US – Federal Laws

• 15 USC § 45, Federal Trade Commission Act, Unfair methods of competition unlawful, prevention by Commission
• 15 USC § 1681, Fair Credit Reporting Act
• 15 USC § 6801-6809, Gramm-Leach-Bliley Act, Disclosure of Nonpublic Personal Information
• 42 USC § 13400-13411,Health Information Technology for Economic and Clinical Health Act (HITECH Act), Subtitle D – Privacy
• 45 CFR §§ 160, 164(A), 164(E), Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule
• 45 CFR §§ 160, 164(A), 164(C), HIPAA Security Rule
• 15 USC §§ 6501-6505, Children’s Online Privacy Protection Act (COPPA)
• 20 USC § 1232g, Family Educational and Privacy Rights Act (FERPA)
• 16 CFR § 312, Children’s Online Privacy Protection Rule
• 34 CFR § 99, Family Educational Rights and Privacy Act Regulations
• 47 USC § 222, Communications Act, Privacy of Customer Information
• 47 USC § 551, Cable Act, Protection of Subscriber Privacy
• 18 USC § 2710, Video Privacy Protection Act, Wrongful Disclosure of Video Tape Rental or Sale Records
• 47 CFR §§ 64.2001-2011, Customer Proprietary Network Information
• 47 USC § 338(i), Satellite Home Viewer Extension and Reauthorization Act of 2004, Privacy Rights of Satellite Subscribers
• 18 USC §§ 2510-2523, Electronic Communications Privacy Act
• 18 USC §§ 2701-2713, Stored Communications Act
• Pub. L. No. 115-141 § 105, 132 Stat. 866 (2018), Clarifying Lawful Overseas Use of Data Act
• 47 USC § 227, Telephone Consumer Protection Act, Restrictions on Use of Telephone Equipment
• 15 USC §§ 7701-7713, Controlling the Assault of Non-Solicited Pornography And Marketing (CAN-SPAM) Act

US – Sample State Laws and Regulations

• N.Y. Code R. & Regs. tit. 23, § 500, New York State Department of Financial Services Cybersecurity Requirements for Financial Services Companies
• Colo. Code Regs. §§ 704-1:51-4.8, 704,1:51-4.14(IA), Broker-Dealer Cybersecurity, Investment Adviser Cybersecurity
• 740 Ill. Comp. Stat. 14/1 et seq., Illinois Biometric Information Privacy Act
• Tex. Bus. & Com. § 503.001, Texas Capture or Use of Biometric Identifier Act
• Wash. Rev. Code § 19.375, Biometric Identifiers
• Cal. Bus. & Prof. Code §§ 22575-22579, Special Business Regulations, Internet Privacy Requirements
• Cal. Civ. Code § 1798, California Consumer Privacy Act of 2018
• Con. Gen. Stat. § 31-48d, Employers Engaged in Electronic Monitoring Required to Give Prior Notice to Employees, Exceptions, Civil penalty
• Del. Code. tit. 19, § 705, Notice of Monitoring of Telephone Transmissions, Electronic Mail and Internet Usage
• Cal. Lab. Code § 980, Employer Use of Social Media
• Mo. Rev. Stat. § 285.035.1 (2019), Microchip Technology, Employer Not to Require Employees to be Implanted — Violation, Penalty
• Ohio Rev. Code § 1354.01-.05, Businesses Maintaining Recognized Cybersecurity Programs
• 201 Mass. Code Regs. 17, Standards for the Protection of Personal Information of Residents of the Commonwealth

European Union

• (EU) 2016/679, General Data Protection Regulation
• Data Protection Act 2018, c. 12 (UK), UK Data Protection Act
• Directive 2002/58/EC, ePrivacy Directive

Other Non-U.S.

• S.C. 2000, c. 5 (Can.), Personal Information Protection and Electronic Documents Act (PIPEDA)
• S.C. 2010, c. 23, Canada’s Anti-Spam Legislation
• Canada PIPEDA Guidance