Gramm-Leach-Bliley Act (GLBA): Federal law that requires financial institutions to explain their information-sharing practices to customers and protect sensitive financial data
Health Insurance Portability and Accountability Act (HIPAA): Federal law that establishes standards for the protection and confidential handling of protected health information
Children's Online Privacy Protection Act (COPPA): Federal law that imposes requirements on operators of websites or online services directed to children under 13 years of age
Federal Trade Commission Act (FTC Act): Prohibits unfair or deceptive practices in commerce, including those related to privacy and data security
Consumer Privacy Bill of Rights: Framework for protecting consumer privacy in the digital age, establishing basic principles for handling personal data
Federal Information Security Management Act (FISMA): Defines framework for protecting government information, operations and assets against natural or human threats
Cybersecurity Information Sharing Act (CISA): Promotes sharing of cyber threat information between private sector and government entities
Sarbanes-Oxley Act (SOX): Requires publicly traded companies to establish internal controls and procedures for financial reporting, affecting IT systems and data management
Payment Card Industry Data Security Standard (PCI DSS): Security standard for organizations that handle credit card information to ensure protection of payment data
California Consumer Privacy Act (CCPA): State law providing California residents with rights regarding the collection and sale of their personal information
Virginia Consumer Data Protection Act (VCDPA): State law establishing framework for controlling and processing personal data of Virginia residents
Colorado Privacy Act: State law providing Colorado residents with privacy rights and imposing obligations on data controllers and processors
State Data Breach Notification Laws: Various state-specific requirements for notifying individuals and authorities in the event of a data breach
Uniform Commercial Code (UCC): Governs commercial transactions, including software licensing and service agreements
Electronic Signatures in Global and National Commerce Act (ESIGN): Federal law ensuring legal validity of electronic signatures and contracts
Uniform Electronic Transactions Act (UETA): State law establishing legal equivalence of electronic records and signatures with paper and manually signed documents
General Data Protection Regulation (GDPR): EU regulation that may apply if handling EU resident data, establishing strict requirements for data protection and privacy
Cross-border Data Transfer Regulations: Various international requirements governing the transfer of personal data across national borders
