The Center for Internet Security (CIS) recently published this guide in collaboration with other cybersecurity and legal experts in an attempt to help organizations understand what "Reasonable Data Security" means and also to provide prescriptive controls that any organization regardless of industry can implement to protect its organization and mitigate harm to others. The CIS calls on regulators to better articulate what their regulations mean when they demand reasonable safeguards. They have done an excellent job of aggregating various federal and state regulations to show that the CIS Critical Security Controls can serve as a standard by providing adequate coverage.
The report can be found here.