1 / 11

RFID & Privacy Ottawa Wireless Cluster 10 November 2005

RFID & Privacy Ottawa Wireless Cluster 10 November 2005. Privacy Applies. Tags transmit identifying information when read Privacy laws apply to this data. What Bothers People. Profile Creation - linking RFID data (time, product type) to an identity.

gella
Download Presentation

RFID & Privacy Ottawa Wireless Cluster 10 November 2005

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RFID & PrivacyOttawa Wireless Cluster10 November 2005

  2. Privacy Applies • Tags transmit identifying information when read • Privacy laws apply to this data

  3. What Bothers People • Profile Creation - linking RFID data (time, product type) to an identity. • Location Tracking – physically having/wearing RFID tags maps location.

  4. What Privacy Laws? • Canada • PIPEDA • PIPAs (BC/AB) • QC • European Union (25 MS) • Australia • Japan

  5. Legal Requirements = Operational Issues • Legal requirements associated with personal information protection • Transparency • RFID data management/record retention • Consent • Security • Requirements • Inform individuals of the presence of RFID-like or activated RFID readers. • Identify the existence of RFIDs surrounding an individual • Inform individuals as to the activability or the real time activation of RFIDs

  6. Legal Developments • Japan/South Korea/Italy • Guidelines issued • California • Identity Information Protection Act of 2005 (SB682): Shelved until Jan 06

  7. Technical Compliance • Possible technical implications • How to provide notice; • How to ensure de-activate function is triggered at specific times (e.g. EPCglobal’s specs call for passive tags designed to respond to a password-protected command to disable itself.) • Consider RFID architectures • allow tags to emit series of random pseudonyms as opposed to a unique ID or “deserialize” RFID tags; or • strip out unique identifiers; keep only generic descriptions.

  8. Conclusion • Generally, comply with applicable data protection laws • Tags not ubiquitous yet so longer term issue (5-7 years) • Have adequate information security andinformation management policies and procedures to keep personal data secure; • Notify individuals of when and how their data may be collected and processed; • Allow individuals to disenable tags if they wish.

  9. If You’re Interested…

  10. Postscript: Privacy Newsletterhttp://www.gowlings.com/resources/newsletters.asp

  11. Thank youmichael.power@gowlings.com

More Related