Those are great examples of regulations that actually benefit the user. When the regulation however addresses the wrong problem, then it becomes burdensome and dumb. If the user uses a simplistic password, his account will be hacked even if it's never leaked. Studies show that bad passwords and phishing are more destructive than leaks.
Section 508 of the Rehabilitation Act legislated that the government purchase accessible software.
HIPAA legislated that your medical data be kept secure.
Minnesota, Nevada, and Washington have enshrined some or all of PCI DSS into law: https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Sec...
A little farther afield, seat belt technology has been legally mandated to be included in most automobiles sold in the United States since 1968: https://en.wikipedia.org/wiki/Seat_belt_laws_in_the_United_S...