HIPAA: Health Insurance Portability and Accountability Act - Federal law that establishes standards for the protection of sensitive patient health information
GLBA: Gramm-Leach-Bliley Act - Federal law requiring financial institutions to explain their information-sharing practices and protect sensitive financial data
FISMA: Federal Information Security Management Act - Defines framework for protecting government information, operations and assets against threats
SOX: Sarbanes-Oxley Act - Federal law that sets requirements for all U.S. public company boards, management, and public accounting firms regarding financial data protection
COPPA: Children's Online Privacy Protection Act - Federal law that imposes specific requirements for collecting and handling data from children under 13
CCPA/CPRA: California Consumer Privacy Act and California Privacy Rights Act - State laws providing California residents with data privacy rights and controlling how businesses process their personal information
VCDPA: Virginia Consumer Data Protection Act - Comprehensive state privacy law providing Virginia residents with rights over their personal data
CPA: Colorado Privacy Act - State law establishing privacy rights for Colorado residents and obligations for businesses processing their personal data
PCI DSS: Payment Card Industry Data Security Standard - Security standards designed to ensure companies that accept, process, store or transmit credit card information maintain a secure environment
NIST Framework: National Institute of Standards and Technology Cybersecurity Framework - Guidelines and best practices for managing cybersecurity risks
ISO 27001: International standard for information security management systems, providing requirements for establishing, implementing, maintaining and continually improving information security
Data Retention Requirements: Legal and regulatory requirements specifying how long different types of data must be retained before disposal
Data Destruction Protocols: Standards and procedures for secure deletion or destruction of data when no longer needed or required
Disaster Recovery Requirements: Standards for ensuring business continuity and data recovery in case of catastrophic events or system failures
Cross-border Data Transfer: Regulations governing the transfer of personal data across national borders, including international data protection requirements
Data Breach Notification: Legal requirements for notifying affected individuals and authorities in the event of a data security breach
