Gramm-Leach-Bliley Act (GLBA): Federal law that requires financial institutions to protect customers' sensitive financial information and explain their information-sharing practices.

Health Insurance Portability and Accountability Act (HIPAA): Federal law establishing national standards for the protection of individuals' medical records and other personal health information.

Federal Trade Commission Act (FTC Act): Section 5 prohibits unfair or deceptive practices affecting commerce, including those related to data security and privacy practices.

Computer Fraud and Abuse Act (CFAA): Federal law that criminalizes unauthorized access to computers and networks, addressing both external hacking and insider threats.

Electronic Communications Privacy Act (ECPA): Federal law protecting wire, oral, and electronic communications while those communications are being made, in transit, and when stored.

Defend Trade Secrets Act (DTSA): Federal law providing uniform protection for trade secrets, including confidential business information and know-how.

Cybersecurity Information Sharing Act (CISA): Federal law designed to improve cybersecurity through enhanced sharing of information about security threats between the private sector and government.

PCI DSS: Industry standard for organizations that handle branded credit cards, ensuring secure processing, storage, and transmission of cardholder data.

Sarbanes-Oxley Act (SOX): Federal law requiring public companies to establish internal controls and procedures for financial reporting, including IT systems security.

Family Educational Rights and Privacy Act (FERPA): Federal law protecting the privacy of student education records and applying to educational institutions receiving federal funds.

State Data Breach Notification Laws: State-specific requirements for organizations to notify individuals when their personal information has been compromised in a data breach.

California Consumer Privacy Act (CCPA): California state law providing consumers with rights regarding the collection and use of their personal information by businesses.

NY SHIELD Act: New York state law requiring businesses to implement safeguards for private information and expanding breach notification requirements.

General Data Protection Regulation (GDPR): EU regulation that may apply when handling EU residents' data, requiring strict data protection and privacy measures.

NIST Cybersecurity Framework: Voluntary guidance developed by the National Institute of Standards and Technology to help organizations better manage and reduce cybersecurity risk.

ISO 27001: International standard providing requirements for establishing, implementing, maintaining, and continually improving an information security management system.

COBIT: Framework for the governance and management of enterprise IT, providing guidance for security control implementation and risk management.