{"id":2921,"date":"2018-10-12T14:03:00","date_gmt":"2018-10-12T20:03:00","guid":{"rendered":"https:\/\/trustarc.com\/?post_type=resource&p=2921"},"modified":"2024-12-17T10:05:30","modified_gmt":"2024-12-17T16:05:30","slug":"california-cybersecurity-bills-s-b-327-a-b-1906","status":"publish","type":"resource","link":"https:\/\/trustarc.com\/resource\/california-cybersecurity-bills-s-b-327-a-b-1906\/","title":{"rendered":"California Companion Privacy and Cybersecurity Bills \u2013 S.B. 327 and A.B. 1906"},"content":{"rendered":"\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t\tArticles<\/strong>\n\t\t\t\t\t\t\t\t\t\t

California Companion Privacy and Cybersecurity Bills \u2013 S.B. 327 and A.B. 1906<\/h1>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\n\n\t
\n\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\"\"\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\tAnnie Greenley-Giudici<\/strong>\n\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/span>\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Bills regulate cybersecurity standards for California internet of things (IoT) devices<\/h2>\n

On September 28, 2018 California Gov. Jerry Brown signed into law two companion bills that regulate cybersecurity standards for Internet of Things (IoT) devices sold in California.<\/p>\n

S.B. 327<\/a>\u00a0and\u00a0A.B. 1906<\/a>\u00a0(the \u201cBills\u201d) require that manufacturers of connected devices sold in California outfit their products with \u201creasonable\u201d security features by January 1, 2020, the same date the\u00a0California Consumer Privacy Act<\/a>\u00a0will also take effect.<\/p>\n

The Bills require a manufacturer of a connected device to \u201cequip the device with a reasonable security feature or features that are appropriate to the nature and function of the device, appropriate to the information it may collect, contain, or transmit, and designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure, as specified.\u201d<\/p>\n

The legislation offers examples of a \u201creasonable\u201d security feature, such as making the pre-programmed passwords unique to each device manufactured and requiring a new means of authentication before access can be granted to the device for the first time.<\/p>\n

Under the new law, \u201cmanufacturer\u201d means the person who manufactures (or contracts with another person to manufacture on the person\u2019s behalf) connected devices that are sold or offered for sale in California.<\/p>\n

A \u201ccontract with another person to manufacture\u201d on the person\u2019s behalf does not include a contract only to purchase a connected device or only to purchase and brand a connected device.<\/p>\n

The scope of coverage of the new law applies to the person who manufactures or contracts with someone to manufacture the connected device for sale or offered for sale in California.<\/p>\n

For example, an electronic retailer such as Best Buy, does not have an obligation to review or enforce compliance with the bills.<\/p>\n

First state law to address IoT security<\/h2>\n

According to\u00a0Gartner<\/a><\/strong>, an estimated 20 billion devices will be online by 2020<\/strong>. As the first state or federal law to address IoT security, the California legislation will effectively become a standard for manufacturers of these devices.<\/p>\n

Currently, the IoT industry is largely self-regulated and governed by best practices as well as the Federal Trade Commission enforcement actions and guidance under its broad authority to police deceptive security practices.<\/p>\n

As companies increasingly rely on data to drive business, it is key to incorporate Privacy by Design practices, international laws like the GDPR, and forthcoming domestic legislation into privacy programs.<\/p>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t\t

\n\t\t\t\t
\n\t\t\t\t\tFollow us<\/strong>\n\t\t\t\t\t
\n\t\t\t\t\t\t\"\"<\/a>\n\t\t\t\t\t\t\"\"<\/a>\n\t\t\t\t\t\t\"\"<\/a>\n\t\t\t\t\t\tLink Copied!<\/span>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\tKey Topics<\/strong>\n\t\t\t\t\t\t