Third-Party Vendor Data Privacy Risk Management
Summary
This practice note provides legal requirements and best practices for mitigating third party/vendor risks by ensuring that vendor contracts comply with U.S. state privacy laws and conducting data protection assessments (also known as "risk assessments") when using vendors for processing personal information that presents a significant risk to consumers' privacy or security.