The California Consumer Privacy Act (CCPA) of 2018 grants California consumers rights regarding their personal data, including the right to know, the right to delete, and the right to opt-out of the sale of their personal information. It applies to businesses that collect personal information from California residents and meet certain revenue or data processing thresholds, and came into effect January 1, 2020, with enforcement starting July 1, 2020. It has been amended by the California Privacy Rights Act (CPRA) in 2023, enhancing its provisions and enforcement mechanisms. The CCPA is a state statute that requires businesses to protect the personal information and privacy of California residents, sets requirements for data collection and security, and gives California residents specific rights to control their personal information; it is enforced by the California Attorney General's office and can be subject to fines for non-compliance; it is enforced by the California Attorney General's office and can be subject to fines for non-compliance; it has been amended by the CPRA in 2023 to enhance consumer rights and enforcement. The CPRA also established the California Privacy Protection Agency (CPPA), giving it full administrative power, authority, and jurisdiction to implement and enforce the CCPA and CPRA.

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is a U.S. federal law that sets national standards to protect the privacy and security of individuals' protected health information (PHI). HIPAA applies to covered entities, such as healthcare providers, health plans, and healthcare clearinghouses, and their business associates. It includes the Privacy Rule, which regulates the use and disclosure of PHI, and the Security Rule, which establishes standards for protecting electronic PHI. Enforcement is overseen by the Department of Health and Human Services (HHS), with penalties for non-compliance. This federal law requires covered entities and their business associates to protect the privacy and security of protected health information; it sets standards for the use and disclosure of PHI and establishes requirements for data security; the Department of Health and Human Services (HHS) enforces HIPAA and can issue penalties for non-compliance; it includes the Privacy Rule and the Security Rule for PHI.

The National Institute of Standards and Technology (NIST) Cybersecurity Framework is a voluntary framework that provides a set of standards, guidelines, and best practices to help organizations manage and reduce cybersecurity risks. It is designed to be flexible, customizable, and technology-neutral, making it applicable to a wide range of organizations and industries. The framework is composed of five core functions: Identify, Protect, Detect, Respond, and Recover. NIST is a non-regulatory agency of the U.S. Department of Commerce; the CSF is voluntary and not legally binding, but widely adopted as a best practice; the framework includes five core functions: Identify, Protect, Detect, Respond, and Recover; it is designed to be flexible and applicable across various organizations and industries; it offers guidelines for managing and reducing cybersecurity risks.