This program will focus on effective information security and data privacy assessment programs for third-party vendors—including practical tips for effectively assessing information security practices and procedures of third-party vendors, such as law firms and other professional consultants — from the pros and cons of using industry-standard questionnaires to determining when onsite reviews are appropriate and how to handle subcontractors. We will also highlight key, and common, sticking points in negotiating data privacy and information security terms in vendor agreements and provide options and sample language for successfully resolving them, distinguishing as applicable between US negotiations and negotiations where either the customer or the vendor has substantial operations in Europe or Asia.