In an era of interconnected business operations, when a company’s vendor that stores its personal information suffers a data breach, this situation could pose significant risks to operations, create indemnification obligations, and even in some cases lead to public relations nightmares. As legal requirements related to data security evolve, it has become paramount for businesses to understand the risks present in the lifecycle of a vendor data breach. This presentation will equip attendees with steps to take during contract negotiations with the vendor to address a potential data breach, such as key terms to include in data processing and security addendums. It will also offer tips on how to navigate the hours, days, and weeks after your vendor notifies you that they have been breached, including a discussion of notification and regulatory obligations, costs allocation, and ongoing requirements such as credit monitoring.