July 9, 2020

Volume X, Number 191

July 09, 2020

Subscribe to Latest Legal News and Analysis

July 08, 2020

Subscribe to Latest Legal News and Analysis

July 07, 2020

Subscribe to Latest Legal News and Analysis

July 06, 2020

Subscribe to Latest Legal News and Analysis

California Law IoT Devised to Have “Reasonable Security Feature”

On September 28, 2018, California passed Senate Bill No. 327, Chapter 886, which regulates the security of all internet of things (IoT) devices sold in California.  Collectively, IoT broadly refers to all internet-enabled devices and includes everything from doorbells and lamps to cell phones and wearable devices. This bill, beginning on January 1, 2020, will require a manufacturer of a connected device to equip the device with “a reasonable security feature or features” to “protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure.” Additionally, this California law requires that any device capable of authentication outside a local area network either have a pre-programmed password that is unique to each device or require users to generate a new password before users are granted access to the device for the first time.

California’s passage of Senate Bill No. 327 indicates the government’s acknowledgement of the growing threat cyber-attacks pose to these popular technologies. Currently, there are approximately 7 billion internet-enabled devices in the world and this number is expected to reach 21.5 billion by 2025. This increase in widespread adoption of connected devices has amplified the growth of cyber-attacks. Specifically, many internet-enabled devices currently sold to consumers provide either no password protection or the same default login credentials across all devices, which make these devices exceptionally vulnerable to cyber-attacks. California’s Senate Bill No. 327 attempts to combat this with its revamped password requirements.

While California’s passage of Senate Bill No. 327 marks a positive step towards increased security for internet-enabled devices, deficient password requirements are only one of the many shortcomings that make internet-enabled devices vulnerable to cyber-attacks.

Copyright © 2020 Robinson & Cole LLP. All rights reserved.National Law Review, Volume IX, Number 31


About this Author

The Robinson+Cole Health Law Group serves health care and life sciences clients regionally, nationally and globally. We are experienced lawyers trained to help clients meet their business objectives within complicated legal and regulatory environments. Our team understands the challenges of competition, regulation, and resource allocation. We focus on providing practical solutions and responsive counsel to our clients.

Our Health Law Group comprises focused health care lawyers, supported by lawyers from the firm’s...