California now has the first IoT security law in the U.S.

California now has the first IoT (Internet of Things) security law in the U.S., as reported by CNET.com.  California Senate Bill No. 327 (SB-327) was signed into law on September 28, 2018, and this law will become effective on January 1, 2020.  The law requires IoT device makers to use appropriate security measures by design, and to protect device data from unauthorized access.

These new requirements are in addition to what is required by the new California Consumer Privacy Act of 2018 (CCPA).

Cybersecurity and Infrastructure Security Agency Act of 2018

The Cybersecurity and Infrastructure Security Agency (CISA) Act of 2018 was signed into law as of November 16, 2018.  This legislation reorganizes the National Protection and Programs Directorate (NPPD) as the Cybersecurity and Infrastructure Security Agency (CISA), a standalone federal agency in charge of cyber and physical infrastructure security.

More information is available at the Department of Homeland Security’s CISA website.

New DMCA government rules allow third party repairs of some technology products

The U.S. Copyright Office issued a new ruling effective October 28th 2018 that allows exceptions to the Digital Millennium Copyright Act of 1998 (DMCA).  Section 1201 of the DMCA was used by some companies to restrict consumer and third party use of products containing software, including smartphones, computers, motor vehicles, and home appliances. This ruling allows greater legal protection for consumers and third party companies to repair and diagnose rightfully owned technology products.

Answers to some frequently asked questions on this ruling can be found at www.copyright.gov/1201/2018/faqs.html.  General information on U.S. copyright laws is available at www.copyright.gov/help/faq/index.html.

Digital rights groups such as the Repair Association and the Electronic Frontier Foundation have issued their own responses regarding this ruling.

New federal law allows you to freeze your credit reports for free

The Federal Trade Commission (FTC) has announced that Americans nationwide can now freeze their credit reports for free.  This was made possible because of a new federal law made effective on September 21st 2018.

More information about credit freezes is at www.consumer.ftc.gov/articles/0497-credit-freeze-faqsThe FTC also requires that credit reporting agencies give consumers a free credit report once a year at www.annualcreditreport.com

 

California Consumer Privacy Act of 2018 (CCPA)

The California Consumer Privacy Act of 2018 (CCPA) (Assembly Bill AB-375) was passed on June 28th 2018 and is designed to protect the personal data of California state residents.  Companies worldwide must comply with CCPA by January 1, 2020.

The International Association of Privacy Professionals (IAPP) has published an in-depth analysis of what is required to comply with this new legislation.

General Data Protection Regulation (GDPR) goes into effect May 25th 2018

General Data Protection Regulation (GDPR) is a set of privacy rules that apply to any entity that handles personal data for customers in the European Union (EU). GDPR goes into effect May 25th 2018.

GDPR includes some of the following requirements:

  • the right to easy access to one’s own personal data;
  • the right to secure data protection by design and by default;
  • the right to data portability, or the ability for customers to move their data between companies easily upon request;
  • the right to know when one’s data has been compromised or breached;
  • the right to be forgotten, i.e. the ability to have one’s personal data deleted if there is no legitimate reason to retain the data.

The maximum penalty for GDPR non-compliance would be 20 million euros or 4% of worldwide turnover, whichever is greater.

More information about GDPR is available at www.eugdpr.org and ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules_en.

Microsoft has published its own GDPR compliance guide and best practices at www.microsoft.com/en-us/TrustCenter/Privacy/gdpr/default.aspx.

Google has documented its own commitment to GDPR here.

Residents of Australia are covered under the Australia Privacy Act.