News & Insights  |  Media Mentions

Related Professionals

Practice Areas


Patricia O'Connell
Senior Communications Manager

Kirk Nahra Comments on California Bill Mandating Security Features for IoT Devices

September 18, 2018

Kirk J. Nahra, chair of Wiley Rein’s Privacy & Cybersecurity Practice, was quoted in a September 17 Law360 article regarding a bill passed by California lawmakers last month that could make it the first state to enact laws mandating security features for Internet of Things (IoT) devices, ranging from televisions to automobiles to refrigerators.

According to California Senate Bill 327, manufacturers of any device that connects to the Internet would need to equip it with “reasonable security features,” including ensuring that passwords to the device are not easy to hack. If the bill is signed by Gov. Jerry Brown before September 30, the legislation would take effect in January 2020.  

Mr. Nahra pointed out that the California legislation — which does not apply to manufacturers that are already regulated by the federal Health Insurance Portability and Accountability Act or California's health privacy law — is likely “to impose some additional rigor” for IoT companies that have yet to be extensively regulated, but the net effect of the new rules may be fairly limited.

“This law may have some actual impact on pushing security concerns higher on the priority list, but I'm not sure it will really do too much to make sure that companies actually go beyond what they have been doing today or thinking about today,” Nahra said.

The article can be found here (subscription required).