How privacy could affect the future roll out of rfids take note
This presentation is the property of its rightful owner.
Sponsored Links
1 / 35

How Privacy Could Affect the Future Roll-Out of RFIDs: Take Note PowerPoint PPT Presentation


  • 99 Views
  • Uploaded on
  • Presentation posted in: General

How Privacy Could Affect the Future Roll-Out of RFIDs: Take Note. Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Symposium on Supply Chain Management September 30, 2004. Just What is an RFID?. Radio Frequency Identification (RFID)

Download Presentation

How Privacy Could Affect the Future Roll-Out of RFIDs: Take Note

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


How privacy could affect the future roll out of rfids take note

How Privacy Could Affect the Future Roll-Out of RFIDs: Take Note

Ann Cavoukian, Ph.D.

Information & Privacy Commissioner/Ontario

Symposium on Supply Chain Management

September 30, 2004


Just what is an rfid

Just What is an RFID?

  • Radio Frequency Identification (RFID)

  • Generic term for technologies that use radio waves to automatically identify individual items


Rfids and supply chain management

RFIDs and Supply Chain Management

  • Products are embedded with an RFID tag, which includes a microchip and tiny radio antenna

  • The microchip may contain data about the product, including a unique identifier called an Electronic Product Code (EPC)

  • Cases and pallets of products may also include their own RFID tags


Rfid readers

RFID Readers

  • RFID readers at various points in the supply chain (e.g., factory loading docks) “wake up” the tags, which transmit the EPC and other data to the readers at a short distance (passive RFIDs)


Benefits of rfids

Benefits of RFIDs

  • RFID technology offers benefits for supply chain management:

    • More efficient management and tracking of goods and inventory

    • Reduced labour costs (e.g., no manual scanning of individual items is required)


Epcglobal

EPCglobal

  • Non-profit organization that is leading the development of industry standards for the Electronic Product Code (EPC), including the use of RFID technology

  • Public Policy Steering Committee is responsible for setting privacy standards


Privacy and rfids

Privacy and RFIDs

  • RFID tags contain information about a product, not an individual (e.g., EPC, price, size, colour, manufacture date, etc.)

  • But many consumers perceive a threat to privacy


Consumer perceptions

Consumer Perceptions

  • Consumers perceive that RFIDs may facilitate:

    • The merger and linking of product information and personal information without consent

    • The ability to track consumers who have purchased a product

    • The establishment of a widespread surveillance infrastructure


Implementing rfids

Implementing RFIDs

  • A failure to build privacy into the design and implementation of RFIDs can produce a consumer backlash

  • This can have an adverse impact on a company’s reputation and affect the bottom line


Consumer backlash

Consumer Backlash

  • How real is this?

  • Could privacy truly affect the roll-out of RFIDs?


Benetton

Benetton

  • Italian clothier Benetton sparked a furor after it announced plans to implant RFID tags in its apparel (April 2003)

  • Public opposition forced the company to cancel its plans


Gillette keeping tags on customers

Gillette: Keeping “Tags” on Customers

  • Privacy groups threatened a consumer boycott after the media reported that Gillette was testing a “smart shelf” at a Tesco store in the U.K., possibly for theft detection purposes (July 2003)

  • RFID tags embedded in Gillette razor packages triggered CCTV cameras that took a picture of a customer both when he or she removed a package from the shelf and at the check-out


Metro ag

Metro AG

  • Metro AG, a German company, announced plans to start using RFID chips in supermarket loyalty cards in one store

  • The purpose of this initiative was supposedly to allow the store to verify the age of shoppers wanting to view DVD movie trailers

  • Metro AG abandoned its plans after protests from privacy groups (March 2004)


Checkpoint tracking individual items

Checkpoint: Tracking Individual Items

  • Checkpoint Systems Inc. announced earlier this month that it has developed new RFID solutions for tracking individual consumer items

  • CASPIAN, a U.S.-based consumer rights group, claimed that:

    • Checkpoint was developing RFID “spychips” for three well-known clothing labels

    • Consumers wearing the tagged clothing could potentially be identified and tracked by readers


Get ready for a good fight

Get Ready for a Good Fight

  • Checkpoint senior executive: “These RFID applications are prototype designs to demonstrate how the technology will fulfill a customer’s need for greater information and stock availability …”

  • CASPIAN: “[We] will be working with consumers on an aggressive response to this privacy threat. Roll up your sleeves and get ready for a good fight.”


Information privacy defined

Information Privacy Defined

  • Information Privacy/Data Protection

    • Freedom of choice; control; informational self-determination

    • Personal control over the collection, use and disclosure of any recorded information about an identifiable individual


Fair information practices a brief history

Fair Information Practices:A Brief History

  • OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data

  • EU Directive on Data Protection

  • CSA Model Code for the Protection of Personal Information

  • Personal Information Protection and Electronic Documents Act (Canada)


Summary of fair information practices

Summary of Fair Information Practices

  • Accountability

  • Identifying Purposes

  • Consent

  • Limiting Collection

  • Limiting Use, Disclosure, Retention

  • Accuracy

  • Safeguards

  • Openness

  • Individual Access

  • Challenging Compliance


Federal private sector privacy legislation

Federal Private-Sector Privacy Legislation

  • Personal Information Protection and Electronic Documents Act (PIPEDA)

  • Applies to personal information collected, used or disclosed in the course of commercial activities by all:

    • federally regulated organizations and

    • provincially regulated organizations, unless a substantially similar provincial privacy law is in force


Provincial private sector privacy laws

Provincial Private-Sector Privacy Laws

Québec: Act respecting the protection of personal information in the private sector

B.C.: Personal Information Protection Act

Alberta:Personal Information Protection Act

Ontario: draft Privacy of Personal Information Act, 2002 – not introduced…so PIPEDA applies


How the public divides on privacy

How The Public Divides on Privacy

The “Privacy Dynamic” - BattleDr. Alan Westin

for the minds of the pragmatists


Importance of consumer trust

Importance of Consumer Trust

  • In the post-9/11 world:

    • Consumers either as concerned or more concerned about online privacy

    • Concerns focused on the business use of personal information, not new government surveillance powers

  • If consumers have confidence in a company’s privacy practices, they are more likely to:

    • Increase volume of business with company……....91%

    • Increase frequency of business……………….…...90%

    • Stop doing business with company if PI misused…83%

      Harris/Westin Poll, Nov. 2001 & Feb. 2002


Damage caused by privacy breaches

Damage Caused by Privacy Breaches

  • The Information Security Forum reported that a company’s privacy breaches can cause major damage to brand and reputation:

    • 25% of companies surveyed experienced some adverse publicity due to privacy

    • 1 in 10 had experienced civil litigation, lost business or broken contracts

    • Robust privacy policies and staff training were viewed as keys to avoiding privacy problems

      The Information Security Forum, July 7, 2004


Building privacy safeguards into rfids

Building Privacy Safeguards into RFIDs

  • RFIDs will continue to produce a consumer backlash unless both RFID manufacturers and business users adopt privacy safeguards

  • Privacy is not a concern at most stages of the supply chain (e.g., tracking items in a warehouse)

  • However, privacy concerns are triggered at the point when a consumer comes into contact with a product with an RFID tag


The privacy solution

The Privacy Solution

  • RFID tags should be de-activated at the point of sale

  • De-activation should be the default

  • Customers should be able to choose to have an RFID tag re-activated


Openness and transparency

Openness and Transparency

  • Businesses should be open and transparent with consumers about the use of RFID tags and readers

  • If RFIDs are embedded in a product that makes its way to the retail shelf, proper notice should be provided to consumers


Notice

Notice

  • Notice must be conspicuous to the consumer and explain what an RFID is in plain language (not technical language)

  • It must explain where RFIDs are being used and for what purposes

  • Proper notice could be in the form of signs, labels, brochures, etc.


Choice

Choice

  • Potential reasons for RFID tag re-activation:

    • Facilitating product returns and warranty servicing

    • Facilitating recovery of lost or stolen products to consumer

    • Enabling interaction with “smart” appliances

  • Consumers should have the choice to have an RFID tag re-activated without cost


Use limitation

Use Limitation

  • Personal information must not be used for purposes other than those for which it was collected, except with the consent of the individual or as required by law


Consent

Consent

  • A business must not merge or link a consumer’s personal information with RFID information about a specific purchased product, without that individual’s knowledge and consent

  • Consent must be voluntary and informed, which means that the individual understands the nature and consequences of providing or withholding consent


Challenging compliance

Challenging Compliance

  • A business should have a clear process in place for resolving privacy complaints from its customers about RFIDs

  • A business’s chief privacy officer (CPO) and other privacy compliance staff must be key players in the design and launch of any RFID initiative


Staff education and training

Staff Education and Training

  • Both managers and frontline employees must be provided with privacy training that includes information about RFIDs

  • They must be trained to provide clear, honest and informed answers to customers who have privacy concerns about the tracking potential of RFID tags


To find out more

To Find out More …

  • The Information and Privacy Commissioner of Ontario has published two RFID papers:

    • Tag, You’re It: Privacy Implications of Radio Frequency Identification (RFID) Technology (February 2004)

      www.ipc.on.ca/docs/rfid.pdf

    • Guidelines for Using RFID Tags in Ontario Public Libraries (June 2004)

      www.ipc.on.ca/docs/rfid-lib.pdf


Final thought

Final Thought

“Anyone today who thinks the privacy issue has peaked is greatly mistaken…we are in the early stages of a sweeping change in attitudes that will fuel political battles and put once-routine business practices under the microscope.”

Forrester Research, March 5, 2001


How to contact us

How to Contact Us

Commissioner Ann Cavoukian

Information & Privacy Commissioner/Ontario

2 Bloor Street East, Suite 1400

Toronto, Ontario M4W 1A8

Phone: (416) 326-3333

Web: www.ipc.on.ca

E-mail: [email protected]


  • Login