GLBA: Gramm-Leach-Bliley Act - Federal law governing the collection, use, and disclosure of personal financial information by financial institutions
HIPAA: Health Insurance Portability and Accountability Act - Federal law regulating the use and disclosure of protected health information by healthcare providers and their business associates
COPPA: Children's Online Privacy Protection Act - Federal law protecting the privacy of children under 13 years old online
FTC Act Section 5: Federal Trade Commission Act Section 5 - Prohibits unfair or deceptive practices in privacy and data security matters
FERPA: Family Educational Rights and Privacy Act - Federal law protecting the privacy of student education records
CCPA/CPRA: California Consumer Privacy Act/California Privacy Rights Act - Comprehensive state privacy laws providing California residents with various privacy rights and imposing obligations on businesses
VCDPA: Virginia Consumer Data Protection Act - State law providing Virginia residents with data privacy rights and imposing obligations on businesses processing their personal data
CPA: Colorado Privacy Act - State law establishing privacy rights for Colorado residents and requirements for businesses processing their personal data
UCPA: Utah Consumer Privacy Act - State privacy law providing Utah residents with certain privacy rights and establishing business obligations
CTDPA: Connecticut Data Privacy Act - State law protecting Connecticut residents' personal data and establishing requirements for businesses
GDPR Considerations: European Union General Data Protection Regulation - Must be considered if processing data of EU residents, even for US-based operations
UK GDPR Considerations: United Kingdom General Data Protection Regulation - Must be considered if processing data of UK residents, even for US-based operations
PCI DSS: Payment Card Industry Data Security Standard - Security standards for organizations handling credit card data
SOC 2: Service Organization Control 2 - Voluntary compliance standard for service organizations, specifying how organizations should manage customer data
Data Breach Requirements: Various state and federal requirements for notification and response in the event of a data breach
Cross-Border Transfers: Requirements and restrictions for transferring personal data across national borders, including international data transfer mechanisms
Data Retention: Legal requirements and best practices for how long different types of personal data should be retained and when it should be deleted
Data Subject Rights: Various rights granted to individuals regarding their personal data, including access, deletion, correction, and portability rights
Security Measures: Technical and organizational security measures required to protect personal data during processing activities
Subprocessor Management: Requirements for managing and overseeing subprocessors, including due diligence, contractual obligations, and ongoing monitoring
