Sponsored by BloggingTheSingularity.com
Best practices for RFID deployment - Privacy Issues
Hey everyone,
I'm new to H+Cafe and would love input from you on this report I compiled. I put this report together for my Safety and Security class as part of my MBA. Your thoughts, both positive and negative would be much appreciated:-)
Personal privacy infringment is a huge issue with respect to RFID technology. The best practices outlined below are guidelines for organizations that would like to implement RFID systems in thier workplace.
For those of you who have good knowledge about ubiquitous technology, specifically RFID systems, please skip the LONG introduction and move onto the Global Best Practicies (they are numbered from 1 to 10)
Also, there are citations but references are available upon request
Here it goes...
Abstract
Radiofrequency Identification (RFID) is a major component of a Ubiquitous city, where all information systems are linked through pervasive technology. As with many technologies, privacy infringement is a critical concern to both individuals and organizations. RFID technologies cause particular concern since they can allow large amounts of personal information to be collected in real-time regardless of one’s own approval. This report provides information on ubiquitous technologies and the emergence of ubiquitous cities, and focuses on the driving force of these cities: RFID. This report addresses the privacy risks of RFID technology, the current legislation and provides 10 global best practices for organizations considering RFID deployment. The global best practices encompass the universal principles of privacy.
Background on Ubiquitous Technology
The word "ubiquitous" can be defined as "existing or being everywhere at the same time” (ubiquitous, 2009). When applying this concept to technology, the term ubiquitous implies that technology is everywhere and we use it all the time. The term “ubiquitous computing” was coined by Mark Weiser at Xerox Palo Alto Research Center (PARC) to describe a vision of future technology that would be continuously available and would anticipate the user’s needs, even when the user was not explicitly aware of the technology (Weiser, 1991). In general, ubiquitous technology (also known as pervasive computing or location-aware technology) is the trend towards increasingly connected computing devices and is being brought about by a unification of advanced electronic and wireless technologies (Kumar & Chatterjee, 2005). Opposite of personal computers, pervasive computing devices are very small and are either mobile or embedded in many types of objects such as resort wristbands, employee badges, building access cards, clothing and even patient tracking in the healthcare sector (Cavoukian, 2004; Kumar & Chatterjee, 2005; Muta, 2006; Whitehouse & Ragus, 2006).
Ubiquitous computing technologies have been applied to many fields including public service, education, health, and travel and tourism (Cavoukian, 2004; Kim, Park & Jee, 2007; Lee, Lee & Kong, 2007; Muir, 2007; Muta, 2006; Roberti, 2009; Whitehouse & Ragus, 2006). For example, with respect to tourism, the city of Seoul has applied a U-tour portal system that provides information on restaurants, retails, accommodations, and the tourist attractions in the city to draw over 12 million tourists to Seoul by 2010. Visitors will be able to get access to the services by using their cellular phones (Lee et al., 2007).
The Ubiquitous city (U-City)
Recently, ubiquitous technologies are being combined within one city, making it possible to create a U-city. The U-city is a sophisticated and intelligent city where information can be easily exchanged among people, objects and environments inside the city based on the ubiquitous information network (Galloway, 2004; Lee, Lee & Kong, 2007; O’Connell, 2005). Songdo city, in Korea is an example of a U-city that is currently being developed as an International Business District (McKeough, 2009; Songdo, 2006). US based Gale international and Korean based Posco E&C have joined together the best international and local development capabilities to form a joint venture called New Songdo International City Development, LLC (NSIC) (McKeough, 2009; Songdo, 2006). NSIC aims to build a high quality international city where both Koreans and foreigners will want to visit, live and work. Gale is building a community where locals and visitors are connected to each other through pervasive technologies (Songdo, 2006). The city’s goal is to attract the best multinational companies and will consist of commercial space, residential space, retail, hospitality and school use (Songdo, 2006). Furthermore, Kangwon Province in Korea has started the U-Kangwon project to boost local economy with digitalized tourism services (Kim, 2008).
Radiofrequency Identification (RFID) Ubiquitous Technology
In a U-city, private information becomes readily available and therefore, personal privacy issues may be a serious security problem. Although the U-city phenomenon is initializing in Asian countries, technological components of the U-city are already present in Western countries. Radio Frequency Identification (RFID), for example, is used on the 407 Toll Route in Ontario, on product packages at Wal-Mart, and at ESSO Imperial Oil’s for its SpeedPass system (Cavoukian, 2004). RFID is perceived to be the backbone of the ubiquitous technology environment, in which information and communication flows everywhere, for everyone, at all times (Department of Communications, Information Technology and the Arts [DCITA], 2006; Gilbert, 2007; Kumar & Chatterjee, 2005; Ngai & Gunasekaran, 2009). RFID technologies can allow large amounts of private information to be collected in real-time regardless of one’s own approval (CASPIAN, 2003; Cavoukian, 2004; Center for Democracy and Technology [CDT], 2006; Lee, Lee & Kong, 2007). More specifically, by analyzing RFID information of a purchased item by individuals, one can learn about the individual’s pattern of expenditure, social status, current physical location and medical related information (Cavoukian, 2004; Lee, Lee & Kong, 2007; Lee et al., 2007; Whitehouse & Ragus, 2006). RFID technology has the potential to revolutionize the way goods and other objects are identified and tracked. It can improve business efficiency, reduce costs, and can make entirely new types of business possible (DCITA, 2006; Roberti, 2009; Whitehouse &Ragus, 2006).
RFID technology has been present for many decades with its origins traced back to radio transponders used to distinguish allied and enemy aircraft via radar during WWII (DCITA, 2006; Whitehouse & Ragus, 2006). Following the war, new applications were developed for RFID to track military equipment and personnel. RFID allows relatively large amounts of data to be associated with objects (or people) by attaching a tag to them. These tags contain a small integrated silicon chip which is electrically connected to an antenna. The tags can be “read” (data can be obtained) automatically via fixed or mobile readers. The RFID tag is read by a reader transmitting a radio frequency field and the tag reflecting a response back to a receiver in the reader. However, unlike a barcode, RFID operation does not need a line of sight, and tags can be read through certain materials. The data read from the tags are then processed by RFID software and can provide real time information about tagged items. The information can be analysed and instantly shared online within an organization or between organizations (Cavoukian, 2004; DCITA, 2006; Gilbert, 2007; Lee et al., 2007; Muir, 2007; Ngai & Gunasekaran, 2009; Pan, Pan & Devadoss, 2007).
RFID Privacy Concerns
While there are benefits of RFID, such as faster service and mass customization, some attributes of the technology could be deployed in ways that threaten privacy. For example,
• Hidden placement of tags: RFID tags can be embedded into/onto objects and documents
without the knowledge of the individual who obtains those items.
• Hidden readers: Tags can be read from a distance, not restricted to line of sight, by readers that can be integrated invisibly into nearly any environment. RFID readers have been embedded into floor tiles, woven into carpeting and hidden in doorways.
• Massive data aggregation: RFID deployment requires the creation of massive databases
containing data and could be linked with personal information.
• Individual tracking and profiling: If personal identity were linked with unique RFID tag numbers, individuals could be profiled and tracked without their knowledge or consent (CASPIAN, 2003; Cavoukian, 2004; Muir, 2007; Ngai & Gunasekaran, 2009; Officer of the Privacy Commissioner of Canada, 2008).
Benefits and concerns aside, RFID technology is growing and becoming more widely accepted. Therefore, organizations need a plan for implementation (DCITA, 2006; Gilbert, 2007; Lee et al., 2007; Whitehouse & Ragus, 2006).
Canadian Privacy Legislation
Currently, there are no specific requirements in Canada for organizations using RFID to inform their consumers and/or employees about the presence of RFID technology, its purpose, or how the information will be used. The RFID Right to Know Act was proposed by CASPIAN, a grass-roots association that is dedicated to protecting consumers from marketing strategies that invade consumer privacy. However, the law was not passed (RFID Right to Know Act, 2003). Despite this, if the organization is collecting personal information then privacy laws do apply (Office of the Privacy Commissioner of Canada, 2008; Treasury Board of Canada Secretariat, 2003). Generally, the principles contained in the Personal Information Protection and Electronic documents Act (PIPEDA) and the Privacy Act apply to organizations considering RFID implementation. In order to assuage privacy concerns and to follow the universal privacy principles, 10 global best practices are identified for organizations that choose to implement RFID technology in their place of business. The following privacy principles will be defined and incorporated in the Global Best Practices:
Security Safeguards Principle Openness Principle
Consent Principle Purpose specification Principle
Individual Access Principle Limiting Collection Principle
Limiting Retention Principle Data Accuracy Principle
Accountability Principle Challenging Compliance
(Officer of the Privacy commissioner of Canada, 2008; Treasury Board of Canada Secretariat, 2003).
TOP TEN GLOBAL BEST PRACTICES
1. Select the right partners
The first and most critical practice for organizations deciding to deploy RFID technology is to partner with trustworthy RFID manufacturers and their distributors and ensure that the organisation’s suppliers are committed to the project. Finding the most appropriate technological partners depends on considerations such as location, availability of personnel for technical difficulties, level of expertise, and cost. Most significantly, companies using RFID technology should ensure that their manufacturers address the privacy and security issues as part of the initial technological design. In other words, rather than retrofitting RFID systems to respond to privacy and security issues, which could be costly and time consuming, these issues should be embedded in the design. Due to this factor, due diligence in choosing partners should be requisite to deploying RFID technology.
Furthermore, the company’s current technologies must integrate with the RFID manufacturer’s technology. For example, Wal-Mart’s decision to partner with Zebra Technologies Corporation (a leading manufacturer of bar code and RFID smart labelling solutions), SAP (technology leader in business software solutions) and Peak Technologies (an international systems integrator of supply chain automation solutions) was based on the fact that its company was running SAP® software. Zebra RFID printers/encoders are already integrated with SAP, and Peak is a strong partner of both SAP and Zebra. A major problem in the hospitality industry is that many hotels operate legacy systems that are not currently compatible with today’s RFID solutions. These integration issues must be repaired in order for the hospitality sector to advance with RFID systems. With respect to suppliers, it is important that their technologies integrate with the organization’s and the manufacturer’s technologies to ensure smooth operation and accurate data transmission. RFID manufacturers and software companies, who may already work with key suppliers, can also assist companies with compliance mandates for their suppliers.
(Center for Democracy and Technology [CDT], 2006; DCITA, 2006;GAO RFID Inc, 2008; Lee et al., 2007; Muta, 2006; Roberti, 2009; Whitehouse & Ragus, 2006 )
2. Pilot the project
Once the company has its manufactures secured and its suppliers onboard, it is crucial to perform a pilot project. Depending on the type of business, this can be done in a variety of ways. For example, a resort can attempt a cashless payment system by providing select travelers (a focus group that is privy to the test) with RFID wristbands. Likewise, a gift shop can select two or three products, work closely with the suppliers and determine the extent of customer’s personal information that is disclosed via the RFID tags. Since the cashless payment system may be connected to credit card companies, close collaboration with these companies is necessary.
The pilot project should include testing of tags and readers to ensure functionality. The company must also determine how to place readers so they do not interfere with each other. More importantly, companies should exercise reasonable and appropriate efforts to secure RFID tags and readers to prevent unauthorized reading. Furthermore, companies should establish and maintain an information security program in keeping with the Security Safeguard Principle, whereby personal information shall be protected appropriate to the amount and sensitivity of the information stored on their system. Such a security program should include processes to identify reasonably foreseeable risks to the security and confidentiality of personal information and install blockages to deal with those risks. One preventative way to do this is to minimize the information stored on RFID tags themselves. For example, Vail ski resort wanted to embed its lift tickets with RFID technology. Rather than install gates to read high-frequency (HF) tags, as most other ski resorts have done, Vail opted for a pilot test of an ultrahigh-frequency system that was found to be less intrusive to the skiers’ identity and more cost effective for the company in the long run. Piloting the project is less intimidating and reduces costs by saving on large mistakes that could disrupt operations or potentially lead to a privacy lawsuit.
(GAO RFID, 2008, Gilbert, 2007; Lee et al, 2007; Officer of the Privacy Commissioner of Canada, 2008; Roberti, 2006; Treasury Board of Canada Secretariat, 2003)
3. Get employees onboard
According to the Openness Principle, an organization must disclose its policies and practices relating to the management of personal information. Therefore, it is necessary for organizations to educate employees about RFID technology, how it will aid their day-to-day operations (eg. better management of workflows), what information will be gathered and how that information will be used. It is important to outline the implications of RFID technology to the employees. By doing this, the organization will adhere to the Purpose Specification Principle where an organization should disclose the purposes of the data collection. Adequate training with specific guidelines should be provided by the top management of the organization, its suppliers and its RFID partners. To enhance employee acceptance of RFID, departments that will use the RFID equipment on a regular basis should have input with regards to RFID implementation. Furthermore, the organization should receive consent from the employees for the collection of personal information adhering to the Consent Principle. Through acceptance, employees will be more likely to promote RFID to customers.
Policies and procedures should be made to respect employee’s privacy. Employees must be told where every RFID tag and reader is located, the information that tag and reader collects, and what that information is used for. For example, RFID tags used in building access cards allow employers to have verification of employee entry and exit from the organization’s property. The readers can provide a clear description of the employees’ whereabouts including how much time they spend outside their designated work area. Although this information may be helpful to the company, RFID tags and readers may uncover personal errands which might be carried out during lunch or mandatory breaks, which is, in effect, none of the organization’s business. Therefore the company should allow the employee to temporarily deactivate the RFID tag during off hours and breaks. The organization should also provide the right to individual access, adhering to the Individual Access Principle whereby upon request, the employee can view his or her personal information. In addition to creating policies, organizations should update their employee manuals and agreements to reflect changes in the company practices.
(Cavoukian, 2004; Gilbert, 2007; Muir, 2007; Ngai & Gunasekaran, 2009; Office of the Privacy Commissioner of Canada, 2008; Pan, Pan & Devadoss, 2008; Roberti, 2006; Treasury Board of Canada Secretariat, 2003; Whitehouse & Ragus, 2006)
4. Notify consumers and identify the purposes of RFID
Consumers should be made aware when personal information is collected through an RFID system, which adheres to the Openness Principle. This can be accomplished through signage when entering a commercial or public environment where RFID technology is in use, through email to loyal customers, and through the company website. The consumers should also be notified prior to the completion of the transaction through which the good or service is obtained. It is important to inform consumers of the benefits and purposes for which the information is being used (Purpose Specification Principle) such as faster, more personalized service. Potential securities issues of RFID technology should be highlighted and ways to mitigate these risks should be suggested (Security Safeguards Principle).
Responsibility for providing notice remains with the organization having the direct relationship with the consumer. However, suppliers and RFID partners that have an indirect relationship with consumers should make sincere efforts to encourage the notification of consumers. The organization incorporating RFID systems within its products should give notice to its direct purchasers, and encourage that purchaser to give notice to their purchasers with the ultimate objective of giving the consumer accurate information regarding the use of RFID technology. Use of a recognized logo along with corresponding guidelines, would be one way to promote this notification. Furthermore, organizations should hold annual assessments to verify that the posted notices accurately reflect their information practices in regards to RFID practices.
RFID tags can be combined with other devices that collect or contain personal information, such as loyalty cards or driver’s licences. Once the information is collected, another company could reuse the information. For example, since RFID tags enable locating a person’s position inside a building and associating it with a database, a customer who returns to a hotel carrying a loyalty card that contains a tag, could be identified and recognized. Subsequently, targeted marketing or advertising paraphernalia could be presented to him or her.
Therefore, use of RFID technology should be as transparent as possible, and consumers should know about the implementation and use of any RFID technology in the business environment. A detailed privacy policy including the uses of the information should be written and available to all consumers.
(Cavoukian, 2004; CDT, 2006; GAO RFID, 2008; Lee, Lee &Kong, 2007; Whitehouse & Ragus, 2006; Office of the Privacy Commissioner of Canada, 2008; Treasury Board of Canada Secretariat, 2003)
5. Provide consumers with a choice and allow them the option to consent
Consumers should be offered a choice before the conclusion of the transaction so that they can make an informed decision with respect to the use of RFID technology. This choice should include an option to de-activate the tag. RFID tags that are not deactivated, disabled, or removed at the point of sale or point of issuance have the potential to allow the continued tracking of the customer when, for example, the customer returns to a hotel, visits other hotels in the chain or encounters anyone equipped with the RFID tag reader. In the retail environment, the consumer’s decision to deactivate the tag should not compromise the consumer's standard benefits (eg. the ability to return the item or benefit from a warranty) and should not result in any damage or defect to a product. The responsibility for providing choice lies with the organization having the direct relationship with the consumer. However, that organization should work closely with its suppliers and RFID partners to make sincere efforts to encourage consumer choice.
The Consent Principle states that the knowledge and consent of the individual are required for the collection, use, or disclosure of personal information. Rather than asking for a customer’s consent at the point of sale or point of issuance, the organization could employ an “Opt-In” program. For example, Germany’s largest retail chain, METRO AG, collects information from RFID tags only if a customer “opts-in” and asks to be included in programs that notify them about specials on products they frequently purchase.
(CASPIAN, 2003; Cavoukian, 2004; CDT, 2006; DCITA, 2006; Gilbert, 2007; Muta, 2006; Office of the privacy commissioner of Canada, 2008; Treasury Board of Canada Secratariat, 2003)
6. Provide customers with access to their personal information
Since location based services use, collect, or process personal information, consumers should be allowed access to that information and have the right to make changes to their personal account if the information is not accurate (Individual Access Principle). Access to personal information should be easily and readily available to the consumer. Methods of verification of identity would have to be implemented to reduce the risk of unauthorized access to personal or confidential data.
To exercise the full right of access, customers must know the scope of the collection taking place. In other words, there should be no hidden RFID tags or readers since it would be difficult for a consumer to request information about data gathered by a reader that is hidden.
(CDT, 2006; Gilbert, 2007; Office of the Privacy Commissioner of Canada, 2008; Pan, Pan & Devadoss, 2007; Treasury Board Of Canada Secretariat, 2003)
7. Limit data collection and retention
The Collection Limitation Principle requires limits to the gathering of personal information and the obtaining of any data with the knowledge or consent of the subject. Therefore, only the information required to complete the service should be obtained. The organization should therefore define what personal information is needed in order to provide the service. For example, to provide map information to an account executive organizing his or her sales class, the organization might need to know the type of the enquiry and the geographic location but would not need to know who placed the enquiry, from which wireless device or from which phone number. Furthermore, purchasing patterns and travel schedules are of great interest to advertisers. For those that have access to this information, clear guidelines should be written about the ability to use or not to use the information other than to fulfil the particular service.
The Limiting Use, Disclosure and Retention Principle states that personal information will not be used or disclosed for purposes other than those for the service. Therefore the information should be limited to the timeframe needed to complete the transaction or the service. However, longer retention may be needed due to rules set out by credit card companies. The organization must consider its data retention and destruction practices and should create written guidelines accordingly.
(CDT, 2006; DCITA, 2006; Gilbert, 2007; Muir 2007; Office of the Privacy Commissioner of Canada, 2008; Treasury Board of Canada Secretariat, 2003)
8. Ensure Quality and Accuracy of Data
An important part of the organizations requirement is that all tags and readers provide accurate data thereby complying with the Accuracy Principle that all personal information be as accurate, complete, and current as possible. Adequate employee training should ensure that there are sufficient processes and checks in place to make certain that all tags are read correctly. Included in training, reasonable steps should be written and conveyed to employees in order to prevent the damage or removal of the tag whether in transit or at a specific location. The percentage of underperforming tags ranges from 0% to19% with the roots cause being employee carelessness.
The EPC (Electronic Product Code) global standard specifies that tags must be equipped with at least one nullification function. This function, called the “kill command” disables the functionality of the tag after consumers purchase the product or when a defect is found causing inaccurate data. This “kill command” should be embedded in the RFID chip to use when required.
Quality of data is essential to guarantee quality of service. The organization should require that those who collect, maintain, use, disclose, or distribute information do so with care for the consumer. Inaccurate data could cause one consumer to pay for another consumer’s items, thereby accidentally exchanging personal information.
(Gilbert, 2007; Muir, 2007; Ohkubo, Suzuki & Kinoshita, 2005; Ngai & Gunasekaran, 2009; Office of the Privacy Commissioner of Canada, 2008; Treasury Board of Canada Secretariat, 2003)
9. Be accountable
The Accountability Principle ensures that someone in the organization be accountable for dealings with personal privacy. Therefore the organization should designate an individual or individuals to be accountable for the use of the RFID technology. Consumers and employees should know who this person is and how to contact him or her regarding questions, concerns and/or complaints. This person should also be contacted if consumers or employees would like to challenge compliance of the privacy principles (Challenging Compliance Principle). Furthermore, the individual accountable for privacy compliance should be involved in the design and deployment of the RFID system. This individual should be aware of all collections of personal information, subsequent uses of the information, retention and destruction of information. This individual may develop new procedures for unanticipated uses of RFID and create steps to deal with unauthorized uses of access.
Since the organization is responsible for the implementation of this technology and the associated data, the components of the RFID system must be labelled with the identity of the organization. Any data that is transferred to a third party should be protected by a contract that is in accordance with employee and consumer privacy protection.
(CASPIAN, 2003; Cavoukian, 2004; Office of the Privacy Commissioner of Canada, 2006; Treasury Board of Canada Secretariat, 2003)
10. Recognize that RFID technology will need to be upgraded
RFID technology, like other technologies is constantly being updated. Since the organization is likely to use RFID technology for compliance initiatives with its suppliers and to improve internal business processes, the organization must keep up to date with changing Global Standards and software/hardware technology. Academic institutions across the country are creating RFID labs and expanding research projects. Therefore, it is important to note that the relationships that the organization has with its RFID partners (suppliers, RFID manufacturers and RFID distributors) will become more critical as RFID acceptance grow. Furthermore, investing in advanced technology that protects personal privacy, although more costly in the present, will yield benefits in the long term with respect to customer satisfaction and compliance to potential RFID legislation.
(CDT, 2006; DCITA, 2006; GAO RFID Inc., 2008; Ngai & Gunasekaran, 2009; Ohkubo, Suzuki & Kinoshita, 2005; Roberti, 2009)
Conclusion
Organizations that provide full disclosure and put their employees and customers in control of their own privacy options increase trust in the business and in the ubiquitous commerce world as a whole. The 10 global best practices should be treated as guidelines to organizational deployment of RFID systems. RFID technology promises great benefits in various business sectors. This technology could lead to a total paradigm shift in the way consumer transactions occur. Ultimately, however, in order for organizations to implement RFID systems successfully, and for ubiquitous commerce to grow, those organizations must understand and adhere to its consumers concerns.
I'm new to H+Cafe and would love input from you on this report I compiled. I put this report together for my Safety and Security class as part of my MBA. Your thoughts, both positive and negative would be much appreciated:-)
Personal privacy infringment is a huge issue with respect to RFID technology. The best practices outlined below are guidelines for organizations that would like to implement RFID systems in thier workplace.
For those of you who have good knowledge about ubiquitous technology, specifically RFID systems, please skip the LONG introduction and move onto the Global Best Practicies (they are numbered from 1 to 10)
Also, there are citations but references are available upon request
Here it goes...
Abstract
Radiofrequency Identification (RFID) is a major component of a Ubiquitous city, where all information systems are linked through pervasive technology. As with many technologies, privacy infringement is a critical concern to both individuals and organizations. RFID technologies cause particular concern since they can allow large amounts of personal information to be collected in real-time regardless of one’s own approval. This report provides information on ubiquitous technologies and the emergence of ubiquitous cities, and focuses on the driving force of these cities: RFID. This report addresses the privacy risks of RFID technology, the current legislation and provides 10 global best practices for organizations considering RFID deployment. The global best practices encompass the universal principles of privacy.
Background on Ubiquitous Technology
The word "ubiquitous" can be defined as "existing or being everywhere at the same time” (ubiquitous, 2009). When applying this concept to technology, the term ubiquitous implies that technology is everywhere and we use it all the time. The term “ubiquitous computing” was coined by Mark Weiser at Xerox Palo Alto Research Center (PARC) to describe a vision of future technology that would be continuously available and would anticipate the user’s needs, even when the user was not explicitly aware of the technology (Weiser, 1991). In general, ubiquitous technology (also known as pervasive computing or location-aware technology) is the trend towards increasingly connected computing devices and is being brought about by a unification of advanced electronic and wireless technologies (Kumar & Chatterjee, 2005). Opposite of personal computers, pervasive computing devices are very small and are either mobile or embedded in many types of objects such as resort wristbands, employee badges, building access cards, clothing and even patient tracking in the healthcare sector (Cavoukian, 2004; Kumar & Chatterjee, 2005; Muta, 2006; Whitehouse & Ragus, 2006).
Ubiquitous computing technologies have been applied to many fields including public service, education, health, and travel and tourism (Cavoukian, 2004; Kim, Park & Jee, 2007; Lee, Lee & Kong, 2007; Muir, 2007; Muta, 2006; Roberti, 2009; Whitehouse & Ragus, 2006). For example, with respect to tourism, the city of Seoul has applied a U-tour portal system that provides information on restaurants, retails, accommodations, and the tourist attractions in the city to draw over 12 million tourists to Seoul by 2010. Visitors will be able to get access to the services by using their cellular phones (Lee et al., 2007).
The Ubiquitous city (U-City)
Recently, ubiquitous technologies are being combined within one city, making it possible to create a U-city. The U-city is a sophisticated and intelligent city where information can be easily exchanged among people, objects and environments inside the city based on the ubiquitous information network (Galloway, 2004; Lee, Lee & Kong, 2007; O’Connell, 2005). Songdo city, in Korea is an example of a U-city that is currently being developed as an International Business District (McKeough, 2009; Songdo, 2006). US based Gale international and Korean based Posco E&C have joined together the best international and local development capabilities to form a joint venture called New Songdo International City Development, LLC (NSIC) (McKeough, 2009; Songdo, 2006). NSIC aims to build a high quality international city where both Koreans and foreigners will want to visit, live and work. Gale is building a community where locals and visitors are connected to each other through pervasive technologies (Songdo, 2006). The city’s goal is to attract the best multinational companies and will consist of commercial space, residential space, retail, hospitality and school use (Songdo, 2006). Furthermore, Kangwon Province in Korea has started the U-Kangwon project to boost local economy with digitalized tourism services (Kim, 2008).
Radiofrequency Identification (RFID) Ubiquitous Technology
In a U-city, private information becomes readily available and therefore, personal privacy issues may be a serious security problem. Although the U-city phenomenon is initializing in Asian countries, technological components of the U-city are already present in Western countries. Radio Frequency Identification (RFID), for example, is used on the 407 Toll Route in Ontario, on product packages at Wal-Mart, and at ESSO Imperial Oil’s for its SpeedPass system (Cavoukian, 2004). RFID is perceived to be the backbone of the ubiquitous technology environment, in which information and communication flows everywhere, for everyone, at all times (Department of Communications, Information Technology and the Arts [DCITA], 2006; Gilbert, 2007; Kumar & Chatterjee, 2005; Ngai & Gunasekaran, 2009). RFID technologies can allow large amounts of private information to be collected in real-time regardless of one’s own approval (CASPIAN, 2003; Cavoukian, 2004; Center for Democracy and Technology [CDT], 2006; Lee, Lee & Kong, 2007). More specifically, by analyzing RFID information of a purchased item by individuals, one can learn about the individual’s pattern of expenditure, social status, current physical location and medical related information (Cavoukian, 2004; Lee, Lee & Kong, 2007; Lee et al., 2007; Whitehouse & Ragus, 2006). RFID technology has the potential to revolutionize the way goods and other objects are identified and tracked. It can improve business efficiency, reduce costs, and can make entirely new types of business possible (DCITA, 2006; Roberti, 2009; Whitehouse &Ragus, 2006).
RFID technology has been present for many decades with its origins traced back to radio transponders used to distinguish allied and enemy aircraft via radar during WWII (DCITA, 2006; Whitehouse & Ragus, 2006). Following the war, new applications were developed for RFID to track military equipment and personnel. RFID allows relatively large amounts of data to be associated with objects (or people) by attaching a tag to them. These tags contain a small integrated silicon chip which is electrically connected to an antenna. The tags can be “read” (data can be obtained) automatically via fixed or mobile readers. The RFID tag is read by a reader transmitting a radio frequency field and the tag reflecting a response back to a receiver in the reader. However, unlike a barcode, RFID operation does not need a line of sight, and tags can be read through certain materials. The data read from the tags are then processed by RFID software and can provide real time information about tagged items. The information can be analysed and instantly shared online within an organization or between organizations (Cavoukian, 2004; DCITA, 2006; Gilbert, 2007; Lee et al., 2007; Muir, 2007; Ngai & Gunasekaran, 2009; Pan, Pan & Devadoss, 2007).
RFID Privacy Concerns
While there are benefits of RFID, such as faster service and mass customization, some attributes of the technology could be deployed in ways that threaten privacy. For example,
• Hidden placement of tags: RFID tags can be embedded into/onto objects and documents
without the knowledge of the individual who obtains those items.
• Hidden readers: Tags can be read from a distance, not restricted to line of sight, by readers that can be integrated invisibly into nearly any environment. RFID readers have been embedded into floor tiles, woven into carpeting and hidden in doorways.
• Massive data aggregation: RFID deployment requires the creation of massive databases
containing data and could be linked with personal information.
• Individual tracking and profiling: If personal identity were linked with unique RFID tag numbers, individuals could be profiled and tracked without their knowledge or consent (CASPIAN, 2003; Cavoukian, 2004; Muir, 2007; Ngai & Gunasekaran, 2009; Officer of the Privacy Commissioner of Canada, 2008).
Benefits and concerns aside, RFID technology is growing and becoming more widely accepted. Therefore, organizations need a plan for implementation (DCITA, 2006; Gilbert, 2007; Lee et al., 2007; Whitehouse & Ragus, 2006).
Canadian Privacy Legislation
Currently, there are no specific requirements in Canada for organizations using RFID to inform their consumers and/or employees about the presence of RFID technology, its purpose, or how the information will be used. The RFID Right to Know Act was proposed by CASPIAN, a grass-roots association that is dedicated to protecting consumers from marketing strategies that invade consumer privacy. However, the law was not passed (RFID Right to Know Act, 2003). Despite this, if the organization is collecting personal information then privacy laws do apply (Office of the Privacy Commissioner of Canada, 2008; Treasury Board of Canada Secretariat, 2003). Generally, the principles contained in the Personal Information Protection and Electronic documents Act (PIPEDA) and the Privacy Act apply to organizations considering RFID implementation. In order to assuage privacy concerns and to follow the universal privacy principles, 10 global best practices are identified for organizations that choose to implement RFID technology in their place of business. The following privacy principles will be defined and incorporated in the Global Best Practices:
Security Safeguards Principle Openness Principle
Consent Principle Purpose specification Principle
Individual Access Principle Limiting Collection Principle
Limiting Retention Principle Data Accuracy Principle
Accountability Principle Challenging Compliance
(Officer of the Privacy commissioner of Canada, 2008; Treasury Board of Canada Secretariat, 2003).
TOP TEN GLOBAL BEST PRACTICES
1. Select the right partners
The first and most critical practice for organizations deciding to deploy RFID technology is to partner with trustworthy RFID manufacturers and their distributors and ensure that the organisation’s suppliers are committed to the project. Finding the most appropriate technological partners depends on considerations such as location, availability of personnel for technical difficulties, level of expertise, and cost. Most significantly, companies using RFID technology should ensure that their manufacturers address the privacy and security issues as part of the initial technological design. In other words, rather than retrofitting RFID systems to respond to privacy and security issues, which could be costly and time consuming, these issues should be embedded in the design. Due to this factor, due diligence in choosing partners should be requisite to deploying RFID technology.
Furthermore, the company’s current technologies must integrate with the RFID manufacturer’s technology. For example, Wal-Mart’s decision to partner with Zebra Technologies Corporation (a leading manufacturer of bar code and RFID smart labelling solutions), SAP (technology leader in business software solutions) and Peak Technologies (an international systems integrator of supply chain automation solutions) was based on the fact that its company was running SAP® software. Zebra RFID printers/encoders are already integrated with SAP, and Peak is a strong partner of both SAP and Zebra. A major problem in the hospitality industry is that many hotels operate legacy systems that are not currently compatible with today’s RFID solutions. These integration issues must be repaired in order for the hospitality sector to advance with RFID systems. With respect to suppliers, it is important that their technologies integrate with the organization’s and the manufacturer’s technologies to ensure smooth operation and accurate data transmission. RFID manufacturers and software companies, who may already work with key suppliers, can also assist companies with compliance mandates for their suppliers.
(Center for Democracy and Technology [CDT], 2006; DCITA, 2006;GAO RFID Inc, 2008; Lee et al., 2007; Muta, 2006; Roberti, 2009; Whitehouse & Ragus, 2006 )
2. Pilot the project
Once the company has its manufactures secured and its suppliers onboard, it is crucial to perform a pilot project. Depending on the type of business, this can be done in a variety of ways. For example, a resort can attempt a cashless payment system by providing select travelers (a focus group that is privy to the test) with RFID wristbands. Likewise, a gift shop can select two or three products, work closely with the suppliers and determine the extent of customer’s personal information that is disclosed via the RFID tags. Since the cashless payment system may be connected to credit card companies, close collaboration with these companies is necessary.
The pilot project should include testing of tags and readers to ensure functionality. The company must also determine how to place readers so they do not interfere with each other. More importantly, companies should exercise reasonable and appropriate efforts to secure RFID tags and readers to prevent unauthorized reading. Furthermore, companies should establish and maintain an information security program in keeping with the Security Safeguard Principle, whereby personal information shall be protected appropriate to the amount and sensitivity of the information stored on their system. Such a security program should include processes to identify reasonably foreseeable risks to the security and confidentiality of personal information and install blockages to deal with those risks. One preventative way to do this is to minimize the information stored on RFID tags themselves. For example, Vail ski resort wanted to embed its lift tickets with RFID technology. Rather than install gates to read high-frequency (HF) tags, as most other ski resorts have done, Vail opted for a pilot test of an ultrahigh-frequency system that was found to be less intrusive to the skiers’ identity and more cost effective for the company in the long run. Piloting the project is less intimidating and reduces costs by saving on large mistakes that could disrupt operations or potentially lead to a privacy lawsuit.
(GAO RFID, 2008, Gilbert, 2007; Lee et al, 2007; Officer of the Privacy Commissioner of Canada, 2008; Roberti, 2006; Treasury Board of Canada Secretariat, 2003)
3. Get employees onboard
According to the Openness Principle, an organization must disclose its policies and practices relating to the management of personal information. Therefore, it is necessary for organizations to educate employees about RFID technology, how it will aid their day-to-day operations (eg. better management of workflows), what information will be gathered and how that information will be used. It is important to outline the implications of RFID technology to the employees. By doing this, the organization will adhere to the Purpose Specification Principle where an organization should disclose the purposes of the data collection. Adequate training with specific guidelines should be provided by the top management of the organization, its suppliers and its RFID partners. To enhance employee acceptance of RFID, departments that will use the RFID equipment on a regular basis should have input with regards to RFID implementation. Furthermore, the organization should receive consent from the employees for the collection of personal information adhering to the Consent Principle. Through acceptance, employees will be more likely to promote RFID to customers.
Policies and procedures should be made to respect employee’s privacy. Employees must be told where every RFID tag and reader is located, the information that tag and reader collects, and what that information is used for. For example, RFID tags used in building access cards allow employers to have verification of employee entry and exit from the organization’s property. The readers can provide a clear description of the employees’ whereabouts including how much time they spend outside their designated work area. Although this information may be helpful to the company, RFID tags and readers may uncover personal errands which might be carried out during lunch or mandatory breaks, which is, in effect, none of the organization’s business. Therefore the company should allow the employee to temporarily deactivate the RFID tag during off hours and breaks. The organization should also provide the right to individual access, adhering to the Individual Access Principle whereby upon request, the employee can view his or her personal information. In addition to creating policies, organizations should update their employee manuals and agreements to reflect changes in the company practices.
(Cavoukian, 2004; Gilbert, 2007; Muir, 2007; Ngai & Gunasekaran, 2009; Office of the Privacy Commissioner of Canada, 2008; Pan, Pan & Devadoss, 2008; Roberti, 2006; Treasury Board of Canada Secretariat, 2003; Whitehouse & Ragus, 2006)
4. Notify consumers and identify the purposes of RFID
Consumers should be made aware when personal information is collected through an RFID system, which adheres to the Openness Principle. This can be accomplished through signage when entering a commercial or public environment where RFID technology is in use, through email to loyal customers, and through the company website. The consumers should also be notified prior to the completion of the transaction through which the good or service is obtained. It is important to inform consumers of the benefits and purposes for which the information is being used (Purpose Specification Principle) such as faster, more personalized service. Potential securities issues of RFID technology should be highlighted and ways to mitigate these risks should be suggested (Security Safeguards Principle).
Responsibility for providing notice remains with the organization having the direct relationship with the consumer. However, suppliers and RFID partners that have an indirect relationship with consumers should make sincere efforts to encourage the notification of consumers. The organization incorporating RFID systems within its products should give notice to its direct purchasers, and encourage that purchaser to give notice to their purchasers with the ultimate objective of giving the consumer accurate information regarding the use of RFID technology. Use of a recognized logo along with corresponding guidelines, would be one way to promote this notification. Furthermore, organizations should hold annual assessments to verify that the posted notices accurately reflect their information practices in regards to RFID practices.
RFID tags can be combined with other devices that collect or contain personal information, such as loyalty cards or driver’s licences. Once the information is collected, another company could reuse the information. For example, since RFID tags enable locating a person’s position inside a building and associating it with a database, a customer who returns to a hotel carrying a loyalty card that contains a tag, could be identified and recognized. Subsequently, targeted marketing or advertising paraphernalia could be presented to him or her.
Therefore, use of RFID technology should be as transparent as possible, and consumers should know about the implementation and use of any RFID technology in the business environment. A detailed privacy policy including the uses of the information should be written and available to all consumers.
(Cavoukian, 2004; CDT, 2006; GAO RFID, 2008; Lee, Lee &Kong, 2007; Whitehouse & Ragus, 2006; Office of the Privacy Commissioner of Canada, 2008; Treasury Board of Canada Secretariat, 2003)
5. Provide consumers with a choice and allow them the option to consent
Consumers should be offered a choice before the conclusion of the transaction so that they can make an informed decision with respect to the use of RFID technology. This choice should include an option to de-activate the tag. RFID tags that are not deactivated, disabled, or removed at the point of sale or point of issuance have the potential to allow the continued tracking of the customer when, for example, the customer returns to a hotel, visits other hotels in the chain or encounters anyone equipped with the RFID tag reader. In the retail environment, the consumer’s decision to deactivate the tag should not compromise the consumer's standard benefits (eg. the ability to return the item or benefit from a warranty) and should not result in any damage or defect to a product. The responsibility for providing choice lies with the organization having the direct relationship with the consumer. However, that organization should work closely with its suppliers and RFID partners to make sincere efforts to encourage consumer choice.
The Consent Principle states that the knowledge and consent of the individual are required for the collection, use, or disclosure of personal information. Rather than asking for a customer’s consent at the point of sale or point of issuance, the organization could employ an “Opt-In” program. For example, Germany’s largest retail chain, METRO AG, collects information from RFID tags only if a customer “opts-in” and asks to be included in programs that notify them about specials on products they frequently purchase.
(CASPIAN, 2003; Cavoukian, 2004; CDT, 2006; DCITA, 2006; Gilbert, 2007; Muta, 2006; Office of the privacy commissioner of Canada, 2008; Treasury Board of Canada Secratariat, 2003)
6. Provide customers with access to their personal information
Since location based services use, collect, or process personal information, consumers should be allowed access to that information and have the right to make changes to their personal account if the information is not accurate (Individual Access Principle). Access to personal information should be easily and readily available to the consumer. Methods of verification of identity would have to be implemented to reduce the risk of unauthorized access to personal or confidential data.
To exercise the full right of access, customers must know the scope of the collection taking place. In other words, there should be no hidden RFID tags or readers since it would be difficult for a consumer to request information about data gathered by a reader that is hidden.
(CDT, 2006; Gilbert, 2007; Office of the Privacy Commissioner of Canada, 2008; Pan, Pan & Devadoss, 2007; Treasury Board Of Canada Secretariat, 2003)
7. Limit data collection and retention
The Collection Limitation Principle requires limits to the gathering of personal information and the obtaining of any data with the knowledge or consent of the subject. Therefore, only the information required to complete the service should be obtained. The organization should therefore define what personal information is needed in order to provide the service. For example, to provide map information to an account executive organizing his or her sales class, the organization might need to know the type of the enquiry and the geographic location but would not need to know who placed the enquiry, from which wireless device or from which phone number. Furthermore, purchasing patterns and travel schedules are of great interest to advertisers. For those that have access to this information, clear guidelines should be written about the ability to use or not to use the information other than to fulfil the particular service.
The Limiting Use, Disclosure and Retention Principle states that personal information will not be used or disclosed for purposes other than those for the service. Therefore the information should be limited to the timeframe needed to complete the transaction or the service. However, longer retention may be needed due to rules set out by credit card companies. The organization must consider its data retention and destruction practices and should create written guidelines accordingly.
(CDT, 2006; DCITA, 2006; Gilbert, 2007; Muir 2007; Office of the Privacy Commissioner of Canada, 2008; Treasury Board of Canada Secretariat, 2003)
8. Ensure Quality and Accuracy of Data
An important part of the organizations requirement is that all tags and readers provide accurate data thereby complying with the Accuracy Principle that all personal information be as accurate, complete, and current as possible. Adequate employee training should ensure that there are sufficient processes and checks in place to make certain that all tags are read correctly. Included in training, reasonable steps should be written and conveyed to employees in order to prevent the damage or removal of the tag whether in transit or at a specific location. The percentage of underperforming tags ranges from 0% to19% with the roots cause being employee carelessness.
The EPC (Electronic Product Code) global standard specifies that tags must be equipped with at least one nullification function. This function, called the “kill command” disables the functionality of the tag after consumers purchase the product or when a defect is found causing inaccurate data. This “kill command” should be embedded in the RFID chip to use when required.
Quality of data is essential to guarantee quality of service. The organization should require that those who collect, maintain, use, disclose, or distribute information do so with care for the consumer. Inaccurate data could cause one consumer to pay for another consumer’s items, thereby accidentally exchanging personal information.
(Gilbert, 2007; Muir, 2007; Ohkubo, Suzuki & Kinoshita, 2005; Ngai & Gunasekaran, 2009; Office of the Privacy Commissioner of Canada, 2008; Treasury Board of Canada Secretariat, 2003)
9. Be accountable
The Accountability Principle ensures that someone in the organization be accountable for dealings with personal privacy. Therefore the organization should designate an individual or individuals to be accountable for the use of the RFID technology. Consumers and employees should know who this person is and how to contact him or her regarding questions, concerns and/or complaints. This person should also be contacted if consumers or employees would like to challenge compliance of the privacy principles (Challenging Compliance Principle). Furthermore, the individual accountable for privacy compliance should be involved in the design and deployment of the RFID system. This individual should be aware of all collections of personal information, subsequent uses of the information, retention and destruction of information. This individual may develop new procedures for unanticipated uses of RFID and create steps to deal with unauthorized uses of access.
Since the organization is responsible for the implementation of this technology and the associated data, the components of the RFID system must be labelled with the identity of the organization. Any data that is transferred to a third party should be protected by a contract that is in accordance with employee and consumer privacy protection.
(CASPIAN, 2003; Cavoukian, 2004; Office of the Privacy Commissioner of Canada, 2006; Treasury Board of Canada Secretariat, 2003)
10. Recognize that RFID technology will need to be upgraded
RFID technology, like other technologies is constantly being updated. Since the organization is likely to use RFID technology for compliance initiatives with its suppliers and to improve internal business processes, the organization must keep up to date with changing Global Standards and software/hardware technology. Academic institutions across the country are creating RFID labs and expanding research projects. Therefore, it is important to note that the relationships that the organization has with its RFID partners (suppliers, RFID manufacturers and RFID distributors) will become more critical as RFID acceptance grow. Furthermore, investing in advanced technology that protects personal privacy, although more costly in the present, will yield benefits in the long term with respect to customer satisfaction and compliance to potential RFID legislation.
(CDT, 2006; DCITA, 2006; GAO RFID Inc., 2008; Ngai & Gunasekaran, 2009; Ohkubo, Suzuki & Kinoshita, 2005; Roberti, 2009)
Conclusion
Organizations that provide full disclosure and put their employees and customers in control of their own privacy options increase trust in the business and in the ubiquitous commerce world as a whole. The 10 global best practices should be treated as guidelines to organizational deployment of RFID systems. RFID technology promises great benefits in various business sectors. This technology could lead to a total paradigm shift in the way consumer transactions occur. Ultimately, however, in order for organizations to implement RFID systems successfully, and for ubiquitous commerce to grow, those organizations must understand and adhere to its consumers concerns.
Comment
About
ShoutBox:
Vast and Infinite
Singularity Institute Blog
© 2010 Created by Chris Williamson on Ning. Create a Ning Network!
You need to be a member of H+ Cafe to add comments!
Join H+ Cafe