As fund managers face unique regulatory and civil litigation risks through the vendors that they employ, it is vital for them to ensure that the agreements they have with those third-party service providers include sufficient data privacy and security provisions. In addition, in the event of a cyber breach, a fund manager must ensure that it works with its vendors to properly respond to the incident. This second article of our two-part coverage of a recent Strafford seminar featuring Davis Polk attorneys Matthew J. Bacal, Daniel F. Forester and Matthew A. Kelly addresses critical data privacy and data security provisions fund managers should include in vendor agreements, along with key considerations for incident response. The first article detailed the current risk environment; provided guidance for managers on vendor management and due diligence; and discussed underlying considerations when negotiating vendor agreements. See “Hedge Fund-Specific Issues in Portfolio Management Software Agreements and Other Vendor Agreements” (Aug. 4, 2011).