In a positive move for the RFID industry, the Center for Democracy and Technology's Working Group on RFID has issued a "best practices" guideline to protect consumer privacy.

Among the best practices include the following (quoted from the best practices guideline):

• Consumers should be provided with clear, conspicuous and concise notice when information, including location information, is collected through an RFID system and linked, or is intended by a commercial entity to become linked, to an individual's personal information either on the RFID tag itself or through a database.
• Consumers should be notified when entering a commercial or public environment where RFID technology is in use. Wherever practicable, individual RFID readers should be identified as such.
• Companies should exercise reasonable and appropriate efforts to secure RFID tags, readers and, whenever applicable, any corollary linked information from unauthorized reading, logging and tracking, including any network or database transmitting or containing that information and radio transmissions between readers and tags. In addition, companies should exercise reasonable and appropriate efforts to secure the linked information from unauthorized access, loss or tampering.

Several major corporations, such as IBM, Microsoft, Cisco and Visa, as well as advocacy groups and public organizations such as the American Library Association, participated in the working group that developed the guideline.

This is a positive move for RFID because for the first time businesses and other leading organizations are confronting head-on the consumer privacy implications of RFID in a proactive, leading way -- instead of the typical reactive, defensive posture so many of them have found themselves in.

I'm sure some will say "it is not enough." But businesses have to start somewhere to gain agreement within the industry on protecting privacy.

I'm surprised the announcement of this guideline is not getting more public play. I know it was announced in conjunction with the RFID Journal Live event and perhaps in all the hustle and bustle got lost. While it is just a guideline, it is the first statement of its kind in the RFID industry.

Read the RFID best practices guideline here.