance in determining what other types of security measures will be considered reasonable,” Lyon observes.

The legislation does not regulate medical devices, nor does it apply to manufacturers who are already regulated by HIPAA or California’s health privacy law. Connected devices whose functionality is subject to federal security requirements and regulations are also not subject to the new law.

The entire article, and more information about the new regulations can be found here: https://www.mofo.com/resources/publications/181001-new-california-iot-law.html




Edited by Ken Briodagh
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

Contributing Writer

SHARE THIS ARTICLE
Related Articles

Rising Edge Computing Investments to Reach $350B by 2027, According to IDC

By: Alex Passett    3/27/2024

Worldwide spending on edge computing is expected to surge (and then keep going) for the foreseeable future, according to the International Data Corpor…

Read More

ZEDEDA Adds Lisa Edwards as New Board Member, Seeks Opportunities to Strengthen Operations and Scale

By: Alex Passett    3/26/2024

Earlier this morning, ZEDEDA announced the addition of Lisa Edwards to its board of directors.

Read More

An Existing IoT Collab, Emboldened: Digi International and Telit Cinterion Transform Solutions with 5G RedCap Integration

By: Alex Passett    3/25/2024

The ongoing industry collaboration between Digi International and Telit Cinterion signals strong support for the mainstream showcasing of 5G for IoT a…

Read More

Telit Cinterion's 5G LGA Modules, Powered by Snapdragon from Qualcomm, to Create a Big Leap in IoT Connectivity

By: Alex Passett    3/25/2024

Telit Cinterion recently unveiled its FE990B34/40 LGA family of modules, powered by the Snapdragon X72 5G Modem-RF System from Qualcomm Technologies, …

Read More

Embracing Innovation in Mining: The Role of Network-Aware Applications in the Digital Transformation

By: Special Guest    3/21/2024

Shabodi leverages private 5G network capabilities and enables the development of network-aware applications to enhance operational efficiency, automat…

Read More