California launched a new Internet of Things (IoT) security law Jan. 1, but there’s a chance that both it and any other similar pieces of legislation that could emerge across the nation may spend the foreseeable future living in the shadow of privacy.

The California law is one of broadest-reaching pieces of IoT legislation to touch down in the United States, requiring any and all IoT manufacturers who count California residents among their customer base to incorporate ”reasonable security measures” that protect both a device and the information it collects from unauthorized access.