CCPA/CPRA: California Consumer Privacy Act and California Privacy Rights Act - comprehensive state-level privacy laws setting standards for data collection, processing, and consumer rights
HIPAA: Health Insurance Portability and Accountability Act - Federal law governing protection of personal health information and medical data
GLBA: Gramm-Leach-Bliley Act - Federal law setting requirements for financial institutions handling personal information
FTC Act: Federal Trade Commission Act - Contains general consumer protection provisions regarding unfair or deceptive practices in privacy and data security
State Privacy Laws: Various state-specific privacy laws including Virginia (VCDPA), Colorado Privacy Act, Utah Consumer Privacy Act, and Connecticut Data Privacy Act
GDPR Considerations: General Data Protection Regulation considerations when dealing with EU residents' data, often used as international benchmark
SCCs: Standard Contractual Clauses - Legal mechanisms for international data transfers
Scope of Processing: Key element defining the boundaries and purposes of data processing activities
Security Measures: Required technical and organizational measures for ensuring data security
Breach Notification: Requirements and procedures for notifying relevant parties in case of data breaches
Data Subject Rights: Procedures for handling data subject requests and ensuring their rights
Cross-border Transfers: Mechanisms and safeguards for transferring data across international borders
Audit Rights: Provisions for conducting audits and assessments of data processing activities
Subprocessor Requirements: Rules and obligations regarding the use of subprocessors in data processing activities
Data Retention: Requirements for data retention periods and deletion procedures
