Privacy Regulation in a Connected IoT World

The need for increased technology regulation is a hot topic, as concerns continue to grow about the risks from deepfakes to machines going rogue. Our connected world appears fraught with problems that make more legislation seem inevitable if we are to have any hope of protection. California is leading the charge and is the first state to introduce sweeping privacy laws but the laws need to be more stringent and much more widely adopted before we can begin to secure connected devices.

The Californian legislation includes the first IoT cybersecurity regulation Senate Bill No. 326. This ensures manufacturers of connected devices equip their products with security features out of the box. Critically the new law will also see the end of default passwords and, thankfully, password-free devices. To provide some perspective on the new legislation, when users change their passwords, they don’t need to choose a strong one, or one that is uncompromised, which still makes the device an easy target for hackers.

With connected devices expected to reach 20.4 billion units by the end of 2020, removing default passwords is a pivotal step towards ending the risks from this threat vector. However, as I stated in a post for IoT Agenda, this initiative is not enough. There needs to be additional privacy regulation that covers the strength of the password selected along with ensuring that it has not already been compromised.

In addition, you must continue to check that passwords haven’t become compromised on a daily basis. With the growing number of compromised credentials available on the dark web this is critical. To provide perspective, in 2019, a total of 7,098 reported breaches exposed 15.1 billion records!

The California legislation is an essential first step for privacy regulation; however, with the extensive use of IoT devices both at home and at work, this regulation must be expanded. The risks associated with living a connected life will continue to grow throughout this decade and legislation will be essential to protect us all.

Here at Enzoic, our mission is to reduce the risks associated with weak or compromised passwords. We believe that further legislation, aided by innovative technology, is the only way to eradicate the risks.

Michael Greene, CEO, Enzoic