More RFID Journal Sites: RFID Journal Espanol RFID Journal Brasil RFID Journal Events RFID Journal Awards
RFID NEWS
Text size:
T
T
T
Policy Group Spearheads RFID Best Practices
To develop this document, the group examined current laws and policies surrounding the responsible use of personally identifiable information, how RFID technology works and where breeches in the security of personal identification could happen in RFID deployments. "We looked at where the technology raises privacy concerns, and where it does not," said Bruening.
In developing suggestions on the steps companies can take toward protecting personal privacy in RFID deployments and where personal information is collected, she said, the group emphasized the use of consumer notification. It also advocated the consumers' ability to choose what data is collected and how that data may or may not be used.
Furthermore, the working group identified three guiding principles to address concerns surrounding the security of personal information linked to RFID technology. One principle says RFID technology is a neutral element—that is, the technology does not threaten privacy, but can be one of a number of vehicles through which personal information can be exploited and used irresponsibly. Another principle is that privacy protections and data security should be primary design elements in RFID deployments, not afterthoughts. Finally, companies should be transparent about their RFID use, so that consumers know about it–and how their personal information could be stored or used—before taking part in any transaction that leverages the technology.
"The guidelines are drawn from fair-information practices, well-established principles for responsible information management," said Bruening.
EPCglobal, an industry group working to commercialize electronic product code standards and technology, last year released its own privacy guidelines for consumer products carrying RFID tags. Maxwell noted, however, that an important distinction between these guidelines, available on the EPCglobal Web site, and the CDT guidelines is that the latter are based on a much broader view of RFID technology than just a means of identifying consumer products with EPCs. "This document goes beyond those applications and includes things such as applications for financial services, or using tags to authenticate goods or services," he said.
Both the EPCglobal and CDT privacy statements and guidelines make clear, Maxwell noted, that the applications for RFID technology are continuing to evolve, and that these guidelines must keep evolving, as well.
In developing suggestions on the steps companies can take toward protecting personal privacy in RFID deployments and where personal information is collected, she said, the group emphasized the use of consumer notification. It also advocated the consumers' ability to choose what data is collected and how that data may or may not be used.
Furthermore, the working group identified three guiding principles to address concerns surrounding the security of personal information linked to RFID technology. One principle says RFID technology is a neutral element—that is, the technology does not threaten privacy, but can be one of a number of vehicles through which personal information can be exploited and used irresponsibly. Another principle is that privacy protections and data security should be primary design elements in RFID deployments, not afterthoughts. Finally, companies should be transparent about their RFID use, so that consumers know about it–and how their personal information could be stored or used—before taking part in any transaction that leverages the technology.
"The guidelines are drawn from fair-information practices, well-established principles for responsible information management," said Bruening.
EPCglobal, an industry group working to commercialize electronic product code standards and technology, last year released its own privacy guidelines for consumer products carrying RFID tags. Maxwell noted, however, that an important distinction between these guidelines, available on the EPCglobal Web site, and the CDT guidelines is that the latter are based on a much broader view of RFID technology than just a means of identifying consumer products with EPCs. "This document goes beyond those applications and includes things such as applications for financial services, or using tags to authenticate goods or services," he said.
Both the EPCglobal and CDT privacy statements and guidelines make clear, Maxwell noted, that the applications for RFID technology are continuing to evolve, and that these guidelines must keep evolving, as well.
