Photo of Grace Kim

Grace Kim

Grace Kim is an associate in Covington’s London office and a member of the Antitrust/Competition and White Collar and Investigations practices. She assists clients across a range of industries on regulatory matters, investigations and transactions requiring competition and anti-corruption/bribery review. Grace also advises on the UK’s National Security and Investment Act and other Foreign Direct Investment (FDI) regimes, and is a member of the firm’s Business and Human Rights practice group.

Prior to joining the firm as a trainee, Grace held in-house compliance roles at the European headquarters of a global consumer electronics company and the global headquarters of a UK-based retailer.

Following an informal consultation earlier this year – as covered by our previous IoT Update here – the UK’s Department for Digital, Culture, Media and Sport (“DCMS”) published the final version of its Code of Practice for Consumer IoT Security (“Code”) on Oct. 14, 2018. This was developed by the DCMS in conjunction with the National Cyber Security Centre, and follows engagement with industry, consumer associations, and academia. The aim of the Code is to provide guidelines on how to achieve a “secure by design” approach, to all organizations involved in developing, manufacturing, and retailing consumer Internet of Things ‘IoT’ products. Each of the thirteen guidelines are marked as primarily applying to one or more of device manufacturers, IoT service providers, mobile application developers and/or retailers categories.

The Code brings together what is widely considered good practice in IoT security. At the moment, participation in the Code is voluntary, but it has the aim of initiating and facilitating security change through the entire supply chain and compliance with applicable data protection laws. The Code is supported by a supplementary mapping document, and an open data JSON file which refers to the other main industry standards, recommendations and guidance.  Ultimately, the Government’s ambition is for appropriate aspects of the Code to become legally enforceable and has commenced a mapping exercise to identify the impact of regulatory intervention and necessary changes.Continue Reading IoT Update: The UK publishes a final version of its Code of Practice for Consumer IoT Security