A fund manager’s use of new technologies and processes to streamline its business and generate improved performance comes with significant risk, which is pronounced when using big data, as few best practices currently exist within the industry. One of the most significant concerns about big data involves the acquisition or use of personally identifiable information (PII). Although PII enjoys broad protection under U.S. law, many state laws impose even more stringent restrictions on the use of personal data, and the E.U. General Data Protection Regulation provides a comprehensive and onerous framework for data tied to E.U. citizens. Managers must also understand how to deal with third-party data vendors, including how to conduct due diligence on and negotiate contractual provisions with those service providers. Finally, as growing numbers of drones are used to capture images, managers must recognize and comply with a web of federal regulations, as well as state laws, surrounding this use. This third article in our three-part series discusses the risks associated with data privacy, the acquisition of data from third parties and the use of drones, as well as recommended methods for mitigating those risks. The first article explored the big-data landscape, along with how fund managers can acquire and use big data in their businesses. The second article analyzed issues and best practices surrounding the acquisition of material nonpublic information; web scraping; and the quality and testability of data. For more on the adoption by fund managers of new technology, see our three-part series on blockchain: “Basics of the Technology and How the Financial Sector Is Currently Employing It” (Jun. 1, 2017); “Potential Uses by Private Funds and Service Providers” (Jun. 8, 2017); and “Potential Impediments to Its Eventual Adoption” (Jun. 15, 2017).