Daniel Pepper

Subscribe to all posts by Daniel Pepper

Is China’s Personal Information Protection Law Contributing to the Global Supply Chain Snafu?

Less than a month after China’s Personal Information Protection Law (PIPL) took effect, ships in Chinese waters began disappearing from industry tracking systems. While the PIPL governs the collection and cross-border transfer of personal information, which is broadly defined as information related to an identified or identifiable natural person that is recorded electronically or by … Continue Reading

China Issues Draft Measures on Security Assessment of Cross-Border Data Transfer

On Oct. 29, 2021, the Cyberspace Administration of China (CAC) published the “Draft Measures on Security Assessment of Cross-Border Data Transfer” (Draft Measures) for comment through Nov. 28. The Draft Measures follow and are based on China’s Cybersecurity Law (CSL), Data Security Law (DSL), Personal Information Protection Law (PIPL) and related regulations. These measures appear … Continue Reading

The New IoT Cybersecurity Act Is Here

Background Growing awareness regarding cybersecurity concerns with the Internet of Things (IoT) has achieved a milestone with the promulgation of the IoT Cybersecurity Improvement Act (the Act), which was signed into law by President Donald Trump on December 4, 2020. The Act requires the development, adoption and implementation of security standards for IoT devices by … Continue Reading

Steps to Develop a Mature Third-Party Risk Management Program With High-Risk Third Parties (Part 3)

Part 1 Part 2 This blog is the third in a series exploring how organizations can prevent or mitigate the severity of a third-party data breach or cyber exploit by implementing a variety of cybersecurity risk management controls, such as assessing compliance with regulations, vetting third-party security practices, and establishing data breach and cyber exploit … Continue Reading

Steps to Develop a Mature Third-Party Risk Management Program with High-Risk Third Parties (Part 2)

This blog is the second in a series exploring how organizations can prevent or mitigate the severity of a third-party data breach or cyber exploit by implementing a variety of cybersecurity risk management controls, such as assessing compliance with regulations, vetting third-party security practices, and establishing data breach and cyber exploit incident response procedures. While … Continue Reading

Steps to Develop a Mature Third-Party Risk Management Program With High-Risk Third Parties

This blog is the first in a series exploring how organizations can prevent or mitigate the severity of a third-party data breach or cyber exploit by implementing a variety of cybersecurity risk management controls such as assessing compliance with regulations, vetting third-party security practices, and establishing data breach and cyber exploit incident response procedures. While … Continue Reading

Just When You Thought It Was Safe to Go Back into the Water – CCPA 2, the Sequel

If you’ve been feeling encouraged about your company’s preparation for the California Consumer Privacy Act’s (CCPA) launch on January 1, 2020, you may not want to breathe a sigh of relief just yet. Alastair Mactaggart, the founder and board chair of Californians for Consumer Privacy (one of the coauthors of the CCPA), is hoping that … Continue Reading
LexBlog