New California Laws Ask IoT Makers for Security Features
California Gov. Jerry Brown has signed two bills that are designed to make manufacturers of Internet-connected devices more responsible for ensuring the privacy and security of Californians, as reported on GovTech.com.
The bills require manufacturers to equip connected devices with a “reasonable security feature or features” that are appropriate to their nature, function, and the information they may collect, contain, or transmit. The security features must be designed to protect the device and its information from “unauthorized access, destruction, use, modification or disclosure.”
The laws define a connected device as one with an Internet protocol (IP) or Bluetooth address that can connect directly or indirectly to the Internet.
State Senator Hannah-Beth Jackson, D-Santa Barbara, introduced similar legislation in February 2017 after learning the United States had not banned a “smart doll” called My Friend Cayla that allegedly could spy on children and families. Jackson also had concerns about the lack of security embedded in such IoT devices as microwave ovens, thermostats, and security cameras.
The question of what defines a “reasonable security feature or features” is one of many that industry groups cited in their opposition to the legislation.
“We recommend an approach that would ensure that all connected devices are compliant and secure, no matter where they are produced. These two innovation-stifling measures not only fail to protect
Jackson disagreed with the notion that the bills might create a loophole for imported devices.
“The concern, I think, is misplaced, because when the products are sold in this country, they will have to meet those standards even if they’re manufactured elsewhere,” she said.
The laws will take effect on January 1, 2020, thus giving the industry time to account for them.
Celebrate With Us!
In celebration of our new Information Management Magazine website launch, now available at magazine.arma.org, we're making our latest and most important resource, the Information Governance Body of Knowledge (IGBOK) available to you at a discounted rate (Members save $40 off of list price; Non-Members save $30 off of list price).Get Your Copy
About the Author
- Information Security (Information Protection)2019.02.04Isaza Responds to Illinois Supreme Court Ruling on Biometric Privacy
- Cloud2019.01.28Dropbox Buys Hello Sign, Adds its Coveted Workflow Capabilities
- News & Analysis2019.01.25Google Is Fined $57 Million, First Major Penalty Under Europe’s Data Privacy Law
- Information Governance2018.12.07Information Governance Body of Knowledge Published