Brooklyn Journal of Corporate, Financial & Commercial Law

First Page



While the Internet of Things (IoT) has created an interconnected world via phones, laptops, and even household devices, it is not infallible. As cyber-attacks increase in frequency, affecting companies of all sizes and industries, IoT device manufacturers have become particularly vulnerable, due in large part to the fact that many companies fail to implement adequate cybersecurity protocols. Mass data breaches occur often. However, these companies are not held accountable due to the use of the reasonableness standard in existing cybersecurity legislation, which is flexible and malleable. In 2019, the California Legislature enacted a cybersecurity law specific to IoT device manufacturers. This Note considers how the existing California IoT legislation fails to hold companies accountable for poor cybersecurity practices through malleable and relaxed standards, and proposes a new standard of industry best practices which looks to a multi-stakeholder initiative to develop more rigorous standards to ensure manufacturers undertake proper cybersecurity initiatives to protect consumer data.