Because of Scapien I know where my critical vulnerabilities are.
—CISO, Healthcare Provider
The GDPR and CCPA were the first major cybersecurity compliance regulations to impact markets in the EU and the US. Most subsequent legislation are based on either GDPR, CCPA or both. Non-compliance with these regulations can result in significant fines and legal penalties, damaging the organization's financial standing and credibility.
The CPRA creates a new enforcement agency, the California Privacy Protection Agency, to oversee and enforce privacy regulations. The CPRA increases the fines and penalties for non-compliance with privacy regulations. The CPRA went into effect on January 1, 2023, and applies to companies that do business with California residents and meet certain size or revenue thresholds. Other US states have adopted similar regulations, with a national data privacy bill possible in the near-mid term future.
We've listed some examples of Americas cybersecurity and data privacy legislation below. The list is comprehensive, but not exhaustive.
California Consumer Privacy Act (CCPA),
Amended by the California Privacy Rights Act (CPRA)
Health Insurance Portability and Accountability Act (HIPAA)
Sarbanes-Oxley Act (SOX)
Federal Information Security Management Act (FISMA)
Gramm-Leach-Bliley Act (GLBA)
Payment Card Industry Data Security Standard (PCI DSS)
Children's Online Privacy Protection Act (COPPA)
Cybersecurity Maturity Model Certification (CMMC)
New York Department of Financial Services (NYDFS)
Cybersecurity Regulation (23 NYCRR 500)
Brazil: General Data Protection Law (GDPL)
Canada: Personal Information Protection and Electronic Documents Act (PIPEDA)
Mexico: Federal Law on the Protection of Personal Data Held by Private Parties