Compliance Laws

Laws and Regulations are constantly changing, if you find one out of date please let us know via This email address is being protected from spambots. You need JavaScript enabled to view it..

Federal & Industry Compliance and Breach Regulations:

Organization	Compliance Law(s)	Current Law	Cyber Security Training Req.
CIS	Center for Internet Security
FERPA	Family Educational Rights and Privacy Act	20 U.S.C. § 1232g; 34 CFR Part 99
FISMA	H.R. 2458-48		U.S.C. 3544.(b).(4).(A),(B)

GDPR	GDPR		Article 39(1)(b)
GLBA	16 CFR 314		16 CFR 314.4
HIPPA	HIPPA		45 CFR 164.308(a)(5) & 164.503(b)(1)
ISO 27001/2	ISO 27001		7.2.2
NIST	Cyber Security Framework 800-16 Security Training Requirements 800-30 (Conducting Risk Assessments) 800-39 (Managing Information Security Risk) 800-053 (Security Controls) 800-207 (Zero Trust)		800-16 & 800-53
PCI-DSS	PCI-DSS v 3.2.1		12.6
SOC 2	SOC 2		Common Critera 2.2

State Compliance & Breach Notification Laws:

State	Compliance Law(s)	Effective Date	Last Updated	Latest News:
Alabama	Alabama SB 318	May 1, 2018	HB 216
Alaska	Alaska Stat. § 45.48.010 et seq.	July 1, 2009
Arizona	House Bill 2154	August 3, 2018	HB 2865
Arkansas	Ark. Code § 4-110-101	March 31, 2005
California	SB 1386 Cal. Civ. Code § 1798.80 Cal. Civ. Code § 1798.29 Health & Safety Code § 1280.15 Cal.Civ. Code § 1798.100 - .199 (CCPA) California Privacy Rights Act	September 25, 2002 July 1, 2003 July 1, 2003 January 1, 2009 January 1, 2020 January 1, 2023
Colorado	Colo. Rev. Stat. § 6-1-716	September 1, 2018
Connecticut	Conn. Gen. Stat. 36A-701(b) Conn. Gen. Stat. § 42-471 Substitute Bill No 949	January 1, 2006 October 1, 2008 July 1, 2015	SB 156 SB 893
Delaware	De. Code tit. 6, § 12B-101	June 28, 2005
Florida	Fla. Stat. § 501.171	July 1, 2014
Georgia	Ga. Code § 10-1-910 Ga. Code § 10-1-911 Ga. Code § 10-1-912 (OCGA)	2006 2006 2010
Hawaii	Hawaii Rev. Stat. § 487N-2 Haw. Rev. Stat. § 487R-2	January 1, 2007
Idaho	Id. Code §§ 28-51- 104 to 28	March 31, 2010
Illinois	815 Ill. Comp. Stat. 530/1 Ill. Public Act 099-0503	January 1, 2006 January 1, 2017	HB 3910 HB 2404
Indiana	Ind. Code § 24-4.9 Ind. Code § 24- 4-14	July 1, 2006
Iowa	Iowa Code §§ 715C.1 Iowa Code §§ 715C.2	July 1, 2008
Kansas	Kansas Stat. 50- 7a01 Kansas Stat. 50- 7a02 Kansas Stat. 50- 7a03	July 1, 2006
Kentucky	Kentucky H.B. 232 (2014) Kentucky H.B. 5 (2014)	July 15, 2014 January 1, 2015	HB 408
Louisiana	La. Rev. Stat. Ann §§ 51:3071 -3077	August 1, 2018
Maine	Me. Rev. Stat. tit. 10 §§ 1347	January 31, 2006	LD 946
Maryland	Md. Code, Com. Law §§ 14-3501 MD HB 974 (2017)	January 1, 2008 January 1, 2018	Maryland Online Consumer Protection Act
Massachusetts	Mass. Gen. Laws ch. 93H 201 CMR 17.00	February 3, 2008 October 19, 2017	Massachusetts Information Privacy Act
Michigan	Mich. Comp. Laws, §445.61	June 29, 2007
Minnesota	Minn. Stat. § 325E.61	January 1, 2006	HF 36 HF 1492
Mississippi	Miss. Code Ann. § 75- 24-29, HB 583 (2010)	July 1, 2011 July 1, 2011
Missouri	Mo. Rev. Stat. § 407.1500	August 28, 2009
Montana	Mont. Code § 30- 14-1701 Montana HB 0074 (2015)	March 1, 2006 February 27, 2015
Nebraska	Neb. Rev Stat 87- 801 Neb. LB 835 (2016) Neb. LB 757 (2018)	July 20, 2006 April 13, 2016 February 28, 2018
Nevada	Nev. Rev. Stat. 603A.010	October 1, 2005	SB 220
New Hampshire	N.H. RS 359-C:19	January 1, 2010
New Jersey	N.J. Stat. 56:8-161-163	January 1, 2006
New Mexico	NM H.B. 15	April 6, 2017
New York	N.Y. Bus. Law § 899-aa New York Shield Act (2019)	December 8, 2005 March 21, 2020		It's your Data Act SB 9073
North Carolina	N.C. Gen. Stat § 75- 60	December 1, 2015
North Dakota	N.D. Cent. Code § 51- 30-01	June 1, 2005
Ohio	Ohio Rev. Code § 1349.19 Ohio Data Protection Act SB 220	March 30, 2007 November 2, 2018
Oklahoma	Okla. Stat. § 74- 3113.1	November 1, 2008	HB 1602 HB 1130
Oregon	Or. Rev. Stat. §§ 646A.600	June 2, 2018
Pennsylvania	73 Pa. Cons. Stat. § 2303	June 22, 2006
Rhode Island	S.B. § 0134	June 26, 2016	HB 5959
South Carolina	S.C. Code § 39-1-90	July 1, 2009	H 3063
South Dakota	Senate Bill 62	July 2, 2018
Tennessee	Tenn. Code § 47- 18-2107	July 1, 2005
Texas	Tex. Bus. & Com. Code §§ 521.001 Tex. Bus. & Com. Code § 72.001	April 1, 2009 April 1, 2009
Utah	Utah Code § 13-44- 101	January 1, 2007	SB 200
Vermont	9 V.S.A. Chapter 62	January 1, 2007	H.160	JD Supora
Virginia	SB 1392 Va. Code § 18.2-186.6	July 1, 2008	HB 2307
Washington	Wash. Rev. Code § 19.255.010 SHB 1071	July 24, 2005 March 1, 2020	HB 1433 SB 5062
Washington D.C.	DC Code Ann. § 28- 3851 D.C. Act 23-268	March 8, 2007 April 26, 2020
West Virginia	W. Va. Code §§ 46A-2A- 101	June 6, 2008
Wisconsin	Wis. Stat. §134.98	March 31, 2006
Wyoming	Wyo. Stat. Ann. § 40- 12-501	July 1, 2007

International Compliance & Breach Notification Laws:

State	Compliance Law(s)	Effective Date	Last Updated	Latest:
Brazil	General Data Protection Law	May 3, 2021 (Delayed from Aug 2020)		Law No. 13,709/2018
Egypt	Egypt’s Personal Data Protection Law	October 2020		Lexology
Japan	Act on the Protection of Personal Information	June 2020		Lexology
New Dubai	Data Protection Law No. 5	2007	July 2020	The National Law Review
New Zealand	Privacy Act of 2020	Dec 1, 2020		Privacy Commissioner of NZ
Singapore	Singapore's Personal Data Protection Act (PDPA)	End of 2020?	In Parilament	Mondaq

TMB Supports

About TMB

Resources

Let's Get Social