Internet of Things legislation in the US

The governor of California signed the first Internet of things (IoT) security law in the USA (SB-327).  According to the law, the manufacturers of connected devices are responsible for equipping their devices ‘with reasonable security measures to protect them from unauthorized access, use, destruction, disclosure, or modification by hackers’. The bill explains that the installed security features should be ‘…appropriate to the nature and function of the device, appropriate to the information it may collect, contain, or transmit, and designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure..’. The law, which is scheduled to go into effect in January 2020, does not specify means for enforcement, so it will be up to the California attorney general to decide on the matter.