Effective Date: January 1, 2020
Governing Body: USA, California, Legislature
Full Description: Security of Connected Devices: Title 1.81.26, Part 4 of Division 3 of the Civil Code
Summary: Requires a manufacturer of a connected device, as those terms are defined, to equip the device with a reasonable security feature or features that are appropriate to the nature and function of the device, appropriate to the information it may collect, contain, or transmit, and designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure, as specified.
- Protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure.
- For devices equipped with a means for authentication outside a local area network:
- Any preprogrammed password should be unique to each device manufactured, or/and
- The device contains a security feature that requires a user to generate a new means of authentication before access is granted to the device for the first time