Privacy Advisor

Notes from the Executive Director

December 1, 2005

As 2005 draws to a close, we will remember this year for the multitude of data breaches because they have led to dramatic enlightenment about the privacy pro's core mission and critical importance in the marketplace — here and internationally as well. With more than 80 data breaches this year, some U.S. lawmakers and regulators have been clamoring for bills to give consumers some protection from the escalating incidents. More than a dozen bills have been introduced in Congress this year and 32 state legislatures have proposed legislation to help protect consumers.

This "patchwork" of state, federal and even international laws related to data privacy and security is one of the main reasons why Microsoft Corp. recently called for comprehensive federal privacy legislation. Microsoft pointed out another reason for seeking a federal uniform approach — to avoid stifling innovation and instead approach privacy in a way that inspires consumer confidence while complementing technological advances.

While the legislative response in the U.S. continues to develop in 2006, the privacy community should remain mindful of significant international developments in countries that comprise the Asia-Pacific Economic Cooperation forum.

APEC comprises 21 economies around the Pacific Ocean, including the U.S., Canada, China, Japan, South Korea and Australia. APEC Ministers approved Part A of an APEC Privacy Framework in November 2004 — a significant benchmark in the evolution of international privacy policy. One significant tenet of the Framework is that "accountability should follow the data" as it moves from one country to another. The Ministers recognized the importance to the region of developing a new international standard for data protection, but specified that the framework does so without "barriers to information flows."

Much work remains to help the economies implement the framework and develop measures to ensure that "accountability does follow the data." However, the swell of consumer concern over the security and privacy of personal information is providing fuel to get to the finish line.

In the coming weeks, the IAPP will continue planning a comprehensive Summit agenda that includes an in-depth analysis of the dominant international issues, including outsourcing, whistleblowing compliance and global legislative responses to data security and identity theft.

As you contemplate your priorities for the coming year, mark your calendar for the IAPP National Summit 2006, March 8-10, at the Omni Shoreham Hotel in Washington, D.C.

We wish you and your family Happy Holidays and best wishes for the New Year!

J. Trevor Hughes
Executive Director