Everything you need to know about California’s new IoT law

January 7th, 2019
Everything you need to know about California’s new IoT law

From baby monitors to smart refrigerators, Internet of things (IoT) devices have been taking households and businesses by storm. These grant greater convenience in our everyday lives. However, they also pose a danger to you, your family, your colleagues, and your business.

For instance, researchers discovered how cybersecurity might take a hit from businesses’ shift to IoT-powered automation. It’s predicted that millions of robots will be used in factories worldwide within the next few years, and this poses a lot of problems in terms of cybersecurity. Factory robots have weak network security and some systems use simple and unchangeable usernames and passwords. If hackers get their hands on them, it can lead to sabotage and product defects.

The first IoT-related bills failed to pass Congress

Because of smart devices-related problems, several IoT-related bills have been introduced in Congress, but none have made it to a vote. The IoT Cybersecurity Improvement Act of 2017 had an unacceptable loophole: it would have covered connected devices purchased by the government, but not electronics in general. Other bills that didn’t make the cut include the IoT Consumer TIPS Act of 2017, which would have directed the Federal Trade Commission to develop educational resources for consumers around connected devices, and the SMART IoT Act, which would have required the Department of Commerce to conduct a study on the state of the industry.

The latest bill protects IoT devices from unauthorized access

California Governor Jerry Brown signed a cybersecurity law covering “smart devices.” Senate Bill 327 was introduced in 2017 and passed the state senate in late August. Starting January 1, 2020, Senate Bill 327 will work hand-in-hand with Assembly Bill 1906 to protect Californians’ personal information and secure their devices.

SB 327 will require any manufacturer to equip their internet-connected device with one of two security features that prevent unauthorized access, modification, or information disclosure. If the connected device can be accessed outside a local area network, there should be a preprogrammed password unique to each device, or users will be required to change generic default credentials and create a unique password the first time they use their device.

Its enactment is conditional

SB 327 will only be operative if AB 1906 is also enacted and becomes effective. With AB 1906 in place, businesses that no longer wish to retain customer records with personal information must dispose of them by shredding, erasing, or making them unreadable or indecipherable. Businesses should also implement and maintain security procedures to protect their customers’ personal information from unauthorized access, destruction, use, modification, or disclosure. If a business fails to do so, their customers have the right to institute a civil action against them.

These new laws have never been more essential now that hackers seem to be able to get their hands on your personal data wherever they are. In October 2016, hackers stole personal data from more than 57 million Uber riders and drivers, which prompted Uber Technologies, Inc. to pay the hackers $100,000 to delete the stolen data and keep the attack under wraps.

If your Orange County-based business needs more information about the IoT law and how it affects your business, contact OC-IT. Benefit from our expert assistance and trusted security solutions. Call us today!

Like This Article?

Sign up below and once a month we'll send you a roundup of our most popular posts