|Home||Internet of Things||Aerospace||Apparel||Energy||Defense||Health Care||Logistics||Manufacturing||Retail|
Ontario's Privacy Commission Issues RFID Guidelines
The document focuses on helping retailers address privacy concerns as they implement item-level RFID technology.
Jun 20, 2006—Ontario's Information and Privacy Commission (IPC), in collaboration with EPCglobal Canada, has issued guidelines to help retailers address privacy concerns as they implement item-level RFID technology. The IPC, an agency of Ontario's legislative assembly, acts independently of the provincial government to promote the protection of personal privacy. Its commissioner, Ann Cavoukian, explains that in an effort to be proactive, before consumer-privacy problems arise involving RFID, her agency has issued a list of 10 items intended to provide a simple guide for retailers and other companies planning to use item-level RFID technology on products sold in Canada.
Privacy concerns center around the ability of RFID tags to allow tracking and surveillance of individuals buying tagged products—if the tags are not disabled at the time of purchase—by linking the tagged products to the account numbers of the credit cards used to purchase them.
As of this date, Cavoukian says, she knows of no item-level RFID pilots underway in Canada, though she has followed pilots in other countries and has been interested in how they addressed privacy concerns. She cites the pilot at Marks & Spencer (M&S) in London as a successful RFID deployment in which consumers were informed and included in the process (see EPC in Fashion at Marks & Spencer). But , she says, an RFID-related announcement in 2003 involving— Benetton demonstrated how misinformation or a lack of information for consumers can undermine a pilot. That incident led to a threatened boycott of Benetton stores (see Benetton Explains RFID Privacy Flap).
"Clearly, it's not anyone's intent to spy on consumers," Cavoukian says. "The vast majority of RFID technology is used in terms of supply-chain management, and none of that involves threats to privacy. When you get to item-level tagging, then for the first time you have a potential linkage with credit-card information."
The guidelines focus on how RFID is deployed rather than the technology itself, urging users of RFID technologies and information systems to address privacy and security issues early in the design stages. Wherever possible, the guidelines assert, efforts should be made to minimize the amount of RFID data a store or company obtains, and to maximize participation with consumers by being as open with them as possible.
"Consumers should be able to choose to re-activate them at a later date, re-purpose them, or otherwise exercise control over the manner in which the tags behave and interact with RFID readers," the guidelines state. Retailers need to be open about their product tagging, the document urges, and consumers should have the ability to obtain information about the data being collected.
A copy of IPC's Privacy Guidelines for RFID Information Systems is available at the organization's Web site. The IPC office encourages readers to e-mail questions or comments.
Login and post your comment!
Not a member?
Signup for an account now to access all of the features of RFIDJournal.com!
SEND IT YOUR WAY
RFID JOURNAL EVENTS
ASK THE EXPERTS
Simply enter a question for our experts.