The California Consumer Privacy Act(CCPA) gives California residents more control over the personal information that businesses collect on them. CCPA applies only to for-profit businesses that do business in California (regardless of where your headquarters is) and meet any of the following requirements.

The Personal Information Protection and Electronic Document Act (PIPEDA) is a regulatory requirement that applies to private sector organizations that collect personal information in Canada. It’s designed to ensure the protection of personal information in the course of commercial business.

SOX standards for Sarbanes-Oxley Act in 2002 and it establishes regulations to protect the public from fraudulent business practices by corporations. It was passed following some large business scandals, where companies like Enron, Tyco and Adelphia used deceptive business practices to trick the public. In order to protect consumers it mandates more transparency in the financial reporting of corporations. It requires companies to have formalized checks and balances to ensure that their reporting is accurate.

HIPAA security mandates that you have three types of controls in place: Technical safeguards, physical safeguards and administrative safeguards. Some controls will be “Required” while others will be “addressable”, addressable means that it must be implemented if reasonable and appropriate.

HIPAA stands for Health Insurance Portability & Accountability Act and was passed by Congress in 1996. The privacy aspect of HIPAA is overseen and enforced by the US department of health and human services (HHS) office, starting in April 2003. HIPAA does a few different things, but from a compliance point of view it’s all about mandating the protection of consumer health information, this is referred to as HIPAA privacy regulation.