Manufacturers of IOT devices face new privacy security laws in California and Oregon

Manufacturers of IOT devices face new privacy security laws in California and Oregon

Both States are the first to require security standards  for IoT devices

Manufacturers of smart microwaves, light bulbs, and other connected devices will face new security requirements in California and Oregon in 2020.

The two states are the first ones to specifically regulate the security of internet of things devices, with laws taking effect Jan. 1 2020. Other states are likely to follow, privacy and tech attorneys say.

Internet of things security is a growing concern as the number of connected devices increases. The International Data Corporation estimates that 41.6 billion internet of things devices could be operating by 2025.

Companies rushing to get devices out into the wild and  haven’t thought about security, and it’s creating  massive risks that have been growing exponentially in recent years,.

The laws include different definitions for connected devices.

California

California’s law applies to any device or object that connects directly or indirectly to the internet and is assigned an internet protocol or Bluetooth address.

Oregon

The Oregon law similarly covers devices or objects with those requirements, but only those that are used “primarily for personal, family, or household purposes.”

Manufacturers must equip connected devices with “reasonable” security features, but neither law precisely defines the term. That may pose compliance challenges for companies, attorneys said.

California’s law exempts connected devices subject to security requirements under federal law, regulations, or federal agency guidance. Under Oregon’s law, compliance with security requirements in federal laws or regulations is considered to be reasonable security.

Connected devices sold in California and Oregon will have to be equipped with reasonable security features that are appropriate to the device’s nature, function, and data it collects or transmits, and be designed to protect the device and the information from unauthorized access, use, or disclosure.

Stay up to date with all the latest data privacy news by Subscribing to the Relentless Privacy Blog 

Sharing is caring!

shares
error: Content is protected !!