|Home||Internet of Things||Aerospace||Apparel||Energy||Defense||Health Care||Logistics||Manufacturing||Retail|
RFID Vendors Need a Privacy Strategy
To succeed, companies providing RFID solutions must work closely with their customers to develop a strategy for ensuring privacy and security compliance.
Learn From Mistakes
Businesses also need to follow up on mistakes. From both an enforcement standpoint and a risk-management perspective, end-user customers need to be apprised of areas where mistakes or complaints have been made—and they must make sure a plan is in place to modify behavior to address problems promptly. RFID solutions providers can also demonstrate that they learn from others' mistakes by monitoring the external privacy and security marketplace. Did a potential customer suffer a security breach? Were Social Security numbers disclosed in a situation where their use was not necessary? What precautions can be taken in order to limit the occurrence of similar problems?
It should be no surprise that the surest path to strict enforcement action and severe penalties is to know of a problem but take no responsive action (or to be the second company facing a particular problem that has an easy fix).
Monitor Privacy Laws
RFID solutions providers need to keep apprised of the scope of the privacy and security laws that can affect their business. The current patchwork of statutes and regulations prescribe varying rules on the privacy of credit reports, medical data, phone records and video store rentals, to name a few. Government agencies and other end-user customers are now including privacy and security requirements in their business contracts. Moreover, the breadth and depth of topics covered—from financial records to health care to employee privacy—is expanding. Thus, RFID solutions providers looking to do business with customers subject to specific laws (such as those in the financial and medical fields) will need to adjust their privacy and security practices accordingly. Customer-specific plans may be necessary.
Privacy legislation is still a hot topic for both state and federal legislators. In certain instances, RFID solutions providers may want to influence pending legislation that could impact their business.
Given the current legal landscape, RFID providers should maintain their privacy and security compliance strategy as a "living document" that is updated in accordance with new laws and lessons learned. Such a strategy will be critical to landing that all-important first customer sale. In addition, savvy RFID providers will use timely updates to their compliance strategy as a means of maintaining ongoing contact with customers, realizing that such contacts often lead to follow-up sales. An effective compliance strategy is one that balances legal requirements with successful business approaches.
Kirk J. Nahra and John W. Kuzin are attorneys at Wiley Rein & Fielding, in Washington, D.C. Nahra is a partner and chair of the firm's privacy practice; Kuzin is a communications and privacy attorney who specializes in RFID technology.
Login and post your comment!
Not a member?
Signup for an account now to access all of the features of RFIDJournal.com!
SEND IT YOUR WAY
RFID JOURNAL EVENTS
ASK THE EXPERTS
Simply enter a question for our experts.
|RFID Journal LIVE!||RFID in Health Care||LIVE! LatAm||LIVE! Brasil||LIVE! Europe||RFID Connect||Virtual Events||RFID Journal Awards||Webinars||Presentations|