Skip navigation links

Federal Regulations

There are several federal regulations that small businesses need to be aware of when it comes to cybersecurity. Some of the key regulations include:

The Federal Trade Commission (FTC) Act: The FTC Act requires businesses to implement reasonable cybersecurity measures to protect sensitive customer information, such as financial data, health information, and social security numbers.

The Gramm-Leach-Bliley Act (GLBA): The GLBA requires financial institutions to protect the privacy and security of their customers' personal information, including financial data and social security numbers.

The Health Insurance Portability and Accountability Act (HIPAA): HIPAA applies to businesses in the healthcare industry and requires them to protect the privacy and security of patients' medical information.

The Payment Card Industry Data Security Standard (PCI DSS): PCI DSS applies to businesses that accept credit card payments and requires them to implement security measures to protect customer payment card data.

The General Data Protection Regulation (GDPR): GDPR applies to businesses that process the personal data of EU residents and requires them to implement strong data protection measures.

Small businesses must comply with these regulations, which can include implementing specific cybersecurity measures, conducting risk assessments, and reporting data breaches to the relevant authorities. Non-compliance can result in fines, legal action, and damage to the business's reputation.

Additional standards and regulations can be found at the following resources: 

Michigan: Michigan Department of Technology