Many companies have institutionalized the practice of conducting due diligence on their vendors security practices. A familiar component of the diligence process is to have a vendor complete a security assessment questionnaire or SAQ . Historically, vendor privacy due diligence has been a less common phenomena. New cases, statutes, rules, and regulations are changing that. The program will discuss the growing need and upward trend for conducting privacy due diligence in light of the European court of justice decision in Schrems II, the CCPA, and the CPRA. It will also provide in-house counsel with practical insights into what to include in a privacy assessment questionnaire, and how to institutionalize the practice of conducting them