CNet reports on a new bill in Hawaii, HB 2288 (pdf), which could lead to the state keeping tracking of all Web sites visited:

Hawaii’s legislature is weighing an unprecedented proposal to curb the privacy of Aloha State residents: requiring Internet providers to keep track of every Web site their customers visit.

Its House of Representatives has scheduled a hearing this morning on a new bill (PDF) requiring the creation of virtual dossiers on state residents. The measure, H.B. 2288, says “Internet destination history information” and “subscriber’s information” such as name and address must be saved for two years.

H.B. 2288, which was introduced Friday, says the dossiers must include a list of Internet Protocol addresses and domain names visited. Democratic Rep. John Mizuno of Oahu is the lead sponsor; [...]

Democrat Jill Tokuda, the Hawaii Senate’s majority whip, who introduced a companion bill, S.B. 2530, in the Senate, told CNET that her legislation was intended to address concerns raised by Rep. Kymberly Pine, the first Republican elected to her Oahu district since statehood and the House minority floor leader. [...] Read more »

Saturday, January 28, is International Data Privacy Day. Take the time to think about how privacy is important in your life and how you can protect your rights from being infringed upon. Please also take the time to donate to any number of organizations out there trying to protect your privacy rights.

Visit the official site to find events near your area. Here are a few highlights in the United States and internationally:

Alabama

On Friday, Jan. 27, Cumberland School of Law hosts “Is My Phone Spying On Me or Am I Just An Open Book? An Exploration of Privacy and Mobile Technology.” It will be “a discussion on the legal, ethical, and commercial implications of mobile technology on privacy. Featuring privacy professionals from business, law practice, and the academy, this panel will explore the state of privacy law with respect to mobile technology, the tension between privacy and the utility of data collected from mobile technology, and how organizations handle data collected and transmitted using mobile technology.” Time and location: 10 a.m. to 11 a.m. at Cumberland School of Law at Samford University. For more information: http://cumberland.samford.edu/content/my-phone-spying-me

North Carolina

On Friday, Feb. 3, the UNC School of Information and Library Science and the American Library Association will host “Should Librarians Care About Privacy Anymore?” The free panel/webinar “will feature presentations and panel discussion by Barbara Jones, director of the American Library Association Office for Intellectual Freedom, Anne Klinefelter, associate professor of Law and director of the UNC at Chapel Hill Law Library, Christopher (Cal) Lee, SILS associate professor, Zeynep Tufekci, SILS associate professor, and SILS Dean, Gary Marchionini, as moderator.” Time and location: 1 p.m. to 3 p.m. at 08 Peabody Hall, UNC Chapel Hill2 and streaming via webinar. For more information: http://sils.unc.edu/events/2012/data-privacy-webinar  Read more »

HealthLeaders Media has an interview with Farzad Mostashari, the national coordinator for health information technology at the Department of Health and Human Services, about the use of and privacy protection of patient medical data:

HLM:  What are three toughest challenges you plan to tackle in 2012?

Mostashari: Adoption of meaningful use, information exchange and interoperability, and maintaining privacy and security. We want 2012 to be a huge year for meaningful use. I think doctors, hospitals, and vendors are geared up. It will be an enormous year for providers who qualify for the incentive, but more importantly to start to establish the information foundation for delivering care that is inconceivably better in all ways—higher quality, safer, more patient-centered, and more coordinated.

It is fantastic to have the records in an electronic format in the doctor’s offices and to have those records used to take better care not just of individual patients, but of the entire population of patients.

It is just as important that those records be shared across the different settings when the patient moves from outpatient to inpatient care, then back home or to a long-term care facility, and back to the primary care doctor’s office and then to specialist. We’re really pushing in major way on information exchange and interoperability. Read more »

BBC News reports on a privacy breach by mobile phone company O2, which apologized to customers in a blog post. BBC News reports:

O2 has apologised for a technical problem which caused users’ phone numbers to be disclosed when using its mobile data.

The company said it normally only passed numbers to “trusted partners”.

A problem during routine maintenance meant that from 10 January numbers could have been seen by other websites.

“We investigated, identified and fixed it this afternoon. We would like to apologise for the concern we have caused,” the company said.

The Information Commissioner’s Office had said that it would speak to O2 “to better understand what has happened”. [...] Read more »

The European Commission announced a proposal for a comprehensive reform of the EU’s 1995 Data Protection Directive. In a press release, the Commission explained:

Technological progress and globalisation have profoundly changed the way our data is collected, accessed and used. In addition, the 27 EU Member States have implemented the 1995 rules differently, resulting in divergences in enforcement. A single law will do away with the current fragmentation and costly administrative burdens, leading to savings for businesses of around €2.3 billion a year. The initiative will help reinforce consumer confidence in online services, providing a much needed boost to growth, jobs and innovation in Europe. [...]

The Commission’s proposals update and modernise the principles enshrined in the 1995 Data Protection Directive to guarantee privacy rights in the future. They include a policy Communication setting out the Commission’s objectives and two legislative proposals: a Regulation setting out a general EU framework for data protection and a Directive on protecting personal data processed for the purposes of prevention, detection, investigation or prosecution of criminal offences and related judicial activities.

Key changes in the reform include:

• A single set of rules on data protection, valid across the EU. Unnecessary administrative requirements, such as notification requirements for companies, will be removed. This will save businesses around €2.3 billion a year. Read more »

At the Wall Street Journal, two experts answer the question: “Should Every Patient Have a Unique ID Number for All Medical Records?” “Proponents say universal patient identifiers, or UPIs, deserve a serious look because they are the most efficient way to connect patients to their medical data. [...] Privacy activists aren’t buying it. They say that information from medical records already is routinely collected and sold for commercial gain without patient consent and that a health-care ID system would only encourage more of the same.”

First, Michael F. Collins, a board-certified physician in internal medicine and chancellor of the University of Massachusetts Medical School in Worcester, Mass., argues that universal patient IDs are needed:

A UPI system, using one number that seamlessly connects a person to all of his or her records, could be the safest and most efficient way to manage health-care data. It would guard against misidentification and make it much easier to pull together a patient’s records from disparate providers. Using today’s best technologies and practices, UPIs could help dramatically improve the quality of health care, lower costs, accelerate medical discovery and better preserve privacy. [...]

Currently, health-care providers and administrators struggle daily to match patients to records organized by disparate systems that rely on names, addresses, birth dates and sometimes Social Security numbers. Names can be presented in numerous formats, leading to duplicative records that cost money and lead to errors. As our population grows, the number of people with the same name and other similar personal data multiplies. Research cited by RAND Corp. indicates patients are misidentified at a rate of about 7% to more than 10% during record searches. As databases grow, the problem will only worsen. UPIs can correct this situation.

What about data security? It is difficult—especially without being able to study UPIs—to know what the safest approach is. Admittedly, no IT system is immune to breaches. Read more »