By Jo Best, 27 September 2006 13:05
NEWS
The UK's information watchdog has warned companies using RFID to make sure they're playing nicely with data protection legislation - even if it means telling consumers how to disable the tags.
The Information Commissioner's Office (ICO) has published a guidance for enterprises setting out how they must deal with individuals' data when it becomes linked to RFID tags - whether they're found attached to goods in a supermarket or on smartcards such as the Oyster card.
Businesses with RFID systems in place or those thinking of deploying them should be complying with best practices, according to the ICO, as well as making sure they abide by the Data Protection Act.
The ICO counsels RFID users to beware of function creep and only collect data where necessary. "It is recommended that RFID users do not collect or store personal data if it is not necessary to do so. Keeping track of the popularity of products, for example, will not necessarily require the recording of data about specific shoppers' buying habits," it says in its guidance.
Businesses are also duty bound to inform customers where, when and how RFID tags are being used and must tell them how to remove or disable them in certain cases, such as when they are still left on clothes after a consumer has bought them.
The ICO said: "In a world of 'ubiquitous computing', security and privacy safeguards should be built into the architecture of RFID systems, rather than added on later."
Comments
There are 7 comments. Join the discussion
1. Simon Cox
Will the retail industry listen to this advice? Its a bit lame - don't collect info that you don't need - retailers will justify all the data as being needed and its a data junkies dream come true. They are not going to delete valuable data that might be really usefull in 2 years time just because they cannot use it today. The question for me though is how are they going to advise consumers how to eliminate the tags when there may be hundreds or thousand of products each with a different way of integrating the tag.
2. Chris Goodman
Logical and obvious that RFID tags must be disabled after goods are obtained by consumer (end of chain). Failure to do this could well cause problems if an item bearing a tag re-enters the location and range of a RFID sensor.
3. Roger Huffadine
My experience of the ICO 'Guidelines' is that they have no authority to police them - because they are only 'guidelines'. I have a file 1" thick covering the ICO guidelines on the use of CCTV cameras that record customers chip and PIN numbers at checkouts. The ICO says "don't" the retail industry does - the ICO admits that it can't enforce its own 'guidelines'. If anyone wants to see the file just contact me - I'm easy to find :))
4. anonymous
Well the ICO could be given teeth and each offence by the Supermarkets could be fined at £10,000 that would bring compliance pretty rapidly, I would expect.
5. anonymous
Yes, I agree, it is all getting too invasive & dangerous. The 'major' supermarkets & retailers seem to think they are a law unto themselves. Coincidentally one of New Labours higher profile supporters is one Lord Sainsbury, one of Tony's cronies, as I recall......................!
6. Angelo Zorbas
An Australian company has recently filed a patent in the USA and other countries for a "reversible" RFID tag that can be disarmed by the shopper yet be re-armed if the goods are returned to the shop, ensuring restoration of RFID inventory control at no additional cost.
In addition, the tamper-evident nature of the tag prevents the tag being removed from one item to another (counterfeit goods or fraudulent product returns)
7. John Airey
If RFID tags are on clothes, I believe a microwave oven can disable them permanently!