The IOT Act is a complement to California’s IoT device security law (Cal. Civ. Code §§ 1798.91.04–1798.91.06) that went into effect on January 1, 2020. The California law, which among other things requires a manufacturer of IoT devices that are sold or offered for sale in California to equip the devices with a reasonable security feature or features that satisfy certain criteria, explicitly excludes from its scope any IoT device that is subject to security requirements under federal law, regulations, or regulatory agency guidance. Individual Data Privacy and Security An omnibus federal privacy bill known as the American Data Privacy and Protection Act [H.R 8152] has received bipartisan congressional support and represents a major step forward in its two-decade effort to enact a federal data privacy and security framework. One obstacle is the view of Congresswoman Nancy Pelosi that the proposed law may pre-empt California’s existing privacy laws. Another obstacle to passage is whether or not a private right of action is included. Data Breach Following the massive data breach at Target and media attention on data privacy, there was an initial increase in efforts to create a federal data breach notification law Senator Patrick Leahy (D-VT) first introduced a legislative proposal over a decade ago and has continued to reintroduce it but has yet to get it passed. In the meantime, enactment of the CCPA, CPRA and other copycat state data privacy laws may add momentum to efforts at the federal level to find a comprehensive law that enhances privacy rights for individuals and lessens the compliance burden on businesses.
58
Made with FlippingBook - Online Brochure Maker