Posts Tagged ‘RFID tags

RFID Privacy Guidelines

1. Accountability

An organization is responsible for personal information under its control and should designate a person who will be accountable for the organization’s compliance with the following principles, and the necessary training of all employees. Organizations should use contractual and other means to provide a comparable level of protection if the information is disclosed to third parties.

Organizations that typically have the most direct contact and primary relationship with the individual should bear the strongest responsibility for ensuring privacy and security, regardless of where the RFID-tagged items originate or end up in the product life cycle.

2. Identifying Purposes

Organizations should clearly identify and communicate to the individual the purposes for collecting, linking to, or allowing linkage to personal information, in a timely and effective manner. Those purposes should be specific and limited, and the organizations and persons collecting personal information should be able to explain them to the individual.

3. Consent

Organizations must seek individual consent prior to collecting, using, or disclosing personal information linked to an RFID tag. To be valid, consent must be based upon an informed understanding of the existence, type, locations, purposes and actions of the RFID technologies and information used by the organization. Individual privacy choices should be exercised in a timely, easy and effective way, without any coercion. Consumers should be able to remove, disable or deactivate item-level RFID tags, without penalty.

Automatic deactivation of RFID tags, at the point of sale, with the capability to re-activate, should be the ultimate goal. Consumers should be able to choose to re-activate them at a later date, re-purpose them, or otherwise exercise control over the manner in which the tags behave and interact with RFID readers.

4. Limiting Collection

Organizations should not collect or link an RFID tag to personally identifiable information indiscriminately or covertly, or through deception or misleading purposes. The information collected should be limited to the minimum needed to fulfil the stated purposes, with emphasis on minimizing the identifiability of any personal data linked to the tag, minimizing observability of RFID tags by unauthorized readers or persons, and minimizing the linkability of collected data to any personally identifiable information.

5. Limiting Use, Disclosure and Retention

Organizations must obtain additional individual consent to use, disclose or link to personal information for any new purposes. Personal information should only be retained to fulfil the stated purposes, and then securely destroyed. Retailers should incorporate the data minimization principles outlined above, into and throughout their RFID information systems.

6. Accuracy

Organizations should keep personal and related RFID-linked information as accurate, complete, and up-to-date as is needed for the stated purposes, especially when used to make decisions affecting the individual.

7. Safeguards

Organizations should protect personal information linked to RFID tags, appropriate to its sensitivity, against loss or theft, and against unauthorized interception, access, disclosure, copying, use, modification, or linkage. Organizations should make their employees aware of the importance of maintaining the confidentiality of personal information through appropriate training. Although physical, organizational and technological measures may all be necessary, technological safeguards should be given special emphasis.

 

8. Openness

Organizations should make readily available to individuals specific information about their policies and practices relating to the operation of RFID technologies and information systems, and to the management of personal information. This information should be made available in a form that is understandable to the individual.

9. Individual Access

Organizations should, upon request, inform the individual of the existence, use, linkage and disclosure of his or her personal information, provide reasonable access to that information, and the ability to challenge its accuracy and completeness, and have it amended as appropriate.

10. Challenging Compliance

Organizations should have procedures in place to allow an individual to file a complaint concerning compliance with any of the above principles, with the designated person accountable for the organization’s compliance.

Tags : , , , , , , ,

RFID today and tomorrow

Many of us already use RFID tags routinely. Examples include:

Some fifty million house pets around the world have RFID tags implanted in their bodies, to facilitate return to their owners should they become lost. In a world where everyday objects carried RFID tags –perhaps the world of the future – remarkable things wouldbe possible. Here are a few possibilities (among the myriad that the reader might dream up):

  1. Smart appliances: By exploiting RFID tags in garments and packages of food, home appliances could operate more cleverly. Washing machines might select wash cycles automatically, for instance, to avoid damage to delicate fabrics. Your refrigerator might warn you when the milk has expired or you have only one remaining carton of yogurt – and could even transmit a shopping list automatically to a home delivery service.
  2. Shopping: In retail shops, consumers could check outby rolling shopping carts past point-of-sale terminals. These terminals would automatically tally the items, compute the total cost, and perhaps even charge the consumers’ RFID-enabled payment devices and transmit receipts to their mobile phones. Consumers could return items without receipts. RFID tags would act as indices into database payment records, and help retailers track the pedigrees of defective or contaminated items.
  3. Interactive objects: Consumers could interact with RFID-tagged objects through their mobile phones. (Some mobile phones already have RFID readers.) A consumer could scan a movie poster to display show times on herphone. She could obtain manufacturer information on a piece of furniture she likes by waving her phone over it.
  4. Medication compliance: Research at Intel and the University of Washington exploits RFID to facilitate medication compliance and home navigation for the elderly and cognitively impaired. As researchers have demonstrated, for example, an RFID-enabled medicine cabinet could help verify that medications are taken in a timely fashion. More generally, RFID promises to bring tremendous benefits to hospitals

Tags : , , , , , , ,