December 15, 2018

December 14, 2018

Subscribe to Latest Legal News and Analysis

December 13, 2018

Subscribe to Latest Legal News and Analysis

December 12, 2018

Subscribe to Latest Legal News and Analysis

California Pioneers IoT Security Legislation

California’s governor recently signed into law a bill requiring connected device manufacturers to include “reasonable” security features for connected devices sold in California. The law doesn’t go into effect until January 1, 2020, and requires that the devices have security “appropriate to the nature and function of the device” and appropriate to the type of information collected. The security measures should also guard against breaches. Reasonable measures include, where appropriate, having a unique, preprogrammed password or making people create a password before using the device the first time.

The law specifically states that it is not imposing obligations on IoT manufacturers with regard to third-party software or applications that a user might choose to add to their connected device. Although the law follows many recent data breaches, it does not include a private right of action.

Putting it Into Practice: Manufacturers of connected devices should take note of this law, which shows that regulators are concerned that appropriate measures are taken to ensure consumer security.

Copyright © 2018, Sheppard Mullin Richter & Hampton LLP.


About this Author

Liisa Thomas, Sheppard Mullin Law Firm, Chicago, Cybersecurity Law Attorney

Liisa Thomas, a partner based in the firm’s Chicago and London offices, is Co-Chair of the Privacy and Cybersecurity Practice. Her clients rely on her ability to create clarity in a sea of confusing legal requirements and describe her as “extremely responsive, while providing thoughtful legal analysis combined with real world practical advice.” Liisa is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and...

Pavel Sternberg, Sheppard Mullin, intellectual property lawyer

Pavel Sternberg is an associate in the Intellectual Property Practice group in the firm's San Francisco office.

Areas of Practice

Mr. Sternberg has strong research and analysis skills and specialized knowledge of privacy and data security, including health privacy, consumer protection laws, and data breach response. He is certified as a CIPP/US and CIPM by the IAPP.