HIPAA: Health Insurance Portability and Accountability Act - Federal law governing healthcare data protection, including Security Rule and Privacy Rule requirements for protected health information
GLBA: Gramm-Leach-Bliley Act - Federal law requiring financial institutions to explain their information-sharing practices and protect sensitive financial data
FERPA: Family Educational Rights and Privacy Act - Federal law that protects the privacy of student education records and applies to educational institutions
SOX: Sarbanes-Oxley Act - Federal law for publicly traded companies, particularly Section 404 regarding internal controls and financial reporting
FISMA: Federal Information Security Management Act - Law that defines cybersecurity framework for federal government systems and information
NIST Cybersecurity Framework: National Institute of Standards and Technology framework providing standards, guidelines, and best practices for managing cybersecurity risk
ISO 27001: International standard for information security management systems (ISMS) providing requirements for establishing, implementing, and maintaining an ISMS
PCI DSS: Payment Card Industry Data Security Standard - Security standard for organizations that handle credit card data and transactions
State Data Breach Laws: Various state-specific laws requiring notification of security breaches involving personal information to affected individuals
CCPA: California Consumer Privacy Act - Comprehensive state law providing California residents with rights regarding their personal information
SHIELD Act: New York's Stop Hacks and Improve Electronic Data Security Act requiring businesses to implement safeguards for private information of NY residents
FTC Act Section 5: Federal Trade Commission Act section prohibiting unfair or deceptive practices affecting commerce, including data security and privacy practices
