A top affliction of privacy professionals is the growing complexity of privacy laws. The number of jurisdictions regulating data privacy and the number of other laws in which privacy provisions are tucked has increased with no letup since 2000. Like the Lilliputians in Gulliver's Travels, the tiniest jurisdictions are now lassoing their privacy ropes around the mightiest of corporations.

Where does this leave those who are charged with keeping their organizations privacy-compliant? Desperately looking for a way to organize news about all of these developments.

I recently surveyed the landscape of possible solutions to this problem. What did I find? Three different approaches: free Web sites, newsletters and news feeds; fee-based periodicals; and fee-based databases, such as Nymity's PrivaWorks, Cecile Park Publishing's DataGuidance and law firm Morrison and Foerster LLP's Summit Privacy.

What were the pros and cons of each approach?

Free sources

Privacy leaders with no budget will want to exploit what's free, including these options:

• Morrison & Foerster's Privacy Library, probably the most comprehensive and current free online listing of privacy laws in 95 countries.
• Law firm Baker & McKenzie's annual Global Privacy Handbook, which is distributed to clients and friends.
• Computerworld's own Security Newsletter, which offers a regular look at news about the technical threats to personal data.
• The International Association of Privacy Professionals' Daily Dashboard, Canada Dashboard Digest and monthly Inside 1to1: Privacy. These are the best available free news feeds on privacy.

I've been a Daily Dashboard junkie for years, and keep an online collection of links to hundreds of articles featured in the Dashboard.

When it comes to analysis of developments in privacy law, many law and consulting firms also offer free newsletters. Table 1 offers a full list, including instructions on how to sign up.

The advantage of these sources is that they're free. If you have the time to peruse them, they can keep you current on the most important debates and risks. But these sources aren't designed to provide answers to narrow questions or comparisons across jurisdictions of regulations or risks on a particular topic.

Fee-based periodicals

Subscription-based services like the following can greatly leverage a privacy officer’s small budget, and they dive deeper into key privacy topics than free sources do:

• The Washington-based BNA Privacy & Security Law Report is a daily and weekly feed of articles written by experts in the field and delivered via print and Web. The articles focus on the U.S., but also cover Canada, Latin America, the EU and Asia-Pacific Economic Cooperation (APEC) countries. ($1,900 per year)
• London-based Privacy Laws & Business delivers two quarterly PDF journals of in-depth articles focused on the U.K. and non-U.K. markets. ($880 per year for both)
• The IAPP offers a Privacy Tracker service, a combination of weekly e-mails, monthly print newsletters, and monthly calls focusing on U.S. state and federal legislative developments. ($725 per year)
• The Crofton, British Columbia-based Institute for the Study of Privacy Issues provides ISPI Clips, perhaps the most comprehensive daily privacy news-clipping service. When you sign up, about two dozen e-mails land in your in-box each day, with healthy coverage of Canada and APEC news. ($310 per year)

Other paid periodicals include Evan Hendricks' biweekly Privacy Times ($350 per year) and Robert Ellis Smith's monthly Privacy Journal ($125 per year). If you're a member of the American Bar Association, you could receive the quarterly SciTech Lawyer, and IAPP members receive the monthly Privacy Advisor.

The privacy commissioners of Canada and Italy each issue their own newsletters (see here for Canada, and here for Italy), while members of the French association of privacy correspondents, AFCDP, also receive an excellent newsletter.

The strength of these services is their depth and breadth. Subscribers gain the opportunity of acquiring a detailed understanding of narrow questions across multiple jurisdictions. That said, these services mostly lack an on-demand way to search for answers.

Searchable databases

The crown jewel for any privacy officer, however, is to be able to tap a person or database on demand to answer narrow questions for obscure situations. Last month, I gained access to the two leading privacy-database services. I tested how effective they were at providing answers to a battery of questions facing CPOs today.

What were the results?

I'd call DataGuidance the "LexisNexis" of privacy and PrivaWorks the "Westlaw" of privacy. Those who've used both know that Reed Elsevier's LexisNexis offers a simple interface, while Thomson Reuters' Westlaw provides a more robust set of filters and features.

DataGuidance right now is the place to go for European content. I tested six types of questions U.S. companies often have about complying with EU member-state data-protection laws:

• What kind of consent do I need for direct marketing in Europe? (112 hits)
• What privacy restrictions are there for conducting cross-border health care? (102)
• What must I do to notify EU authorities about my data practices? (85)
• What strategies and best practices for binding corporate rules are there? (12)
• What kind of employee monitoring can I do in Europe? (32)
• What is the status of data-breach notification in Europe? (32)

I found it easy to use the DataGuidance filters. Choose a jurisdiction and a topic, then hit "search" The reference materials that show up are a combination of government documents and analyses written by practicing privacy attorneys from a number of reputable firms. Once inside the topic, you can filter for applicable regulations and case law. The reference materials are well tagged, so it doesn't take long to determine if the database contains your answer.

Where does DataGuidance have room to improve? There are no apparent cross-jurisdictional matrices presenting the answers across all 28 member states for any of the questions I tested. And there doesn’t appear to be one common template for the analyses. The authors structure their analyses differently and go to varying levels of detail. The result is that it's hard to find a pan-European answer to any question at the same level of detail.

When you can't find the answer you're looking for, both DataGuidance and Nymity pledge to load questions into their research program.

PrivaWorks was a different experience. The interface sported more modules and filters, making it harder to get to the point of taking full advantage of it. After some training, however, I found it easier to find cross-jurisdictional answers.

PrivaWorks, for example, contains a Breach Response Support Center that centralizes reference materials on the topic and includes a filter for comparing criteria in U.S. state laws. PrivaWorks also includes pages dedicated to 10 different industries. Three other differentiators: the portal contains a "Manage the Risks" module organized by 17 business risks, statistics counters that rank the reports most frequented by users, and reference materials that are structured in the same format and tagged according to the 10 Generally Accepted Privacy Principles.

I tested PrivaWorks against six North American questions I've heard lately:

• What are the main provisions of the HITECH Act? (12 unique hits)
• What privacy restrictions are there on behavioral advertising? (92)
• What restrictions are there for transferring personal data from Canada? (33)
• What kind of consent do I need for direct marketing in Canada? (90)
• What is the definition of personal data, anonymized data, and de-identified data? (8)
• What are best practices for data retention and destruction? (63)

So, on fairly narrow questions, both DataGuidance and Nymity deliver usable results. Table 2 shows a comparison of key elements of the two services.