Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Chaotic Approach to Privacy Hurting US

Jurisdictions like Australia and Europe with strong and reasonably consistent privacy protections in place may well gain from US losses

The US is badly lagging the rest of the world on privacy legislation and apparently doesn't care.

This lack of interest in meeting international privacy standards is starting to hurt the US and could hurt the country even more down the track.

Canada is already reluctant to export data to the United States for processing in some circumstances, notes US privacy expert Robert Gellman, prompted in part by fears that the draconian USA PATRIOT Act (which gives intelligence officers unprecedented surveillance powers) will comprise the privacy of Canadian citizens.

I think you find in Europe and in Australia broad-based comprehensive privacy legislation and I don't think that anyone is following the US model of haphazard legislation
Robert Gellman — US privacy expert

Canada has wound back outsourcing to the US, and Gellman warns US businesses run the risk of losing more business opportunities because of a lack of consistent and adequate privacy protection.

Meanwhile, jurisdictions like Australia and Europe with strong and reasonably consistent privacy protections in place may well gain from US losses.

Gellman, a consultant in Washington DC who advises companies, organizations, US agencies and foreign governments on policies for personal privacy and fair information practices, also warned the lax US approach to privacy means Australian consumers purchasing online from US-based Web sites are putting their personal data at risk.

Gellman was in Australia to address a seminar &$8212 Can US meet international privacy standards? &$8212 at the Cyberspace Law and Policy Centre, University of New South Wales.

"If you're doing business &$8212 ordering something say from a Web site that is in the United States &$8212 the US company is likely to have a different privacy policy or none at all than an Australian consumer is likely to find locally," Gellman says. "And that just places data at some risk. Now I don't want to overstate this &$8212 it's not something that anybody should panic about &$8212 but the privacy protections for that data in the United States just simply may not be there."

Most nations addressing privacy adopt laws establish common standards for all personal information based on fair information practices. Not the US. Its privacy law is a welter of federal, state and common law, and no law at all. Vast activities affecting privacy are totally unregulated.

"We have state laws, we have Federal laws, we have self-regulation, we have common laws, we have large segments of the economy that are completely unregulated for privacy, and we have quite a few very narrowly focused privacy laws, most of which reflect some elements of fair information practices, which are the core of international privacy laws. If you compare all the laws one by one you find different elements and different laws, different procedures and different enforcement, and different coverage," Gellman says.

"Now the official view from the US is that we have a sectoral approach to privacy and that we only regulate when it's necessary, when there has been a marketplace failure. But I tend to the view that we pass privacy laws in response to horror stories or randomly otherwise and without any kind of overriding plan, any kind of consistent philosophy, and it's all rather disorganized."

Yet Gellman sees little signs the US has either the will or the interest to meet international privacy standards.

"The United States is significantly behind world trends here and I don't think the United States has shown any leadership in this area, nor is the world likely to pay much attention to the United States," Gellman says. "I think you find in Europe and in Australia broad-based comprehensive privacy legislation and I don't think that anyone is following the US model of haphazard legislation &$8212 I think we're not leading here, we're lagging the rest of the world."

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: ACT, University of New South Wales, University of New South Wales

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Latest Blog Posts
Whitepapers
  • Think print, Think security - Plugging the printer security gap
    The widespread use of networked printers and multifunction peripherals (MFPs) which scan, print, fax, copy and email has increased productivity in the production of all types of business output. However, the growing sophistication of these devices has also increased security risks associated with printing. Network connectivity, along with hard disk and memory storage, means that MFPs are now susceptible to many of the same security risks as PCs and servers alongside the traditional risk of sensitive printed output getting into the wrong hands. However, all too often the security of the print environment is overlooked and little is done to mitigate these threats. Read more.
    Learn more »
  • Get the Whole Picture Why Most Organizations Miss User Response Monitoring—and What to Do About It
    You can be armed with vast amounts of performance metrics, but if you don’t know what users are actually experiencing, you don’t have the real performance picture. While this measure is critical, it is one many organizations fail to consistently capture. This guide looks at the challenges of user response monitoring, and it shows how you can overcome these challenges and start to get a real handle on your infrastructure performance and how it impacts your users’ experience.
    Learn more »
  • Spear Phishing Attacks - Why they are successful and how to stop them
    There's been a rapid shift from broad, scattershot attacks to advanced target attacks that have had serious consequences for victim organisations. The increased use of spear phishing is directly related to the fact that it works, as traditional security defences simply do not stop these types of attacks. This paper provides a detailed look at how spear phishing is used within advanced attacks and the key capabilities organisations need in order to effectively combat these emerging and evolving threats.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments