From California bill regulates IoT for first time in US, Naked Security (Sept. 13, 2018):
The State legislature approved SB-327 Information privacy: connected devices’ last Thursday and handed it over to the Governor to sign. The legislation introduces security requirements for connected devices sold in the US. It defines them as any device that connects directly or indirectly to the internet and has an IP or Bluetooth address. That covers an awful lot of devices.
The legislation says:
This bill, beginning on January 1, 2020, would require a manufacturer of a connected device, as those terms are defined, to equip the device with a reasonable security feature or features that are appropriate to the nature and function of the device, appropriate to the information it may collect, contain, or transmit, and designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure, as specified.
H/T PinHawk Legal Technology Digest (Sept. 14, 2018). — Joe