Compliance Standards
Laws and Regulations are constantly changing, if you find one out of date please let me know Scott(at)scottrdavis.com.
Federal & Industry Compliance and Breach Regulations:
| Organization | Compliance Law(s) | Current Version |
| CIS | Center for Internet Security | 8 |
| FERPA | Family Educational Rights and Privacy Act | 20 U.S.C. § 1232g; 34 CFR Part 99 |
| FISMA | H.R. 2458-48 | |
| GDPR | GDPR | |
| GLBA | 16 CFR 314 | |
| HIPPA | HIPPA | |
| ISO 27001/2 | ISO 27001 | |
| NIST |
Cyber Security Framework |
|
| PCI-DSS | PCI-DSS v 3.2.1 | |
| SOC 2 | SOC 2 |
State Compliance & Breach Notification Laws:
| State | Compliance Law(s) | Effective Date | Last Updated |
| Alabama | Alabama SB 318 | May 1, 2018 | HB 216 |
| Alaska | Alaska Stat. § 45.48.010 et seq. | July 1, 2009 | |
| Arizona | House Bill 2154 | August 3, 2018 | HB 2865 |
| Arkansas | Ark. Code § 4-110-101 | March 31, 2005 | |
| California | SB 1386 Cal. Civ. Code § 1798.80 Cal. Civ. Code § 1798.29 Health & Safety Code § 1280.15 Cal.Civ. Code § 1798.100 - .199 (CCPA) California Privacy Rights Act |
September 25, 2002 July 1, 2003 July 1, 2003 January 1, 2009 January 1, 2020 January 1, 2023 |
|
| Colorado | Colo. Rev. Stat. § 6-1-716 | September 1, 2018 | |
| Connecticut | Conn. Gen. Stat. 36A-701(b) Conn. Gen. Stat. § 42-471 Substitute Bill No 949 |
January 1, 2006 October 1, 2008 July 1, 2015 |
SB 156 SB 893 |
| Delaware | De. Code tit. 6, § 12B-101 | June 28, 2005 | |
| Florida | Fla. Stat. § 501.171 | July 1, 2014 | |
| Georgia | Ga. Code § 10-1-910 Ga. Code § 10-1-911 Ga. Code § 10-1-912 (OCGA) |
2006 2006 2010 |
|
| Hawaii | Hawaii Rev. Stat. § 487N-2 Haw. Rev. Stat. § 487R-2 |
January 1, 2007 | |
| Idaho | Id. Code §§ 28-51- 104 to 28 | March 31, 2010 | |
| Illinois | 815 Ill. Comp. Stat. 530/1 Ill. Public Act 099-0503 |
January 1, 2006 January 1, 2017 |
HB 3910 HB 2404 |
| Indiana | Ind. Code § 24-4.9 Ind. Code § 24- 4-14 |
July 1, 2006 |
|
| Iowa | Iowa Code §§ 715C.1 Iowa Code §§ 715C.2 |
July 1, 2008 | |
| Kansas | Kansas Stat. 50- 7a01 Kansas Stat. 50- 7a02 Kansas Stat. 50- 7a03 |
July 1, 2006 | |
| Kentucky | Kentucky H.B. 232 (2014) Kentucky H.B. 5 (2014) |
July 15, 2014 January 1, 2015 |
HB 408 |
| Louisiana | La. Rev. Stat. Ann §§ 51:3071 -3077 | August 1, 2018 | |
| Maine | Me. Rev. Stat. tit. 10 §§ 1347 | January 31, 2006 | LD 946 |
| Maryland | Md. Code, Com. Law §§ 14-3501 MD HB 974 (2017) |
January 1, 2008 January 1, 2018 |
Maryland Online Consumer Protection Act |
| Massachusetts | Mass. Gen. Laws ch. 93H 201 CMR 17.00 |
February 3, 2008 October 19, 2017 |
Massachusetts Information Privacy Act |
| Michigan | Mich. Comp. Laws, §445.61 | June 29, 2007 | |
| Minnesota | Minn. Stat. § 325E.61 | January 1, 2006 | HF 36 HF 1492 |
| Mississippi | Miss. Code Ann. § 75- 24-29, HB 583 (2010) |
July 1, 2011 July 1, 2011 |
|
| Missouri | Mo. Rev. Stat. § 407.1500 | August 28, 2009 | |
| Montana | Mont. Code § 30- 14-1701 Montana HB 0074 (2015) |
March 1, 2006 February 27, 2015 |
|
| Nebraska | Neb. Rev Stat 87- 801 Neb. LB 835 (2016) Neb. LB 757 (2018) |
July 20, 2006 April 13, 2016 February 28, 2018 |
|
| Nevada | Nev. Rev. Stat. 603A.010 | October 1, 2005 | SB 220 |
| New Hampshire | N.H. RS 359-C:19 | January 1, 2010 | |
| New Jersey | N.J. Stat. 56:8-161-163 | January 1, 2006 | |
| New Mexico | NM H.B. 15 | April 6, 2017 | |
| New York | N.Y. Bus. Law § 899-aa New York Shield Act (2019) |
December 8, 2005 March 21, 2020 |
|
| North Carolina | N.C. Gen. Stat § 75- 60 | December 1, 2015 | |
| North Dakota | N.D. Cent. Code § 51- 30-01 | June 1, 2005 | |
| Ohio | Ohio Rev. Code § 1349.19 Ohio Data Protection Act SB 220 |
March 30, 2007 November 2, 2018 |
|
| Oklahoma | Okla. Stat. § 74- 3113.1 | November 1, 2008 | HB 1602 HB 1130 |
| Oregon | Or. Rev. Stat. §§ 646A.600 | June 2, 2018 | |
| Pennsylvania | 73 Pa. Cons. Stat. § 2303 | June 22, 2006 | |
| Rhode Island | S.B. § 0134 | June 26, 2016 | HB 5959 |
| South Carolina | S.C. Code § 39-1-90 | July 1, 2009 | H 3063 |
| South Dakota | Senate Bill 62 | July 2, 2018 | |
| Tennessee | Tenn. Code § 47- 18-2107 | July 1, 2005 | |
| Texas | Tex. Bus. & Com. Code §§ 521.001 Tex. Bus. & Com. Code § 72.001 |
April 1, 2009 April 1, 2009 |
|
| Utah | Utah Code § 13-44- 101 | January 1, 2007 | SB 200 |
| Vermont | 9 V.S.A. Chapter 62 |
January 1, 2007 | H.160 |
| Virginia |
SB 1392 |
July 1, 2008 | HB 2307 |
| Washington | Wash. Rev. Code § 19.255.010 SHB 1071 |
July 24, 2005 March 1, 2020 |
HB 1433 SB 5062 |
| Washington D.C. | DC Code Ann. § 28- 3851 D.C. Act 23-268 |
March 8, 2007 |
|
| West Virginia | W. Va. Code §§ 46A-2A- 101 | June 6, 2008 | |
| Wisconsin | Wis. Stat. §134.98 | March 31, 2006 | |
| Wyoming | Wyo. Stat. Ann. § 40- 12-501 | July 1, 2007 |
International Compliance & Breach Notification Laws:
| State | Compliance Law(s) | Effective Date | Last Updated |
| Australia | Australia Essential 8 | June 2017 | November 2022 |
| Brazil | General Data Protection Law | May 3, 2021 (Delayed from Aug 2020) | |
| Egypt | Egypt’s Personal Data Protection Law | October 2020 | |
| Japan | Act on the Protection of Personal Information | June 2020 | |
| New Dubai | Data Protection Law No. 5 | 2007 | July 2020 |
| New Zealand | Privacy Act of 2020 | Dec 1, 2020 | |
| Singapore | Singapore's Personal Data Protection Act (PDPA) | End of 2020? | |
