Other frameworks and standards

Apart from GDPR and HIPAA, there are other compliance frameworks and standards for personal and security that may apply to your app. This list is offered only for information purposes and is not comprehensive. You are encouraged to consult with a legal professional to see if any might apply to you and your app and how to comply.

In addition to this list, we have separate articles for GDPR, SOC 2 and HIPAA.


US State Privacy Laws

As of the posting of this article, 11 states have enacted consumer data privacy laws, effective either in 2023 or 2024: California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act (collectively, CCPA); (ii) Colorado Privacy Act (CPA); Connecticut Data Privacy Act (CDPA); Indiana Consumer Data Protection Act (Indiana CDPA); Iowa Act Relating to Consumer Data Protection (Iowa CDPA); Montana Consumer Data Privacy Act (MCDP); Oregon Consumer Privacy Act (OCPA); Tennessee Information Privacy Act (TIPA); Texas Data Privacy and Security Act (TDPSA); Virginia Consumer Data Protection Act (VDPA); and Utah Consumer Privacy Act (UCPA).

PIPEDA (Personal Information Protection and Electronic Documents Act)

National data privacy and protection law in Canada.

LGPD (Lei Geral de Proteção de Dados)

National data privacy and protection law in Brazil

ISO 27001

International standard for information security management systems

ISO 27002

International security standard

PCI DSS (Payment Card Industry Data Security Standard)

Industry standard governing payment card data security

COPPA (Children’s Online Privacy Protection Act)

US law governing online privacy and data protection for children.

CAN-SPAM Act (Controlling the Assault of Non-Solicited Pornography And Marketing Act)

US law governing the sending of commercial e-mail messaging

TCPA (Telephone Consumer Protection Act)

US law governing telephone solicitations, automated telephone equipment and commercial text messaging.

FERPA (Family Educational Rights and Privacy Act)

US law governing student data privacy in the United States

Last updated