1st January 2020 will see California enact the Internet of Things (IoT) Security Law and introduce the California Consumer Privacy Act.

This follows on from the introduction of the ETSI TS 103 645 standard in February of this year, aimed at safeguarding personal data against the growing number of DDOS cyber attacks against devices connected to the internet.

The net effect will mean that entrepreneurs and businesses who look to sell IoT devices in California will need to ensure that those devices contain “reasonable security features” to safeguard the privacy of consumers in California.

Whilst broadly welcomed, industry experts caution against focusing on authentication security such a forgoing the use of default passwords.  High level device security comes from looking at the whole supply chain and having device security at the forefront of one’s mind in the design as well as the development phase to optimise against irreparable reputational damage if products are compromised.

 Stuart is one of our tech experts specialising in business solutions, corporate and commercial law.