Skip to Main Content
Information-technology managers at United States companies are likely to be affected by recent legislation in the European Union and in Canada that restricts the transfer of citizens' personal information to countries that do not protect that information adequately. We argue that, from both ethical and pragmatic perspectives, USA businesses should reject the voluntary, self-certifying approach to data protection currently in favor in the United States. USA businesses should advocate instead for a European approach that mandates stronger data protection and establishes a government agency charged with enforcing it. If the USA adopted a European approach to data privacy, USA businesses would attract more customers and avoid the legal problems that are likely to result when European and Canadian data-privacy authorities begin to enforce their new laws vigorously.