The CCPA offers wide protection for the personal information of California residents, including rights to be informed of business privacy practices, to access, to delete personal information, and to deny third parties’ use of personal information. Compliance violations are punishable by fines of up to $7,500 per record plus the potential for class-action litigation.

The GDPR regulates the collection and processing of EU personal data. Rights of EU data subjects include transparent data collection and processing practices, access to collected data, and correction and deletion of personal data. Transferring personal data outside of the EU is subject to multiple requirements. Violations of the regulation can result in fines of up to the greater of 4% of the offender’s gross revenue or €20M.

The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 to, in part, protect patients’ protected health information (PHI). A follow-up law, the Health Information Technology for Economic and Clinical Health Act (HITECH) was passed in 2009. The Act extends HIPAA requirements to business associates of healthcare providers. The Confidentiality of Medical Information Act (CMIA) is California’s extension of HIPAA to individually identifiable medical information held by employers. HIPAA penalties are assessed on four tiers, ranging from $100 to a maximum of $1.5 million per violation per year.

The Payment Card Industry Data Security Standard (PCI-DSS) is the information security standard mandated by the payment card brands (Visa, Mastercard, etc.) for use by any entity that processes payment cards. Failure to protect payment card data can result in fines as high as $500,000 per incident as well as losing the ability to continue processing payments.

In addition to CCPA, GDPR, HIPAA/HITECH/CMIA, and PCI-DSS, the Spirion data discovery, classification, and protection capabilities also help organizations meet these compliance regulations.