GLBA: Gramm-Leach-Bliley Act - Federal law governing the protection of financial data and privacy obligations for financial institutions and their service providers
HIPAA: Health Insurance Portability and Accountability Act - Federal law mandating standards for healthcare data protection and privacy in processing arrangements
FCRA: Fair Credit Reporting Act - Federal law regulating the collection, dissemination, and use of consumer credit information
FTC Act: Federal Trade Commission Act - Federal law prohibiting unfair or deceptive practices affecting commerce, including data privacy and security practices
COPPA: Children's Online Privacy Protection Act - Federal law imposing requirements on operators processing children's personal information
CCPA/CPRA: California Consumer Privacy Act/California Privacy Rights Act - California state laws providing comprehensive privacy rights and obligations for processing California residents' data
VCDPA: Virginia Consumer Data Protection Act - Virginia state law establishing framework for controlling and processing personal data of Virginia residents
CPA: Colorado Privacy Act - Colorado state law providing privacy protections for Colorado residents and obligations for data processors
UCPA: Utah Consumer Privacy Act - Utah state law establishing privacy rights and processing obligations for Utah residents' personal data
CTDPA: Connecticut Data Privacy Act - Connecticut state law governing the processing of personal data of Connecticut residents
PCI DSS: Payment Card Industry Data Security Standard - Security standards for organizations that handle credit card data and their service providers
SOC 2: System and Organization Controls 2 - Compliance framework specifying requirements for securing customer data in service provider relationships
ISO 27001: International standard specifying requirements for establishing, implementing, and maintaining information security management systems
GDPR: General Data Protection Regulation - EU regulation with extraterritorial scope affecting US companies processing EU resident data
SLA Requirements: Service Level Agreement specifications defining performance metrics, responsibilities, and guarantees in processor relationships
Security Requirements: Specific data security obligations including encryption, access controls, monitoring, and other technical safeguards
Breach Notification: Requirements for timing and method of security incident and data breach notifications to controllers and affected parties
Audit Rights: Provisions allowing controllers to audit processor's compliance with agreement terms and applicable laws
Liability Provisions: Terms defining responsibility and indemnification obligations for data processing activities and potential breaches
Insurance Requirements: Specifications for types and amounts of insurance coverage required for data processing activities
