Sarbanes-Oxley Act (SOX): Federal legislation that mandates specific record-keeping and financial data retention requirements for publicly traded companies
Health Insurance Portability and Accountability Act (HIPAA): Federal law requiring specific security measures and retention policies for protected health information (PHI)
Gramm-Leach-Bliley Act (GLBA): Federal law requiring financial institutions to protect customers' personal financial information and explain their data-sharing practices
Federal Information Security Management Act (FISMA): Federal law that defines cybersecurity framework for federal agencies and contractors, including data backup requirements
Federal Records Act: Legislation governing the management of federal records, including requirements for preservation and storage
Payment Card Industry Data Security Standard (PCI DSS): Industry security standard for organizations handling credit card information, including specific backup and storage requirements
Family Educational Rights and Privacy Act (FERPA): Federal law protecting the privacy of student education records, including requirements for secure storage and backup
General Data Protection Regulation (GDPR): EU regulation with extraterritorial effect requiring specific data protection measures for EU residents' data, including backup requirements
State Data Breach Notification Laws: Various state-specific requirements for protecting data and notifying affected parties in case of data breaches
California Consumer Privacy Act (CCPA): California state law providing consumers with rights regarding their personal data and imposing obligations on businesses for data protection
NIST Special Publication 800-53: Technical guidelines providing security and privacy controls for federal information systems and organizations
ISO 27001: International standard for information security management systems, including requirements for backup and storage
