California and Nevada Regulations to Address Security and Privacy of Connected Devices

02/07/19

Event Title

08h00 - 16h30

Event Location

Print Bulletin PDF


The California Consumer Privacy Act (CCPA) has been signed into law, resulting in requirements for businesses to provide reasonable security measures when handling personal information, taking steps to protect this information, and dispose of it when it is no longer necessary. This act amends Part 4 of Division 3 of the California Civil Code.


This act requires manufacturers to equip products with security features appropriate to the nature and function of the device in question, and to any information collected, contained, or transmitted, and must provide a design to protect against unauthorized access, modification, destruction or disclosure of information.


Nevada has also passed SB220, which prohibits operators of websites or online services from selling certain information if directed by the consumer to not sell it. The consumer information covered by this regulation includes name, physical address, email address, telephone number, and social security number.


Under this law, operators must provide a designated request address for consumers to request the sale of their personal information be prohibited.


Background Information: 

The intent of the California law is to inform consumers with knowledge of personal data being collected and how this data is handled, as well as to provide consumers with access to their own personal data, and an option to prevent the sale of personal data.


Additionally, product service and pricing shall not be impacted by exercising privacy options.


Smart product manufacturers will be required to provide protection for sensitive data, and to properly delete any such data when no longer necessary for the intended function of the device.


Covered devices include those that can connect to the internet, even indirectly, and those that can connect to other devices.


The Nevada law is intended to offer the consumer the right to request that personal information not be subject to third party data sales.


New Requirements: 

The new California requirements go into effect on January 1, 2020. All smart devices will need to comply with the new data security requirements at that point.


Internet of Things (IoT) devices must be equipped with reasonable security measures that are:

• appropriate for the nature and function of the device

• appropriate for the information handled by the device

• designed to protect the device and any collected information from access by any party not authorized by the consumer


The Nevada law will take effect on October 1, 2019.


A number of other states are considering similar legislation. Hawaii, Maryland, Massachusetts, New Jersey, New Mexico, Rhode Island, and Washington have proposed laws to address data security. These proposals are largely in alignment with the CCPA.


Bureau Veritas offers evaluation of these characteristics, employing principles from the NIST Privacy Framework to determine compliance.


Additional information: 

• https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB327

• https://www.nist.gov/sites/default/files/documents/2019/04/30/nist-privacy-framework-discussion-draft.pdf


How Does this Impact You? Contact Us to Discuss

If you have any comments and/or questions, please contact your customer service representative or email us at info@us.bureauveritas.com



Contact Us

 

Consumer Products Services
Send an e-mail

REQUEST FOR A QUOTE

Need help or have a question?
Share on :
  • Algeria
  • Angola
  • Argentina
  • Armenia
  • Australia
  • Austria
  • Azerbaijan
  • Bahamas
  • Bahrain
  • Bangladesh
  • Barbados
  • Belarus
  • Belgium
  • Benin
  • Bermuda
  • Bolivia
  • Bosnia and Herzegovina
  • Botswana
  • Brazil
  • Brunei
  • Bulgaria
  • Burkina-Faso
  • Burundi
  • Cambodia
  • Cameroon
  • Canada
  • Cape Verde Islands
  • Central African Republic
  • Chad
  • Chile
  • China (Peoples' Republic of)
  • Colombia
  • Congo
  • Congo (Democratic Republic of the)
  • Costa Rica
  • Cote d'Ivoire
  • Croatia
  • Cuba
  • Curacao
  • Czech Republic
  • Denmark
  • Djibouti
  • Dominican Republic
  • Ecuador
  • Egypt
  • El Salvador
  • Equatorial Guinea
  • Eritrea
  • Estonia
  • Ethiopia
  • Fidji
  • Finland
  • France
  • French West Indies
  • Gabon
  • Georgia
  • Germany
  • Ghana
  • Gibraltar
  • Greece
  • Greenland
  • Guatemala
  • Guinea
  • Guinea Bissau
  • Honduras
  • Hungary
  • Iceland
  • India
  • Indonesia
  • Iraq
  • Israel
  • Italy
  • Japan
  • Jordan
  • Kazakhstan
  • Kenya
  • Korea (South)
  • Kuwait
  • Latvia
  • Lebanon
  • Liberia
  • Libya
  • Lithuania
  • Luxembourg
  • Madagascar
  • Malawi
  • Malaysia
  • Mali
  • Malta
  • Mauritania
  • Mexico
  • Montenegro
  • Morocco
  • Mozambique
  • Myanmar
  • Namibia
  • Netherlands
  • Netherlands Antilles
  • New Zealand
  • Nicaragua
  • Niger
  • Nigeria
  • Norway
  • Oman
  • Pakistan
  • Panama
  • Paraguay
  • Peru
  • Philippines
  • Poland
  • Portugal
  • Puerto Rico
  • Qatar
  • Romania
  • Russia
  • Rwanda
  • Saint- Pierre & Miquelon
  • Saudi Arabia
  • Senegal
  • Serbia
  • Seychelles
  • Sierra Leone
  • Singapore
  • Slovakia
  • Slovenia
  • Somalia
  • South Africa (Rep.)
  • Spain
  • Sri Lanka
  • Suriname
  • Sweden
  • Switzerland
  • Syria
  • Tanzania (United Republic of)
  • Thailand
  • Togo
  • Trinidad & Tobago
  • Tunisia
  • Turkey
  • Turkmenistan
  • Uganda
  • Ukraine
  • United Arab Emirates
  • United Kingdom
  • United States of America
  • Uruguay
  • Uzbekistan
  • Venezuela
  • Vietnam
  • Yemen
  • Zambia
  • Zimbabwe
  • Other Websites
  • Africa
  • GLOBAL WEBSITE
  • Middle East
  • South East Asia
Choose your industry, asset and / or service need
Your Industry

Your Asset

Our Services