Home Internet of Things Aerospace Apparel Energy Defense Health Care Logistics Manufacturing Retail

Washington State Adopts Second RFID Privacy Law

The bill, newly signed by the governor, prohibits scanning RFID tags unless they were provided by the business or agency itself.
By Claire Swedberg
Apr 17, 2009Washington State Governor Christine Gregoire has signed into law a bill prohibiting the scanning of an RFID tag by anyone except the business or agency that issued that tag, with certain exceptions.

The legislation, known as House Bill (HB) 1011, lists a dozen such exceptions, including situations in which the scanning is part of a sales transaction initiated by the tag holder, or data from an individual's identification device is remotely read or stored in the course of an act of good-faith security research, experimentation or scientific inquiry. The law is set to go into effect on July 26, 2009.

HB 1011 was one of three RFID-related privacy-protection bills introduced by House Speaker Pro Tempore Jeff Morris (D-Mount Vernon) in January of this year (see Washington State Rep Reintroduces RFID Legislation). While HB 1011 was modified and ultimately signed into law on Apr. 13, Morris says the remaining two bills will be dropped for the current legislative session.

After its January introduction, HB 1011 went through several modifications, including the elimination of language that would have required a signature from the RFID tag holder indicating he or she was aware of the tag and approved of its use by the providing company or agency. Dan Mullen, president of automatic-identification standard trade association AIM Global, believes the bill signed into law was reasonable and well thought-out. "They're looking at punishing surreptitious reading of a tag," he says, "and they've added a lot of exceptions that seem pretty reasonable."

Morris says that after meeting this year with a stakeholder group that included retailers and RFID technology vendors, he decided that obtaining signed permission from holders of RFID tags (such as those embedded in a retailer's loyalty cards) was a matter that should be decided by the business itself. "We've had a six-year engagement with the stakeholders," he states. Although the bill as signed represented a compromise, he says, "I think this is a big step for privacy."

Some of the bill's exceptions had already been included in the original version, such as the use of RFID for triage or medical care in the case of a public disaster, court-ordered electronic monitoring, incarcerated individuals and the reading of a lost identification document by police.

Login and post your comment!

Not a member?

Signup for an account now to access all of the features of RFIDJournal.com!

Case Studies Features Best Practices How-Tos
Live Events Virtual Events Webinars
Simply enter a question for our experts.
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations