Computer Fraud and Abuse Act (CFAA): Federal law that criminalizes unauthorized access to computers and networks, crucial for defining acceptable use and security violations
Electronic Communications Privacy Act (ECPA): Federal law governing the interception and monitoring of electronic communications, important for defining monitoring policies in AUP
Stored Communications Act (SCA): Part of ECPA that provides privacy protection for electronic communications stored by service providers
Federal Information Security Management Act (FISMA): Sets security standards for federal information systems, can serve as a baseline for security requirements
Gramm-Leach-Bliley Act: Financial services regulation requiring security measures for customer data protection in financial institutions
HIPAA: Healthcare privacy law establishing security requirements for protected health information
State Data Breach Notification Laws: Various state-specific requirements for reporting and handling data breaches, affecting security incident response policies
California Consumer Privacy Act (CCPA): California's comprehensive privacy law affecting businesses handling California residents' personal information
FTC Security Regulations: Federal Trade Commission guidelines and requirements for maintaining reasonable security measures
NIST Cybersecurity Framework: Voluntary framework of computer security guidance for organizations to better manage and reduce cybersecurity risk
Digital Millennium Copyright Act (DMCA): Copyright law affecting digital content usage and sharing policies
CAN-SPAM Act: Federal law setting rules for commercial email practices, relevant for communication policies
Children's Online Privacy Protection Act (COPPA): Federal law imposing requirements on operators of websites or online services directed to children under 13
