The California legislature had a big year in 2018. While a great deal of attention has focused on the California Consumer Privacy Act of 2018 (CCPA), a sweeping new privacy law often compared to Europe’s General Data Protection Regulation (GDPR), California also passed a less-publicized, but highly critical, statute that will regulate certain aspects of Internet of Things (IoT or connected) device security.
The IoT law, known as SB-327, should have a significant impact that extends well beyond California’s borders when it goes into effect in January 2020. Companies impacted by SB-327—especially manufacturers and distributors of IoT devices—should work to ensure compliance with the act as soon as possible if regulatory fallout is to be avoided come January 2020.