Can you summarize Civ Code CACL 1798.91.04?

Short Summary

This legal document, found in the California Civil Code, pertains to the security of connected devices. It requires manufacturers of connected devices to equip the devices with reasonable security features that are appropriate to the nature and function of the device, as well as the information it may collect, contain, or transmit. These security features should be designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure. The document also outlines specific requirements for authentication means outside a local area network, such as unique preprogrammed passwords or the generation of new means of authentication. Manufacturers may choose to satisfy the requirements by meeting or exceeding the baseline product criteria of a NIST conforming labeling scheme, undergoing a conformity assessment, and bearing the binary label as described by the NIST conforming labeling scheme. The document was amended in 2022 and will be effective from January 1, 2023.

Whom does it apply to?

Manufacturers of connected devices

What does it govern?

Security requirements for connected devices

What are exemptions?

No exemptions are mentioned.

What are the Penalties?

Not specified.

Jurisdiction

California

Source

Civ Code CACL 1798.91.04 [https://reggi.cloud.regology.com/regulations/US-CACL/US-CACL_T_CIV_T_3_P_4_T_1.81.26_S_1798.91.04]

• Cyber Security