In the current dynamic regulatory environment, adapting a flexible framework with a system of controls based on core privacy and cybersecurity principles will allow fund managers to get ahead of any future requirements and avoid a complete overhaul of their systems. In this guest article, Akin Gump attorneys Michelle Reed and Madison Gafford explore the current legal landscape and detail the three stages of control implementation to decrease the risk of liability from breaches and privacy incidents. For more on privacy, see our two-part series on preparing for and engaging with the California Consumer Privacy Act of 2018: “How Fund Managers Can Evaluate If They Are Subject to the New Law” (Sep. 26, 2019); and “How Fund Managers Can Prepare for Compliance with the Act” (Oct. 3, 2019).