$2500 — FCRA statutory maximum penalty for actual damages in the case of willful violations; courts may add punitive damages and attorney's fees.

45 days — How many days a school has to provide records under FERPA

60 days — How many days a consumer reporting agency has to provide records under FCRA

60 days — How many days does a covered entity have to notify a person of a breach of Protected Health Information?

1 year — How often the consumers may obtain 1 free credit report from each consumer reporting agency.

13 years — Under what age are people protected by the Children's Online Privacy Protection Act?

500 people — If a breach of Protected Health Information affects more than this number of people, the Secretary of HSS and prominent media outlets serving the state or jurisdiction must be notified.

Years

2003 — Telephone Consumer Protection Act

200x — Health Information Technology for Economic and Clinical Health ("HITECH") Act, extends HIPAA Security Rule to business associates

— Fair and Accurate Credit Transactions Act ("FACTA"), implemented the Disposal Rule and the Red Flags Rule (to help combat identity theft).