Regimes
This site groups cases by legal and regulatory regime—the authority and legal theory that drives the outcome. Below are federal regulators, federal laws and regulations, state-level regimes, and executive orders that affect computer and cybersecurity.
Federal regulators
| Regulator |
Official link |
Summary |
| Office of the Comptroller of the Currency (OCC) |
occ.gov |
Federal bank supervisor; enforces safety, soundness, and technology-risk and information-security standards for national banks. |
| Board of Governors of the Federal Reserve System (Federal Reserve) |
federalreserve.gov |
Supervises bank holding companies and state member banks; enforces enterprise risk management and operational risk, including cybersecurity. |
| Federal Trade Commission (FTC) |
ftc.gov |
Enforces consumer protection and “reasonable security” expectations under Section 5 of the FTC Act and sector rules (e.g., GLBA Safeguards). |
| Securities and Exchange Commission (SEC) |
sec.gov |
Oversees public-company disclosure and internal controls; enforces timely and accurate disclosure of material cyber incidents and related risk. |
| Department of Health and Human Services, Office for Civil Rights (HHS OCR) |
hhs.gov/hipaa |
Enforces the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules for covered entities and business associates. |
Federal laws and regulations
| Law or regulation |
Official link |
Summary |
| Federal Trade Commission Act, Section 5 |
FTC Section 5 |
Prohibits unfair or deceptive acts or practices; basis for FTC “reasonable security” and breach-related enforcement. |
| Computer Fraud and Abuse Act (CFAA) |
18 U.S.C. § 1030 |
Criminalizes unauthorized access to protected computers and fraud in connection with computers; defines access boundaries and penalties. |
| Gramm–Leach–Bliley Act (GLBA) |
FTC – GLBA |
Requires financial institutions to protect nonpublic personal information; includes Safeguards Rule and Privacy Rule enforced by FTC and banking agencies. |
| Health Insurance Portability and Accountability Act (HIPAA) |
HHS HIPAA |
Sets privacy and security standards for protected health information; enforced by HHS OCR with civil and criminal referral. |
| Health Information Technology for Economic and Clinical Health Act (HITECH) |
HHS HITECH / Breach Notification |
Strengthens HIPAA enforcement and breach notification duties for covered entities and business associates. |
| Securities Exchange Act of 1934 and SEC disclosure guidance |
SEC Division of Corporation Finance – Topic 2 (Cybersecurity) |
Requires public companies to disclose material cybersecurity risks and incidents; SEC guidance clarifies timing and content of cyber disclosure. |
| Interagency Guidelines Establishing Information Security Standards (12 C.F.R. Part 30, App. B, and FFIEC) |
OCC – Operational Risk / Heightened Standards |
Federal banking agencies’ standards for information security programs; OCC “heightened standards” add governance and operational-risk expectations for larger banks. |
State and sector-specific
| Regime |
Official link |
Summary |
| New York Department of Financial Services, Part 500 (NYDFS 500) |
NYDFS Cybersecurity |
Cybersecurity regulation for covered financial institutions in New York; requires program, policies, CISO, and breach notification. |
| State attorneys general and state privacy laws |
(varies by state) |
State enforcement of consumer protection, data breach notification, and emerging comprehensive privacy statutes (e.g., CCPA-style laws). |
Executive orders (computer and cybersecurity)
Executive orders below directly affect federal or private-sector computer and cybersecurity policy. Links are to the official order or implementing agency summary.
| Executive order |
Official link |
Summary |
| Executive Order 13636 – Improving Critical Infrastructure Cybersecurity (2013) |
CISA – EO 13636 |
Directed development of the NIST Cybersecurity Framework and expanded threat-information sharing for critical infrastructure. |
| Executive Order 13800 – Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure (2017) |
Federal Register – EO 13800 |
Required federal agencies to use the NIST Framework, report on risk management, and supported modernization of federal IT and critical infrastructure security. |
| Executive Order 14028 – Improving the Nation’s Cybersecurity (2021) |
White House – EO 14028 |
Established federal zero-trust and supply-chain security expectations, Cyber Safety Review Board, and improved incident detection and information sharing. |
| Executive Order on Combating Cybercrime, Fraud, and Predatory Schemes (2026) |
White House – 2026 EO |
Focuses on combating cybercrime and cyber-enabled fraud; coordinates enforcement and victim restoration. |
As the case library grows, each regime will link to the relevant case list and to “what’s technically expected” patterns.