California has become the first state to pass legislation to regulate the Internet of Things. The new law, which takes effect on January 1, 2020, applies to manufacturers of connected devices, which are defined as “any device, or physical object that is capable of connecting to the Internet, directly or indirectly, and that is assigned an [IP] address or Bluetooth address.”
Under the new law, manufacturers of connected devices must equip the device with reasonable security features that are appropriate to the “nature and function of the device” and the information that the device may “collect, contain or transmit.” Each device must also have a unique preprogrammed password. The law will not apply to any device that is already subject to federal security laws or regulations or to manufacturers are already covered by federal or state health privacy laws, including HIPAA.
It remains to be seen whether other states will follow California’s lead in enacting similar legislation. The text of the new legislation is available here. Contact us at Ossian Law P. C. regarding any information technology law matter.
© 2018 Ossian Law P.C.