As internet-connected devices are getting more and more popular, lawmakers are looking at new ways to help protect consumers — and ensure their data isn’t being put at risk by the companies that hold it.
At the federal level, there have been a number of attempts to add regulations that would protect owners of internet of things devices.
The Cybersecurity Improvement Act of 2019, introduced last month by Senator Mark Warner of Virginia, would create new requirements for internet-connected devices.
The details of the bill are a bit sparse, but it would require the National Institute of Standards and Technology to develop new recommendations for device makers to follow.
Those rules would aim to shore up some of the cybersecurity shortcomings that currently plague internet-connected devices, like easy-to-guess default passwords that put millions of products and the households that have them at risk.
“The IoT Cybersecurity Improvement Act attempts to … provide light-touch guidance and security requirements for IoT devices to protect the industry and ultimately the consumer,” wrote North Carolina Rep. Ted Budd, a co-sponsor.
A number of states have gone a step further than the federal law, actually creating specific rules that device makers would have to follow.
California, often a leader in digital privacy policy, passed a bill regulating internet of things devicesin 2018. Set to go into effect on January 1, 2020,
the law will require companies to include “reasonable” security features on their products. That includes requiring shipping devices with unique passwords or forcing users to set passwords when they set up the device.
