More RFID Journal Sites: RFID Journal Espanol RFID Journal Brasil RFID Journal Events RFID Journal Awards
Home / Supply Chain / Security and Access Control / Privacy / Retail / Manufacturing / Logistics / Consumer Packaged Goods
Consumer Packaged Goods NEWS
Text size:
T
T
T
GS1 Releases Privacy-Assessment Tool for RFID Users
The software application is intended to help companies assess any privacy risks that may result from their use of RFID technology, determine if they meet the European Commission's privacy recommendations and show them how to take corrective actions, if necessary.
By Claire Swedberg
Nov. 23, 2011—Global standards organization GS1 has released a software application intended to help European companies assess any privacy risks that might result from their use of radio frequency identification, as well as guide them in eliminating those risks. The Microsoft Excel-based tool is designed to help firms comply with European Commission (EC) recommendations for safeguarding the privacy of consumers and others who may be in contact with RFID technology. The GS1 EPC/RFID Privacy Impact Assessment (PIA) Tool can be downloaded free of charge from GS1's Web site.
Elizabeth Board, GS1's global public policy executive director, explains that companies can use the PIA Tool to conduct self-assessments of privacy risks resulting from their use of RFID technology and the data related to that usage. The tool poses a series of questions enabling companies to determine their privacy risks, and thus where they may need to make improvements to address them. The EC RFID privacy recommendations, as well as the PIA Tool, are directed primarily at retailers and suppliers of consumer goods, because in this industry, the technology may directly impact consumers (for example, customers may see RFID tags on products they intend to buy), but the PIA Tool and EC recommendations are applicable to any company that may be employing RFID within their operations.
The PIA Tool incorporates seven months of research with some of GS1's member companies worldwide, as well as end users of RFID, including retailers and consumer product companies such as Wal-Mart, Procter & Gamble, Metro Group, headquartered in Germany, and Carrefour Group, in France.
In 2009, the European Union (EU) issued its RFID privacy recommendations that included informing consumers of the presence of RFID tags (see European Commission Issues RFID Privacy Recommendations). The recommendation is nonbinding, but is intended to provide a framework to protect data that could potentially pose a risk of privacy intrusion for a customer or business employee. The recommendation states that privacy and data-protection impact assessments should be completed at least six weeks before the technology's deployment.
In April of this year, the EC joined forces with GS1 and the European Network and Information Security Agency (ENISA), the EU agency dedicated to improving information and cyber-security, in order to establish guidelines for all companies in Europe to address the protection of data related to RFID technology (see European Commission Issues Framework for Measuring and Mitigating RFID's Privacy Impact). The European Retail Round Table (ERRT), AIM Germany, Bitkom and the A&N Electric Cooperative (ANEC), also contributed in the development of a privacy impact assessment framework. The members of GS1, ENISA and the EC agreed that with the appropriate tool, companies using RFID could answer specific questions, determine whether they had privacy risks as described in the EC recommendation, and subsequently make the necessary adjustments. The result of that effort is the GS1 EPC/RFID Privacy Impact Assessment Tool.
more Consumer Packaged Goods articles
Nov. 23, 2011—Global standards organization GS1 has released a software application intended to help European companies assess any privacy risks that might result from their use of radio frequency identification, as well as guide them in eliminating those risks. The Microsoft Excel-based tool is designed to help firms comply with European Commission (EC) recommendations for safeguarding the privacy of consumers and others who may be in contact with RFID technology. The GS1 EPC/RFID Privacy Impact Assessment (PIA) Tool can be downloaded free of charge from GS1's Web site.
Elizabeth Board, GS1's global public policy executive director, explains that companies can use the PIA Tool to conduct self-assessments of privacy risks resulting from their use of RFID technology and the data related to that usage. The tool poses a series of questions enabling companies to determine their privacy risks, and thus where they may need to make improvements to address them. The EC RFID privacy recommendations, as well as the PIA Tool, are directed primarily at retailers and suppliers of consumer goods, because in this industry, the technology may directly impact consumers (for example, customers may see RFID tags on products they intend to buy), but the PIA Tool and EC recommendations are applicable to any company that may be employing RFID within their operations.
|
| Elizabeth Board, GS1's global public policy executive director |
In 2009, the European Union (EU) issued its RFID privacy recommendations that included informing consumers of the presence of RFID tags (see European Commission Issues RFID Privacy Recommendations). The recommendation is nonbinding, but is intended to provide a framework to protect data that could potentially pose a risk of privacy intrusion for a customer or business employee. The recommendation states that privacy and data-protection impact assessments should be completed at least six weeks before the technology's deployment.
In April of this year, the EC joined forces with GS1 and the European Network and Information Security Agency (ENISA), the EU agency dedicated to improving information and cyber-security, in order to establish guidelines for all companies in Europe to address the protection of data related to RFID technology (see European Commission Issues Framework for Measuring and Mitigating RFID's Privacy Impact). The European Retail Round Table (ERRT), AIM Germany, Bitkom and the A&N Electric Cooperative (ANEC), also contributed in the development of a privacy impact assessment framework. The members of GS1, ENISA and the EC agreed that with the appropriate tool, companies using RFID could answer specific questions, determine whether they had privacy risks as described in the EC recommendation, and subsequently make the necessary adjustments. The result of that effort is the GS1 EPC/RFID Privacy Impact Assessment Tool.
