Computer Fraud and Abuse Act (CFAA): Federal law that addresses unauthorized access to computers and networks, and covers computer-related fraud and malicious code
Electronic Communications Privacy Act (ECPA): Federal legislation that regulates the interception of electronic communications and includes the Stored Communications Act
Health Insurance Portability and Accountability Act (HIPAA): Federal healthcare law that includes Security Rule requirements for protecting electronic protected health information
Gramm-Leach-Bliley Act (GLBA): Federal law establishing requirements for financial institutions' data security and privacy measures
Federal Information Security Management Act (FISMA): Federal law establishing information security standards for federal systems and agencies
State Data Breach Notification Laws: State-specific laws present in all 50 states that define requirements for data breach notifications, including timing and methods
California Consumer Privacy Act (CCPA): California state law providing comprehensive privacy rights and data protection for California residents
Virginia Consumer Data Protection Act: Virginia state law establishing framework for controlling and processing personal data of Virginia residents
Colorado Privacy Act: Colorado state law providing privacy protections and rights regarding personal data for Colorado residents
Payment Card Industry Data Security Standard (PCI DSS): Industry-specific security standard for organizations that handle credit card data
NIST Cybersecurity Framework: Voluntary standards, guidelines, and best practices to manage cybersecurity-related risk
Federal Trade Commission (FTC) Regulations: Federal agency oversight on cybersecurity practices and enforcement against unfair or deceptive practices
SEC Cybersecurity Requirements: Securities and Exchange Commission requirements for publicly traded companies regarding cybersecurity disclosure and practices
