$2500 — FCRA statutory maximum penalty for actual damages in the case of willful violations; courts may add punitive damages and attorney's fees.

$5000 — The amount for a cash transaction under the Bank Secrecy Act of 1970 for which a bank must file a Suspicious Activity Report (SAR)

$10,000 — The amount for a cash transaction under the Bank Secrecy Act of 1970 for which a bank must file a Currency Transaction Report (CTR).

$25,000 — The amount for any transaction under the Bank Secrecy Act where a bank must file a Suspicious Activity Report (SAR), even if the bank does not know the identity of the perpetrator.

45 days — How many days a school has to provide records under FERPA

60 days — How many days a consumer reporting agency has to provide records under FCRA

60 days — How many days does a covered entity have to notify a person of a breach of Protected Health Information?

1 year — How often the consumers may obtain 1 free credit report from each consumer reporting agency.

13 years — Under what age are people protected by the Children's Online Privacy Protection Act?

500 people — If a breach of Protected Health Information affects more than this number of people, the Secretary of HSS and prominent media outlets serving the state or jurisdiction must be notified.

Years

1998 — Children's Online Privacy Protection Act (COPPA)

2003 — Telephone Consumer Protection Act

200x — Health Information Technology for Economic and Clinical Health ("HITECH") Act, extends HIPAA Security Rule to business associates

— Fair and Accurate Credit Transactions Act ("FACTA"), implemented the Disposal Rule and the Red Flags Rule (to help combat identity theft).