New California Digital and IoT Security Law May Set a National Standard

The California Consumer Privacy Act (CCPA) went into effect on January 1, potentially marking the dawn of a new age for digital privacy and Internet of Things (IoT) device security. Under the law, Californians now have the right to request, review, and erase their digital profiles – personal information that has been collected by businesses. The law applies to any company that interacts with a California resident. While CCPA creates unparalleled digital privacy rights, it places the burden of responsibility on the consumer and not the business. As per the wording of the law, it grants “a consumer the right to request deletion of personal information and would require the business to delete upon receipt of a verified request.” Additionally, the CCPA requires all IoT devices sold in California to be equipped with reasonable security measures. The bill covers all personal information contained in the IoT devices as well. Under the law, a connected device is defined as any device or object that can be connected to the Internet and has an IP address or Bluetooth capability. This definition includes not only consumer devices but industrial IoT devices. Since California is home to a tenth of the U.S. population, as well as many of the nation’s largest and most profitable companies, this law could become a de facto national standard. Read the articles at ABC News and Technowize.