A new study on "US and European Corporate Privacy Practices" was released two days ago, and as I constantly monitor the topic knowing EU's stricter information sharing and privacy violations laws comparing to the U.S, thought you might find this useful. To sum up the findings: "European companies are much more likely to have privacy practices that restrict or limit the sharing of customer or employees' sensitive personal information and are also more likely to provide employees with choice or consent on how information is used or shared," said David Bender, head of White & Case's Global Privacy practice." still at the "sharing sensitive information is bad" promotional stage, I feel the research reasonable points out the lack of a systematic technical approach, bureaucracy can also be an issue, but with so many CERTs in Europe there's potential for lots of developments I think. Established in 2004, ENISA is the current body overseeing and guiding the Community towards data protection practices -- slowly, but steadily gaining grounds.

"But the research also revealed that US companies are engaging in more security and control-oriented compliance activities than their European counterparts. As a result, US corporations scored higher in five of the eight areas of corporate privacy practice." - structured implementation on a technical level, that is people auditing networks and being accountable in case of not doing so, and privacy policies by default.

The link for this article located at Dancho Danchev is no longer available.