CALL US: 206.533.3854
CALL US  206.533.3854
By Toma Cristian, Cristian Ciurea and Ion Ivan - http://jmeds.eu/index.php/jmeds/article/view/105, CC BY 3.0, https://commons.wikimedia.org/w/index.php?curid=48377298

New California Law Regulates “Internet of Things”

“Internet of Things”
Is getting regulated;
California leads

On January 1, 2020, California became the first state to specifically regulate the security of web-connected devices – commonly called “Internet of Things” (IoT) devices.

The new law, Cal. Civ. Code § 1798.91.04, says that:

A manufacturer of a connected device shall equip the device with a reasonable security feature or features that are all of the following:

  1. Appropriate to the nature and function of the device.
  2. Appropriate to the information it may collect, contain, or transmit.
  3. Designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure.

It’s deemed a “reasonable” security feature if either of the following requirements are met:

  1. The preprogrammed password is unique to each device manufactured.
  2. The device contains a security feature that requires a user to generate a new means of authentication before access is granted to the device for the first time.

A “connected devices” is “any device or other physical object that’s capable of connecting to the Internet, directly or indirectly, and that’s assigned an Internet Protocol address or Bluetooth address.”

This includes a broad range of devices, including “old school” technology like printers as well as newer technology such as “smart” refrigerators and digital assistants like Alexa.

(The hacking of a smart fridge network was a plot point on HBO’s Silicon Valley.)

The new California IoT law doesn’t apply to devices that are regulated by federal law, such as medical devices.

(The hacking of the Vice-President’s internet-connected pacemaker was a plot point in the series Homeland.)

The new law will be enforced by California’s Attorney General and does not provide for private rights of action by consumers affected by failures to comply with the law.

An Oregon IoT law, passed after California’s, also took effect on January 1. The Oregon law applies only to devices used primarily for family, personal, or household purposes.

The UK is also apparently planning to provide similar IoT device regulations.


Just like the haiku above, we like to keep our posts short and sweet. Hopefully, you found this bite-sized information helpful. If you would like more information, please do not hesitate to contact us here.

Related Articles

Federal Circuit: Letter Triggers On-Sale Bar in Patent Case

The Federal Circuit reversed and remanded a district court’s finding that patents were not invalid under the on-sale bar, finding that a letter sent to ...
Read More

Vibes, Trade Dress, and AI

As the New York Times recently reported, one online influencer is suing another, claiming she stole her “vibes.” As the Times explains, The oversize beige ...
Read More

Jury Awards Netlist $118 Million in Second Samsung Patent Infringement Case

A federal jury in Texas has awarded Netlist $118 million in damages for patent infringement by Samsung. Netlist, founded in 2000, is a Delaware company ...
Read More

Let's work together.

Contact us to set up a meeting with an attorney or team member.

Stay Informed

Sign up to receive Patent Poetry—a monthly roundup of key IP issues in our signature haiku format. Four articles (only 68 syllables); zero hassle.

SECTORS

HIGH
TECHNOLOGY

Artificial Intelligence

Blockchain & Cryptocurrency

Computer Technology & Software

Consumer Electronics

Electrical Devices

MECHANICAL
& PRODUCTS​

Cleantech

Mechanical Devices

Consumer & Retail Products

Hardware & Tools

Toys & Games

LIFE SCIENCES
& CHEMISTRY​

Biotechnology

Chemical Compounds

Digital Health

Healthcare Products

Pharmaceuticals

BRANDING
& CREATIVE​

Books & Publications

Brand Creation

Luxury Products

Photography & Video

Product Design

call us  206.533.3854