The Rise of Internet of Things Security Laws: Part I

Pratt’s Privacy & Cybersecurity Law Report

This is the first article in a two-part series examining the enactment of California’s Internet of Things ("IoT") security law, and the wave of similar IoT laws expected to follow close behind in 2020. This part discusses the current legal landscape as it relates to the security of connected devices and takes a closer look at California’s new IoT security law—which went into effect at the start of the year. The second part, which will appear in an upcoming issue of Pratt’s Privacy & Cybersecurity Law Report, provides tips and strategies for IoT device manufacturers to comply with the IoT security regulations expected to begin to blanket the country.

At the start of the century, internet-connected devices were still a thing of science fiction. But rapid technological advances fueled a widespread proliferation of smart technology, otherwise known as the "Internet of Things"—"IoT" for short. Today, the number of IoT devices continues to expand at breakneck speed, with over 75 billion devices projected to be in use by 2025. At the same time, this technology also presents unique risks and challenges—especially as it relates to data security—with cyberattacks on IoT devices surging a staggering 300 percent in 2019. In response, legislators have sought to enact new laws governing the security of connected devices.

California recently enacted the nation’s first law for the "Security of Connected Devices," which expressly governs security requirements for manufacturers of smart devices. Companies should expect additional states enacting similar laws throughout the year. At this juncture it is essential all companies operating in the world of IoT take proactive measures to develop compliance strategies with these laws that will likely become the de facto standard for IoT security in the not-too-distant future.

To read the full article, please click here.

“The Rise of Internet of Things Security Laws: Part I,” by Jeffrey N. Rosenthal and David J. Oberly was published in the June 2020 edition of Pratt’s Privacy & Cybersecurity Law Report (Vol. 6, No. 5), an A.S. Pratt Publication, LexisNexis. Reprinted with permission.