Data is rapidly becoming a company’s most valuable asset. Innovations in data analytics, artificial intelligence tools that use data and other technologies are accelerating this trend. Unfortunately, bad actors who seek to obtain or compromise your data and systems are also innovating. Breaches of personal data may lead to litigation, investigations, fines, penalties and reputational harm. While a company cannot eliminate these risks, there are some actions that your company should take to protect data in the hands of third-party suppliers. This article describes five privacy- and security-related questions that a general counsel should ask regarding company data in the hands of third-party suppliers and other business partners.