The California IoT Security Law is the first of its kind in the nation and pushes device manufacturers to adopt cybersecurity standards during the product development and design stages where none have existed before.

The widespread adoption of Internet-connected devices has shifted from a novelty to a necessity in mainstream culture. Internet connected devices or the Internet of Things (IoT) is a network of physical objects — devices, vehicles, appliances — embedded with sensors, software, and network connectivity, so they can collect, exchange, and act on data, often without human intervention.

As a society, we have become more interested in smart products such as smart home devices, phones, and toys that make life more efficient, convenient and entertaining. Yet, use of IoT devices is not without risks. At the end of last year, Ring camera, owned by Amazon, made news headlines after hackers breached the devices. There were numerous accounts of hackers obtaining access to the cameras and taunting and yelling obscenities at children, and threatening adults for bitcoin ransomware through the cameras. As a result of these hacks, Amazon is now facing a class action lawsuit claiming that the Ring camera security vulnerabilities were a result of Amazon's negligence and that it led to an invasion of privacy. See, John Baker Orange v. Ring LLC and Amazon .Com LLC, No. 2:19-cv-10899 (2019). These incidents were the motivation for the passage of California's new IoT Security Law that went into effect on Jan. 1, 2020.

Read the full article here. Requires law.com membership.