Privacy and RFID

A group of multinational companies including IBM, Intel and Microsoft have issued draft  guidelines for Privacy Best Practices for Deployment of RFID Technology.

RFID (radio frequency identification) raises privacy concerns when its use enables parties to obtain personally identifiable information, including location information, about particular individuals that those parties otherwise would be unable or unauthorized to obtain. This information may be a person’s location; it may be that the person has a certain product in his or her possession; it may be that the person has used a particular service. Security concerns arise if unauthorized parties are able to obtain such information either from interception of the radio communications between tags and readers, through unauthorized reading of the tags, or via unauthorized access to the network or the database.

Representatives from various consumer groups and commercial enterprises developed these guidelines in an effort to address current privacy concerns, as well as to limit future concerns regarding the deployment of RFID technology.

The guidelines cover:

  • giving of notice when information, including location information, is collected
    through an RFID system and linked, or is intended by a commercial
    entity to become linked, to an individual’s personal information either
    on the RFID tag itself or through a database.
  • Consumers should be offered such choice before the conclusion of the
    transaction to obtain a good or service, wherever practicable, so that,
    when coupled with robust notice, consumers are given the tools to
    effectively exercise their choice with respect to the use of RFID
    technology.
  • Companies should exercise reasonable and appropriate efforts to secure
    RFID tags, readers and, whenever applicable, any corollary linked
    information from unauthorized reading, logging and tracking, including
    any network or database transmitting or containing that information and
    radio transmissions between readers and tags. In addition, companies
    should exercise reasonable and appropriate efforts to secure the linked
    information from unauthorized access, loss or tampering.
 

Your Compliance Support Plan

We understand you need a cost-effective way to keep up to date with regulatory changes. Talk to us about our fixed price plans.