From Northern California Record:

Thomas Struble, the tech policy manager for the D.C.–based R Street Institute, told the Northern California Record that despite any potential shortcomings, the bill has some merit  due to the apparent connection of privacy and data security standards the Federal Trade Commission (FTC) currently has in place.

“Altogether, it seems pretty good and likely wouldn’t impose an undue burden on device makers, because it seems to largely track the FTC’s privacy and data security standards, which are also currently at stake in the U.S. District Court for the Northern District of California, funnily enough,” Struble said. “In that case, the FTC is arguing that D-Link violated Section 5 of the FTC Act, which prohibits ‘unfair or deceptive acts or practices,’ by failing to provide ‘reasonable’ data security in some of its devices and by misrepresenting the quality of its data security. If the FTC prevails in that case — the FTC’s complaint was filed on January 5, but no schedule for briefing or oral argument has yet been set — then California’s SB327 would likely have little effect because it would basically mirror the FTC standards that device makers in California are already governed by.”