California now has the first IoT (Internet of Things) security law in the U.S., as reported by CNET.com.  California Senate Bill No. 327 (SB-327) was signed into law on September 28, 2018, and this law will become effective on January 1, 2020.  The law requires IoT device makers to use appropriate security measures by design, and to protect device data from unauthorized access.

These new requirements are in addition to what is required by the new California Consumer Privacy Act of 2018 (CCPA).