Each country has specific laws. So it can be difficult to be aware of all of these, but you still need to. You need to read all of these, congrats.
| Categories | USA | EU | UK | India | China |
|---|---|---|---|---|---|
| General Information | CISA | GDPR | Data Protection Act 2018 | Information Technology Act 2000 | Cyber Security Law |
| Classifying Criminals | CFAA | NISD2 | Computer Misuse Act 1990 | Information Technology Act 2000 | National Security Law |
| Protecting copyright | DMCA | Cybercrime Convention of the Council of Europe | Anti-Terrorism Law | ||
| Communication Interception | ECPA | E-Privacy Directive 2002/58/EC | HRA | Indian Evidence Act of 1872 | |
| Health Information | HIPAA | Police and Justice Act 2006 | Indian Penal Code of 1860 | ||
| Youth Information | COPPA | IPA | |||
| International Cybercrime prosecution | RIPA | ||||
| Individual Information | Digital Personal Data Protection Act | Measures for the Security Assessment of Cross-border Transfer of Personal Information and Important Data |
TL;DR
When you are doing a penetration test, here are some common guidelines to avoid violating most laws.
- Obtain written consent from the authorized representative of the system
- Follow the scope of consent
- Avoid damaging the systems
- Don’t access/use/disclose info found
- Don’t intercept communication
- Don’t test health systems without authorization