The RFID Weblog: RFID Best Practices to Protect Privacy

Filed in archive Privacy and Security by Anita Campbell on May 17, 2006

In a positive move for the RFID industry, the Center for Democracy and Technology's Working Group on RFID has issued a "best practices" guideline to protect consumer privacy.

Among the best practices include the following (quoted from the best practices guideline):

Consumers should be provided with clear, conspicuous and concise notice when information, including location information, is collected through an RFID system and linked, or is intended by a commercial entity to become linked, to an individual's personal information either on the RFID tag itself or through a database.

Consumers should be notified when entering a commercial or public environment where RFID technology is in use. Wherever practicable, individual RFID readers should be identified as such.

Companies should exercise reasonable and appropriate efforts to secure RFID tags, readers and, whenever applicable, any corollary linked information from unauthorized reading, logging and tracking, including any network or database transmitting or containing that information and radio transmissions between readers and tags. In addition, companies should exercise reasonable and appropriate efforts to secure the linked information from unauthorized access, loss or tampering.

Several major corporations, such as IBM, Microsoft, Cisco and Visa, as well as advocacy groups and public organizations such as the American Library Association, participated in the working group that developed the guideline.

This is a positive move for RFID because for the first time businesses and other leading organizations are confronting head-on the consumer privacy implications of RFID in a proactive, leading way -- instead of the typical reactive, defensive posture so many of them have found themselves in.

I'm sure some will say "it is not enough." But businesses have to start somewhere to gain agreement within the industry on protecting privacy.

I'm surprised the announcement of this guideline is not getting more public play. I know it was announced in conjunction with the RFID Journal Live event and perhaps in all the hustle and bustle got lost. While it is just a guideline, it is the first statement of its kind in the RFID industry.

Read the RFID best practices guideline here.

Related Entries:

Metro Backs Down on RFID, But Privacy Groups Not Satisfied - 02 March 2004
RFID: Usefulness Outweighs Privacy Concerns - 14 April 2004
Feds Suppress RFID Privacy Concerns - 01 November 2006
IBM Sez: Worried About RFID Privacy? Just Tear Off the Anten... - 09 November 2006

« RFID Becomes a Teacher of... | Main | Digital RFID Magazine - I... »

Permalink: RFID Best Practices to Protect Privacy

Tags: RFID privacy rfid best practices best+practices rfid+best protect+privacy

Trackback: http://publish.creative-weblogging.com/publish/mt-tb.pl/21336

Addthis

Ask

Blinklist

del.icio.us

Digg

Fark

Facebook

Google

Lycos

Ma.gnolia

Mr Wong

Netscape

Netvousz

Newsvine

StumbleUpon

Slashdot

Tailrank

Technorati

Wink

Yahoo

Vote for RFID Best Practices to Protect Privacy:

Currently 8.00/10
1
2
3
4
5
6
7
8
9
10

Rating: 8.00 out of 3 vote(s) cast.

Response from: Chris Packer (05/21/06 10:52am)

It's good to see a privacy protection policy being developed - if anything could damage RFID in the bud, it's privacy concerns. I can only hope this means we're going to see privacy protection generally being subscribed to and upheld in the industry.

2c.

Response from: Anita Campbell (05/21/06 11:14am)

Yes, Chris, privacy concerns have the potential to derail RFID unless they are addressed pro-actively. That's why I was so glad to see this Guideline.

Anita