GLBA: Gramm-Leach-Bliley Act - Federal law governing the protection of financial data and requiring financial institutions to explain their information-sharing practices to customers
HIPAA: Health Insurance Portability and Accountability Act - Federal law establishing national standards for the protection of individuals' medical records and other personal health information
FTC Act: Federal Trade Commission Act - Broad federal law prohibiting unfair or deceptive practices affecting commerce, including data privacy and security practices
COPPA: Children's Online Privacy Protection Act - Federal law imposing specific requirements on operators of websites or online services directed to children under 13 years of age
FCRA: Fair Credit Reporting Act - Federal law regulating the collection, dissemination, and use of consumer credit information
CCPA/CPRA: California Consumer Privacy Act/California Privacy Rights Act - California state laws providing California residents with enhanced privacy rights and consumer protection for their personal data
VCDPA: Virginia Consumer Data Protection Act - Virginia state law establishing framework for controlling and processing personal data of Virginia residents
CPA: Colorado Privacy Act - Colorado state law providing privacy rights to Colorado residents and imposing obligations on data controllers and processors
UCPA: Utah Consumer Privacy Act - Utah state law establishing privacy rights for Utah residents and requirements for businesses processing personal data
CTDPA: Connecticut Data Privacy Act - Connecticut state law providing privacy rights to Connecticut residents and regulating the processing of their personal data
GDPR Considerations: General Data Protection Regulation considerations for handling EU residents' data, including data transfer mechanisms and enhanced privacy rights
UK GDPR Considerations: UK General Data Protection Regulation considerations for handling UK residents' data, including specific UK requirements post-Brexit
NIST Framework: National Institute of Standards and Technology Cybersecurity Framework - Voluntary guidance for private sector organizations to better manage and reduce cybersecurity risk
ISO 27001: International standard for information security management systems (ISMS), providing requirements for establishing, implementing, maintaining, and continually improving an ISMS
PCI DSS: Payment Card Industry Data Security Standard - Information security standard for organizations that handle branded credit cards from major card schemes
Breach Notification Requirements: Various state and federal requirements for notifying affected individuals and authorities in the event of a data breach
Data Transfer Mechanisms: Legal frameworks and mechanisms for transferring data across borders, including Standard Contractual Clauses and binding corporate rules
Data Retention Requirements: Specifications for how long different types of data should be retained and requirements for secure disposal when no longer needed
Security Measures: Technical and organizational security measures required to protect personal data, including encryption, access controls, and monitoring
Processor Obligations: Specific requirements and responsibilities for data processors and sub-processors, including processing limitations and confidentiality obligations
