Sep 01, 2003Researchers at the Auto-ID Center have long known that radio frequency identification technology raises consumer privacy issues that must be addressed. The group’s position paper, released on Sept. 1, is a first step in allaying concerns that RFID could be used to track individuals. The three principles state very broadly that consumers will always have the following rights:
• to know when they are in a location where Electronic Product Code (EPC) readers are used and that the products they are buying contain EPC tags.
• to have EPC tags in the products they buy permanently deactivated, without cost or penalty.
• to buy EPC tagged products without having their personal information electronically linked to the EPC number in the product.
|
|
AutoID Inc., a subsidiary of the Uniform Code Council charged with commercializing EPC technology, will have to turn these policies into industry guidelines. That's going to take a while because there are many complex issues to work through. For instance, does each item need a label informing people it has an EPC tag and, if so, how big does it have to be? How big do notification signs in stores have to be? And does each checkout counter need a sign telling consumers they can choose to have EPC tags deactivated, or will one sign near the entrance suffice?
While these issues are debated, privacy advocates and the press are going to continue to demand answers from companies that are experimenting with the technology. Manufacturers and retailers may get away with insisting that they are only testing RFID in the supply chain, but that won't work for long. The more extreme privacy advocates could make false accusations if cases tagged for supply chain tracking wind up on retail shelves. And many companies may want to tag high-value items that are often stolen from stores, such as CDs, DVDs, video games and women’s lingerie
Smart companies will appoint a chief privacy officer if they don't already have one. The CPO's job isn't simply to craft rules and procedures; it's to protect the company's brand, its reputation and its relationship with its customers.
As CPOs sort out all the privacy concerns surrounding RFID, they need to develop policies that make sense for their company. Each business is different, so each policy will be slightly different. Some retailers will want to reassure their customers by announcing that they will deactivate all RFID tags unless the customer requests that they remain active. Companies that prefer not to kill the tags—they may, for instance, want to use the tags to track returns—will need to figure out how to get the business benefit while reassuring customers that their privacy will be protected?
The Auto-ID Center's principle that consumers have the right not to have the EPCs in the products they buy linked to them personally also forces retailers to make some hard choices. Do they require customers to opt out of any loyalty scheme that uses RFID to track purchases? Do they entice consumers to opt in? And will consumers be able to choose to have some purchases tracked and not others?
It’s not enough just to create a company privacy policy; the CPO must maintain and protect it. This may turn out to be the most challenging part of the job. As more customer data is collected, business managers within a company will want to use the information in new ways. It's imperative that CPOs establish clear guidelines and procedures for getting permission to use customer data.
When Internet companies discovered they could closely track consumer behavior online, some begrudgingly made concessions aimed at protecting consumer privacy while others figured they could get away with collecting data on everyone, including children. It wasn't until government regulators stepped in that companies got serious about creating enforceable privacy policies. No doubt, companies will again be reluctant to give up any opportunity to learn more about their customers. But the real opportunity is in developing trust. Consumers are more likely to allow retailers to track their spending patterns if they get real value (substantial discounts or other benefits) in return and trust that the data is not going to be abused.