GLBA: Gramm-Leach-Bliley Act - Federal legislation governing financial institutions' handling of personal information and breach notification requirements
HIPAA: Health Insurance Portability and Accountability Act - Federal legislation governing healthcare organizations' handling of protected health information and breach notification requirements
FTC Act: Federal Trade Commission Act - Provides general consumer protection and requires businesses to maintain reasonable security measures to protect consumer data
SEC Regulations: Securities and Exchange Commission regulations requiring public companies to disclose material cybersecurity incidents and risks
CCPA: California Consumer Privacy Act - State law with strict requirements for breach notification and consumer data protection in California
NY SHIELD Act: New York Stop Hacks and Improve Electronic Data Security Act - Comprehensive data security and breach notification requirements for organizations handling NY residents' data
VCDPA: Virginia Consumer Data Protection Act - State law establishing framework for privacy and data security, including breach notification requirements
Massachusetts 201 CMR 17.00: Massachusetts data security regulation requiring comprehensive written information security program and specific security controls
Illinois PIPA: Illinois Personal Information Protection Act - State law defining protected personal information and breach notification requirements
PCI DSS: Payment Card Industry Data Security Standard - Industry standard for organizations handling credit card data, including breach notification requirements
NIST Cybersecurity Framework: National Institute of Standards and Technology framework providing guidelines for private sector cybersecurity and incident response
ISO 27001: International standard for information security management systems, including requirements for security incident management and communication
