RFID privacy guidelines established

A group of IT suppliers and users has issued a set of best practice guidelines on how firms should use consumer information they gather via radio frequency identification (RFID) technology.

A group of IT suppliers and users has issued a set of best practice guidelines on how firms should use consumer information they gather via radio frequency identification (RFID) technology.

RFID is used mainly in the business supply chain to track and identify items such as products, shipping crates, livestock and clothing, but analysts believe it will be used more and more to track consumer goods and gather customer information, particularly location data.

Sarah Burnett, senior research analyst at Butler Group, said, “I can see RFID eventually appearing in the consumer area – for example, to tag cereal packages, to speed up responses to promotions, linked to mobiles, to get instant feedback.”

Consumer protection has therefore become a concern for privacy advocates critical of RFID. The best practices group represents the first industry attempt to ensure that customers are protected.

Suppliers Microsoft and Intel, and users Procter & Gamble, the American Library Association, Eli Lilly, VeriSign and Visa are among the organisations that have worked on the document.

It offers guidance on how companies should notify consumers about RFID data collection; what choice consumers should have regarding their personal information, and how that information should be treated and secured by the companies that collect it.

The Center for Democracy & Technology led the working group.

 

Read more on Wireless networking

RFID privacy, security should start with design Companies planning to deploy radio frequency identification technology (RFID) must demand that privacy and security issues are addressed in the design and procurement phases of the implementation, according to Toby Stevens, a leading privacy and identity expert. Privacy should not be a "value-add feature," said Stevens, director of the UK-based Enterprise Privacy Group, an association of public agencies and corporations working to understand and develop solutions to privacy and identity-related issues. In an interview with SearchSecurity.com, Stevens talked about whether the European Commission would mandate policy controls for RFID privacy and whether government legislation could stall widespread use of the technology. Stevens said the opinions given are his own and do not necessarily reflect those of his group's member organizations.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close