The US is badly lagging the rest of the world on privacy legislation and apparently doesn't care.
This lack of interest in meeting international privacy standards is starting to hurt the US and could hurt the country even more down the track.
Canada is already reluctant to export data to the United States for processing in some circumstances, notes US privacy expert Robert Gellman, prompted in part by fears that the draconian USA PATRIOT Act (which gives intelligence officers unprecedented surveillance powers) will comprise the privacy of Canadian citizens.
I think you find in Europe and in Australia broad-based comprehensive privacy legislation and I don't think that anyone is following the US model of haphazard legislation
Canada has wound back outsourcing to the US, and Gellman warns US businesses run the risk of losing more business opportunities because of a lack of consistent and adequate privacy protection.
Meanwhile, jurisdictions like Australia and Europe with strong and reasonably consistent privacy protections in place may well gain from US losses.
Gellman, a consultant in Washington DC who advises companies, organizations, US agencies and foreign governments on policies for personal privacy and fair information practices, also warned the lax US approach to privacy means Australian consumers purchasing online from US-based Web sites are putting their personal data at risk.
Gellman was in Australia to address a seminar &$8212 Can US meet international privacy standards? &$8212 at the Cyberspace Law and Policy Centre, University of New South Wales.
Most nations addressing privacy adopt laws establish common standards for all personal information based on fair information practices. Not the US. Its privacy law is a welter of federal, state and common law, and no law at all. Vast activities affecting privacy are totally unregulated.
"We have state laws, we have Federal laws, we have self-regulation, we have common laws, we have large segments of the economy that are completely unregulated for privacy, and we have quite a few very narrowly focused privacy laws, most of which reflect some elements of fair information practices, which are the core of international privacy laws. If you compare all the laws one by one you find different elements and different laws, different procedures and different enforcement, and different coverage," Gellman says.
"Now the official view from the US is that we have a sectoral approach to privacy and that we only regulate when it's necessary, when there has been a marketplace failure. But I tend to the view that we pass privacy laws in response to horror stories or randomly otherwise and without any kind of overriding plan, any kind of consistent philosophy, and it's all rather disorganized."
Yet Gellman sees little signs the US has either the will or the interest to meet international privacy standards.
"The United States is significantly behind world trends here and I don't think the United States has shown any leadership in this area, nor is the world likely to pay much attention to the United States," Gellman says. "I think you find in Europe and in Australia broad-based comprehensive privacy legislation and I don't think that anyone is following the US model of haphazard legislation &$8212 I think we're not leading here, we're lagging the rest of the world."
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.