Privacy International has released its 2007 International Privacy Rankings. Sadly, the United States ranks last in terms of statutory protections and privacy enforcement of all the countries in the democratic world. Among the points noted about U.S. privacy protection were that state data breach notification laws had proven useful in identifying security faults, but that Congress had approved presidential spying program, and is considering retroactive immunity for telecoms (something I wrote about here, and will almost certainly write more on in the future). One thing I'd like to point out in this is that the problems the report identified (e.g., presidential spying) are coming from the Federal Government, while the bright spots in privacy protection (e.g., data breach notification laws) are implemented at the state level. To my mind, this provides further evidence that we should be cautious in pushing for a federal data breach notification laws, given that they could preempt the state laws which are already in place and have proven to be effective.