Most data buyers know that personal or consumer data can often create privacy and cybersecurity risks related to individuals being identifiable based on information pieced together through datasets. However, the process of diligencing vendors and mitigating risk in this area is not always straightforward. Privacy and cybersecurity fears heightened by geopolitical, legal and social events have brought increased attention to the space from the general public and regulators who seem poised to flex their authority.