out, the CSA code would provide the floor by which private sector privacy codes would be measured. In other words, the CSA code, which is a good solid piece of privacy policy already, would be the minimum standard to measure the performance of private industry.

Industry groups could adopt tougher protections, but could not offer less than the CSA code. Probably the federal privacy commissioner and the various provincial commissioners would be charged with monitoring performance and helping to hold industry accountable to the code. Judicial remedies are also likely to be available.

The United States is moving much more cautiously, but there are some developments that could help it pull itself up. While Canadian Justice Minister Allan Rock was telling the International Conference of Data Commissioners at their meeting last September in Ottawa that Canada would have legislation in place by the year 2000, Sally Katzen, head of the Office of Information and Regulatory Affairs at the U.S. Office of Management and Budget told the same group that the sectoral approach was the position of choice for the United States. One American attendee at the conference said Katzen's speech sounded like one he had heard four years earlier during the Bush administration.

However, there is an American initiative coming out of the Federal Trade Commission. Commissioner Christine Varney, something of a protege of President Clinton, has supported the idea that the FTC could use its statutory authority to police unfair business practices as both a carrot and a club in convincing business to provide adequate privacy protections. While this is a much lower level response than Canada's, it holds some promise for accomplishing some of the same goals. However, such privacy initiatives in the United States are very personality-driven and the FTC's interest might evaporate if Varney were to leave.

On the negative side of U.S. developments, the continuing suggestion that the United States create some kind of independent privacy commission that might act as an ombudsman and honest broker in dealing with privacy protection in both the public and private sector, has yet to garner any enthusiasm, although it is an idea that is favorably received by European data commissioners as the first sign that the United State is really serious about this issue.

Several months ago Michie published what is certainly the current bible for Americans trying to understand these issues. Data Privacy Law, by law professors Paul Schwartz and Joel Reidenberg is the most thorough and comprehensive examination of all aspects of data protection. Schwartz and Reidenberg were commissioned to write a study of American privacy protections so that the European Union would have a better idea of the state of affairs in the United States. What they have produced, however, is perhaps more relevant to Americans who need to understand this issue. Another recommended source for Americans in search of European developments and perspectives is the excellent British newsletter Privacy Laws & Business, published and edited by Stewart Dresner.

As the Internet continues to break down any distinctions about the flow of information across international borders, the economic, intellectual, and public policy lifelines will depend on the continuation of such international data flows. For the United States to ignore or underestimate the importance of a meeting of the minds on the subject of international data protection could have catastrophic results down the road. But as with many international imbroglios, the results will depend in part on which side blinks first.

Harry Hammitt is editor/publisher of Access Reports, a newsletter published in Lynchburg, Va., covering open government laws and information policy issues. E-mail: <75111.743@compuserve.com>.


Harry Hammitt  |  Contributing Writer