How privacy could affect the future roll out of rfids take note
Sponsored Links
This presentation is the property of its rightful owner.
1 / 35

How Privacy Could Affect the Future Roll-Out of RFIDs: Take Note PowerPoint PPT Presentation


  • 104 Views
  • Uploaded on
  • Presentation posted in: General

How Privacy Could Affect the Future Roll-Out of RFIDs: Take Note. Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Symposium on Supply Chain Management September 30, 2004. Just What is an RFID?. Radio Frequency Identification (RFID)

Download Presentation

How Privacy Could Affect the Future Roll-Out of RFIDs: Take Note

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


How Privacy Could Affect the Future Roll-Out of RFIDs: Take Note

Ann Cavoukian, Ph.D.

Information & Privacy Commissioner/Ontario

Symposium on Supply Chain Management

September 30, 2004


Just What is an RFID?

  • Radio Frequency Identification (RFID)

  • Generic term for technologies that use radio waves to automatically identify individual items


RFIDs and Supply Chain Management

  • Products are embedded with an RFID tag, which includes a microchip and tiny radio antenna

  • The microchip may contain data about the product, including a unique identifier called an Electronic Product Code (EPC)

  • Cases and pallets of products may also include their own RFID tags


RFID Readers

  • RFID readers at various points in the supply chain (e.g., factory loading docks) “wake up” the tags, which transmit the EPC and other data to the readers at a short distance (passive RFIDs)


Benefits of RFIDs

  • RFID technology offers benefits for supply chain management:

    • More efficient management and tracking of goods and inventory

    • Reduced labour costs (e.g., no manual scanning of individual items is required)


EPCglobal

  • Non-profit organization that is leading the development of industry standards for the Electronic Product Code (EPC), including the use of RFID technology

  • Public Policy Steering Committee is responsible for setting privacy standards


Privacy and RFIDs

  • RFID tags contain information about a product, not an individual (e.g., EPC, price, size, colour, manufacture date, etc.)

  • But many consumers perceive a threat to privacy


Consumer Perceptions

  • Consumers perceive that RFIDs may facilitate:

    • The merger and linking of product information and personal information without consent

    • The ability to track consumers who have purchased a product

    • The establishment of a widespread surveillance infrastructure


Implementing RFIDs

  • A failure to build privacy into the design and implementation of RFIDs can produce a consumer backlash

  • This can have an adverse impact on a company’s reputation and affect the bottom line


Consumer Backlash

  • How real is this?

  • Could privacy truly affect the roll-out of RFIDs?


Benetton

  • Italian clothier Benetton sparked a furor after it announced plans to implant RFID tags in its apparel (April 2003)

  • Public opposition forced the company to cancel its plans


Gillette: Keeping “Tags” on Customers

  • Privacy groups threatened a consumer boycott after the media reported that Gillette was testing a “smart shelf” at a Tesco store in the U.K., possibly for theft detection purposes (July 2003)

  • RFID tags embedded in Gillette razor packages triggered CCTV cameras that took a picture of a customer both when he or she removed a package from the shelf and at the check-out


Metro AG

  • Metro AG, a German company, announced plans to start using RFID chips in supermarket loyalty cards in one store

  • The purpose of this initiative was supposedly to allow the store to verify the age of shoppers wanting to view DVD movie trailers

  • Metro AG abandoned its plans after protests from privacy groups (March 2004)


Checkpoint: Tracking Individual Items

  • Checkpoint Systems Inc. announced earlier this month that it has developed new RFID solutions for tracking individual consumer items

  • CASPIAN, a U.S.-based consumer rights group, claimed that:

    • Checkpoint was developing RFID “spychips” for three well-known clothing labels

    • Consumers wearing the tagged clothing could potentially be identified and tracked by readers


Get Ready for a Good Fight

  • Checkpoint senior executive: “These RFID applications are prototype designs to demonstrate how the technology will fulfill a customer’s need for greater information and stock availability …”

  • CASPIAN: “[We] will be working with consumers on an aggressive response to this privacy threat. Roll up your sleeves and get ready for a good fight.”


Information Privacy Defined

  • Information Privacy/Data Protection

    • Freedom of choice; control; informational self-determination

    • Personal control over the collection, use and disclosure of any recorded information about an identifiable individual


Fair Information Practices:A Brief History

  • OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data

  • EU Directive on Data Protection

  • CSA Model Code for the Protection of Personal Information

  • Personal Information Protection and Electronic Documents Act (Canada)


Summary of Fair Information Practices

  • Accountability

  • Identifying Purposes

  • Consent

  • Limiting Collection

  • Limiting Use, Disclosure, Retention

  • Accuracy

  • Safeguards

  • Openness

  • Individual Access

  • Challenging Compliance


Federal Private-Sector Privacy Legislation

  • Personal Information Protection and Electronic Documents Act (PIPEDA)

  • Applies to personal information collected, used or disclosed in the course of commercial activities by all:

    • federally regulated organizations and

    • provincially regulated organizations, unless a substantially similar provincial privacy law is in force


Provincial Private-Sector Privacy Laws

Québec: Act respecting the protection of personal information in the private sector

B.C.: Personal Information Protection Act

Alberta:Personal Information Protection Act

Ontario: draft Privacy of Personal Information Act, 2002 – not introduced…so PIPEDA applies


How The Public Divides on Privacy

The “Privacy Dynamic” - BattleDr. Alan Westin

for the minds of the pragmatists


Importance of Consumer Trust

  • In the post-9/11 world:

    • Consumers either as concerned or more concerned about online privacy

    • Concerns focused on the business use of personal information, not new government surveillance powers

  • If consumers have confidence in a company’s privacy practices, they are more likely to:

    • Increase volume of business with company……....91%

    • Increase frequency of business……………….…...90%

    • Stop doing business with company if PI misused…83%

      Harris/Westin Poll, Nov. 2001 & Feb. 2002


Damage Caused by Privacy Breaches

  • The Information Security Forum reported that a company’s privacy breaches can cause major damage to brand and reputation:

    • 25% of companies surveyed experienced some adverse publicity due to privacy

    • 1 in 10 had experienced civil litigation, lost business or broken contracts

    • Robust privacy policies and staff training were viewed as keys to avoiding privacy problems

      The Information Security Forum, July 7, 2004


Building Privacy Safeguards into RFIDs

  • RFIDs will continue to produce a consumer backlash unless both RFID manufacturers and business users adopt privacy safeguards

  • Privacy is not a concern at most stages of the supply chain (e.g., tracking items in a warehouse)

  • However, privacy concerns are triggered at the point when a consumer comes into contact with a product with an RFID tag


The Privacy Solution

  • RFID tags should be de-activated at the point of sale

  • De-activation should be the default

  • Customers should be able to choose to have an RFID tag re-activated


Openness and Transparency

  • Businesses should be open and transparent with consumers about the use of RFID tags and readers

  • If RFIDs are embedded in a product that makes its way to the retail shelf, proper notice should be provided to consumers


Notice

  • Notice must be conspicuous to the consumer and explain what an RFID is in plain language (not technical language)

  • It must explain where RFIDs are being used and for what purposes

  • Proper notice could be in the form of signs, labels, brochures, etc.


Choice

  • Potential reasons for RFID tag re-activation:

    • Facilitating product returns and warranty servicing

    • Facilitating recovery of lost or stolen products to consumer

    • Enabling interaction with “smart” appliances

  • Consumers should have the choice to have an RFID tag re-activated without cost


Use Limitation

  • Personal information must not be used for purposes other than those for which it was collected, except with the consent of the individual or as required by law


Consent

  • A business must not merge or link a consumer’s personal information with RFID information about a specific purchased product, without that individual’s knowledge and consent

  • Consent must be voluntary and informed, which means that the individual understands the nature and consequences of providing or withholding consent


Challenging Compliance

  • A business should have a clear process in place for resolving privacy complaints from its customers about RFIDs

  • A business’s chief privacy officer (CPO) and other privacy compliance staff must be key players in the design and launch of any RFID initiative


Staff Education and Training

  • Both managers and frontline employees must be provided with privacy training that includes information about RFIDs

  • They must be trained to provide clear, honest and informed answers to customers who have privacy concerns about the tracking potential of RFID tags


To Find out More …

  • The Information and Privacy Commissioner of Ontario has published two RFID papers:

    • Tag, You’re It: Privacy Implications of Radio Frequency Identification (RFID) Technology (February 2004)

      www.ipc.on.ca/docs/rfid.pdf

    • Guidelines for Using RFID Tags in Ontario Public Libraries (June 2004)

      www.ipc.on.ca/docs/rfid-lib.pdf


Final Thought

“Anyone today who thinks the privacy issue has peaked is greatly mistaken…we are in the early stages of a sweeping change in attitudes that will fuel political battles and put once-routine business practices under the microscope.”

Forrester Research, March 5, 2001


How to Contact Us

Commissioner Ann Cavoukian

Information & Privacy Commissioner/Ontario

2 Bloor Street East, Suite 1400

Toronto, Ontario M4W 1A8

Phone: (416) 326-3333

Web: www.ipc.on.ca

E-mail: [email protected]


  • Login