On Friday, September 28, 2018, California Governor Jerry Brown signed the nation’s first Internet of Things cybersecurity law. Although the new law presents some compliance issues, it does not appear to conflict with federal regulatory policy, unlike some have alleged regarding the state’s recent forays into net neutrality and online privacy. However, the law’s substantive security language is quite vague – there is no guidance or definition under state law regarding how the term “reasonable” is to be applied to specific security features. And, existing FTC precedent on reasonable security has focused on the need to establish a comprehensive security program, not on individual security features. Moreover, under the law, the device manufacturer’s “reasonable” measures have to be “appropriate” to the device and the information it collects – yet another layer of ambiguity.
Cybersecurity, Privacy, & AI
Trending Now
Artificial Intelligence in Defense Contracting: What Contractors Need to Know Now • DHS Watchdog Flags Lagging Mobile Device Security, Management • Pentagon Makes Agreements With 8 Companies to Add AI to Classified Networks • CAISI Signs Agreements Regarding Frontier AI National Security Testing With Google DeepMind, Microsoft and xAI • ‘Copy Fail’ Is a Real Linux Security Crisis Wrapped in AI Slop
California Internet of Things Security Law Vague on Standards
Stay compliant and protected with daily updates on cybersecurity, data privacy, and federal oversight with our Cyber & Privacy newsletter, delivering up-to-the-minute intelligence Monday–Saturday — Subscribe here.