From January 1, 2020, two new laws concerning IoT device security and data privacy will go into effect. Most of the companies with big budgets and names along with people who build connected devices are fortunately prepared for the transition. Along with that, the new laws are beneficial to companies that have adapted to the European Union’s GPDR. Like the General Data Protection Regulation (GPDR) California Consumer Privacy Act (CCPA) will also create a significant impact on businesses.
The new laws aim to protect the consumer’s privacy and data by demanding the companies to give control of individuals’ data in their hands. Upon request, customers can delete data, prevent the sale of their data, and also prohibit companies from charging extra for protecting privacy.
SB-327 is the IoT Device Security Act, and this law demands companies that build IoT devices to provide reasonable security features for their products. The term reasonable can be considered vague because the amount of reasonable security depends on the type of data that the device collects and the functions of the device. The law wants devices to have password protection for authentication when the device is started for the first time. The companies that want to sell their connected device is California must assess their security policies or entirely revamp it.