California governor signs country’s first IoT security law – CNET

James Martin/CNET

California Gov. Jerry Brown has signed into law a broad cybersecurity bill governing Internet of Things devices, making the state the first in the country to adopt such legislation.

Brown signed the bill, SB 327, on Friday. The law mandates that any maker of an Internet-connected, or “smart,” device ensure the gadget has “reasonable” security features that “protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure.”

In June, California passed a data-privacy law that some have called the nation’s toughest. It includes stopping the collection and sale of personal data upon request from consumers. The new IoT rule, however, has garnered mixed reviews.

Some observers say the law, which will go into effect on Jan. 1, 2020, is vague and doesn’t go far enough in its protections. Others, however, say California’s law will focus attention on the issue of IoT security because the state’s size effectively sets standards that will be followed throughout the country.