Regimes¶

This site groups cases by legal and regulatory regime—the authority and legal theory that drives the outcome. Below are federal regulators, federal laws and regulations, state-level regimes, and executive orders that affect computer and cybersecurity.

Federal regulators¶

Regulator	Official link	Summary
Office of the Comptroller of the Currency (OCC)	occ.gov	Federal bank supervisor; enforces safety, soundness, and technology-risk and information-security standards for national banks.
Board of Governors of the Federal Reserve System (Federal Reserve)	federalreserve.gov	Supervises bank holding companies and state member banks; enforces enterprise risk management and operational risk, including cybersecurity.
Federal Trade Commission (FTC)	ftc.gov	Enforces consumer protection and “reasonable security” expectations under Section 5 of the FTC Act and sector rules (e.g., GLBA Safeguards).
Securities and Exchange Commission (SEC)	sec.gov	Oversees public-company disclosure and internal controls; enforces timely and accurate disclosure of material cyber incidents and related risk.
Department of Health and Human Services, Office for Civil Rights (HHS OCR)	hhs.gov/hipaa	Enforces the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules for covered entities and business associates.

Federal laws and regulations¶

Law or regulation	Official link	Summary
Federal Trade Commission Act, Section 5	FTC Section 5	Prohibits unfair or deceptive acts or practices; basis for FTC “reasonable security” and breach-related enforcement.
Computer Fraud and Abuse Act (CFAA)	18 U.S.C. § 1030	Criminalizes unauthorized access to protected computers and fraud in connection with computers; defines access boundaries and penalties.
Gramm–Leach–Bliley Act (GLBA)	FTC – GLBA	Requires financial institutions to protect nonpublic personal information; includes Safeguards Rule and Privacy Rule enforced by FTC and banking agencies.
Health Insurance Portability and Accountability Act (HIPAA)	HHS HIPAA	Sets privacy and security standards for protected health information; enforced by HHS OCR with civil and criminal referral.
Health Information Technology for Economic and Clinical Health Act (HITECH)	HHS HITECH / Breach Notification	Strengthens HIPAA enforcement and breach notification duties for covered entities and business associates.
Securities Exchange Act of 1934 and SEC disclosure guidance	SEC Division of Corporation Finance – Topic 2 (Cybersecurity)	Requires public companies to disclose material cybersecurity risks and incidents; SEC guidance clarifies timing and content of cyber disclosure.
Interagency Guidelines Establishing Information Security Standards (12 C.F.R. Part 30, App. B, and FFIEC)	OCC – Operational Risk / Heightened Standards	Federal banking agencies’ standards for information security programs; OCC “heightened standards” add governance and operational-risk expectations for larger banks.

State and sector-specific¶

Regime	Official link	Summary
New York Department of Financial Services, Part 500 (NYDFS 500)	NYDFS Cybersecurity	Cybersecurity regulation for covered financial institutions in New York; requires program, policies, CISO, and breach notification.
State attorneys general and state privacy laws	(varies by state)	State enforcement of consumer protection, data breach notification, and emerging comprehensive privacy statutes (e.g., CCPA-style laws).

Executive orders (computer and cybersecurity)¶

Executive orders below directly affect federal or private-sector computer and cybersecurity policy. Links are to the official order or implementing agency summary.

Executive order	Official link	Summary
Executive Order 13636 – Improving Critical Infrastructure Cybersecurity (2013)	CISA – EO 13636	Directed development of the NIST Cybersecurity Framework and expanded threat-information sharing for critical infrastructure.
Executive Order 13800 – Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure (2017)	Federal Register – EO 13800	Required federal agencies to use the NIST Framework, report on risk management, and supported modernization of federal IT and critical infrastructure security.
Executive Order 14028 – Improving the Nation’s Cybersecurity (2021)	White House – EO 14028	Established federal zero-trust and supply-chain security expectations, Cyber Safety Review Board, and improved incident detection and information sharing.
Executive Order on Combating Cybercrime, Fraud, and Predatory Schemes (2026)	White House – 2026 EO	Focuses on combating cybercrime and cyber-enabled fraud; coordinates enforcement and victim restoration.

As the case library grows, each regime will link to the relevant case list and to “what’s technically expected” patterns.