Other frameworks and standards
Last updated
Last updated
Apart from GDPR and HIPAA, there are other compliance frameworks and standards for personal and security that may apply to your app. This list is offered only for information purposes and is not comprehensive. You are encouraged to consult with a legal professional to see if any might apply to you and your app and how to comply.
In addition to this list, we have separate articles for GDPR, SOC 2 and HIPAA.
| Framework | Description |
|---|---|
US State Privacy Laws
As of the posting of this article, 11 states have enacted consumer data privacy laws, effective either in 2023 or 2024: California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act (collectively, CCPA); (ii) Colorado Privacy Act (CPA); Connecticut Data Privacy Act (CDPA); Indiana Consumer Data Protection Act (Indiana CDPA); Iowa Act Relating to Consumer Data Protection (Iowa CDPA); Montana Consumer Data Privacy Act (MCDP); Oregon Consumer Privacy Act (OCPA); Tennessee Information Privacy Act (TIPA); Texas Data Privacy and Security Act (TDPSA); Virginia Consumer Data Protection Act (VDPA); and Utah Consumer Privacy Act (UCPA).
PIPEDA (Personal Information Protection and Electronic Documents Act)
National data privacy and protection law in Canada.
LGPD (Lei Geral de Proteção de Dados)
National data privacy and protection law in Brazil
ISO 27001
International standard for information security management systems
ISO 27002
International security standard
PCI DSS (Payment Card Industry Data Security Standard)
Industry standard governing payment card data security
COPPA (Children’s Online Privacy Protection Act)
US law governing online privacy and data protection for children.
CAN-SPAM Act (Controlling the Assault of Non-Solicited Pornography And Marketing Act)
US law governing the sending of commercial e-mail messaging
TCPA (Telephone Consumer Protection Act)
US law governing telephone solicitations, automated telephone equipment and commercial text messaging.
FERPA (Family Educational Rights and Privacy Act)
US law governing student data privacy in the United States