IF the information is not already missing, 2005 might be recorded in the databanks of history as the year of the consumer privacy breach.

So far, American companies including financial services giants like Bank of America, Citigroup and MasterCard, and national retailers like DSW shoes and Ralph Lauren Polo, have announced data compromises. All told, the personal information of more than 50 million consumers has been lost, stolen and even sold to thieves.

 

Why is this happening here, and not, say, in Britain, Germany or France? One reason may be that every other Western country has a comprehensive set of national privacy laws and an office of data protection, led by a privacy commissioner.

The United States, by contrast, has a patchwork of state and federal laws and agencies responsible for data protection.

"In Europe, the question has been settled: citizens have strong legal rights," said Joel R. Reidenberg, a Fordham University law professor who is an expert on international data privacy rules. "In the United States, we basically have a mess, and we are still trying to sort it out."

More fundamentally, these two systems for dealing with data arise from a cultural divide over privacy itself. In broad terms, the United States looks at privacy largely as a consumer and an economic issue; in the rest of the developed world, it is regarded as a fundamental right.

In the United States, said Trevor Hughes, executive director of the International Association of Privacy Professionals, debates over the privacy of personal data generally occurs piecemeal, when a particular abuse causes harm. "In Europe, " Mr. Hughes said. "data is just protected because it is data - information about you."

The telecommunications industry offers a case study in these two perspectives. In the mid-1990's, an unusual alliance here between privacy advocates and national phone companies, which did not want regional carriers to gain an informational advantage, led to restrictions on the commercial use of phone and billing information in the United States. In France, a similar debate in the 1980's caused phone numbers to be kept private in billing documents out of respect for individual rights.

In general, Americans are far more comfortable than Europeans with business handling their information, and far more skeptical of putting it in government hands. The tradition of making government records - like tax records, mortgage information and census data - easily accessible to the public is uniquely American.

This has helped create the world's largest data collection industry by far, with companies like ChoicePoint and AxiCom to collect and analyze those records. The flourishing consumer data industry spends millions of dollars each year lobbying against more restrictive data policies.

Not surprising, the United States has "many more laws restricting the government collection and use of information than laws restricting corporate use of collection and information," said Bruce Schneier, an expert on computer security issues. "Europe is the reverse," he added. Oversight is the United States is decentralized. Data protection is not a core mission of any government agency. Each of them, from the Health and Human Services Department to the Department of Homeland Security, deals with it as a secondary issue. In addition, each agency has its own internal privacy czars, who protect his agency's data as he thinks best. "What we don't have is a general framework that says these rules apply to everybody," said Peter Swire, an Ohio State University law professor who served as the Clinton administration's chief counselor for privacy.

Most European nations, on the other hand, begin with the idea that data protection is a human right, regulated by a comprehensive set of principles that apply to both business and government. And where American businesses are given relatively free rein to collect and sell information, European companies are severely restricted from those activities without individual consent.