Legal Tech Corner: Developing Laws to Fit the Internet of Things

In typical California fashion, the state is leading the charge toward developing law that would regulate the Internet of Things (“IoT”). IoT devices typically include any device that connects to the internet, such as phones, tablets, home security systems, Amazon “Alexa” and other similar convenience items, thermostats, baby monitors, and even connected home security systems. California SB-327 has passed the California House and Senate and looks like it may soon be signed into law by the Governor. Although not effective until January 1, 2020, the law requires that manufacturers of IoT devices implement certain reasonable security measures into the devices themselves. It also requires manufacturers to force users to customize the password for their device, among other things.

While the law has been recently criticized for being too broad (i.e. not defining “reasonable” security measures), lawyers and tech specialists recognize that a law that is too specific in dictating tech measures may not be a “fit” for all devices. Not to mention that such measures may be outdated solutions by the time the device enters the market. Thus, it seems a balance between vagueness and specificity in the law must be struck. We expect to see some tweaks to this law prior to the final version going into effect in 2020.

Though no other state has yet passed any similar laws to the California bill, Congress has proposed an IoT bill called the SMART IoT Act (H.R. 6032) which would force the Department of Commerce to conduct a study of the IoT industry, providing the precursor to perhaps a federal IoT law.

If you have additional questions about navigating the laws relating to IoT devices, or any other cyber security legal issue, please do not hesitate to contact us at 312-368-0100.