Computer Fraud and Abuse Act (CFAA): Federal law that addresses unauthorized access and computer-related fraud, setting penalties for cybercrime and misuse of computer systems.
Electronic Communications Privacy Act (ECPA): Federal legislation that regulates the monitoring of electronic communications, including provisions for workplace email and communication surveillance.
Stored Communications Act (SCA): Federal law that protects stored electronic communications, particularly relevant for email and data storage policies in the workplace.
Health Insurance Portability and Accountability Act (HIPAA): Federal healthcare law that establishes data security and privacy requirements for handling medical information in any context, including workplace systems.
Federal Trade Commission (FTC) Regulations: Federal regulatory framework that establishes data security requirements and privacy protection guidelines for businesses.
State Data Breach Notification Laws: State-specific laws that establish requirements for reporting security incidents and data breaches to affected parties.
California Consumer Privacy Act (CCPA): California state law that provides comprehensive privacy rights and consumer protection for residents, affecting businesses nationwide.
Payment Card Industry Data Security Standard (PCI DSS): Industry standard for organizations that handle credit card information, establishing security requirements for payment data processing.
Sarbanes-Oxley Act: Federal law for publicly traded companies that includes requirements for IT security controls and data integrity.
National Labor Relations Act (NLRA): Federal labor law that protects certain employee communications and must be considered in workplace technology policies.
Americans with Disabilities Act (ADA): Federal civil rights law that includes accessibility requirements for IT systems in the workplace.
Occupational Safety and Health Act (OSHA): Federal workplace safety law that includes ergonomic requirements for computer use and workplace technology setup.
