The Sarbanes-Oxley Act (SOX): US public companies, public accounting firms
Payment Card Industry Data Security Standard: PCI-DSS: Credit card companies, retailers, any other entity that handles payment card information
The Gramm-Leach-Bliley Act (GLB): Securities firms, insurance companies, banks, brokers, lenders, and other financial institutions
Electronic Fund Transfer Act: Merchants, financial institutions that provide EFT services or manage consumer accounts
Fair and Accurate Credit Transaction Act (FACTA): Financial institutions, credit reporting agencies, credit bureaus, and creditors
Federal Information Security Management Act (FISMA): US federal agencies
Health Insurance Portability and Accountability Act (HIPAA): Health plans, health care providers, and organizations that manage personal health information
European Union Data Protection Directive: European business or non-European businesses that export data to another country