ASSA ABLOY’s ITG Releases Best Practices for Keeping RFID Private

ORLANDO, Fla.

In an attempt to combat critics and government legislation
aimed against RFID technology, the ASSA ABLOY
Identification Technology Group (ITG) has released a set of
best practices it says can be used to ensure privacy
protection for radio frequency identification (RFID) users.
The set of guidelines for those that install and used RFID
products was announced at the ASIS Int’l Seminar and
Exhibits in Orlando, Fla.

The guidelines come as 12 state legislatures are considering legislation concerning RFID products. Among those is a bill before the California legislature that would put a three-year moratorium on the use of RFID technology in health cards, driver’s licenses, and library and school cards. After passing the state’s senate, that bill has stalled in an Assembly committee and won’t be reconsidered until it returns from recess in January 2006.

“We were taken aback that RFID was blanketed as something high risk to privacy,” Denis Hebert – president of smart-card maker HID and co-CEO of ITG – told Security Sales & Integration. “Security and privacy are not mutually exclusive. There needs to be a balance.”

Hebert cited the incident in California that sparked the state’s RFID bill – where a school put RFID tags on student cards and detectors in student bathrooms without informing students or their parents – as a reason why the industry needs to educate the public on how to ensure privacy when instituting RFID security. “That was not an RFID problem, that was an application problem,” Hebert says.

Among the eight best practices announced by ITG, which it encouraged its buyers to follow, were the following:

  • Support of industry best practices through self-regulation, certifications and other methods for protecting the security of personally identifiable information and other private data. These practices should be auditable and enforceable.
  • Implementation of security for personally identifiable user information with protection that is proportional to threats to that data.
  • Personal data stored on products are recommended to be subject to review by the user upon request.
  • Products not intended to be used for sharing any personally identifiable information.
  • ITG considers responsible use of its products to include only the collection of necessary personally identifiable information.
  • ITG products or services not to be used to track any person without their knowledge and consent.
  • Recommends people be made aware of and consent to the use of an RFID tag on any product or personal effect.
  • ITG will provide upon request consumer education concerning its products.

Also at the Sept. 12 announcement at the ASIS expo, ITG announced it will be holding an RFID Privacy Summit on the week of Nov. 27 in San Francisco. Representatives from public entities, legislatures and the American Civil Liberties Union (ACLU) have been invited to meet with industry leaders at the summit to find common ground concerning RFID and privacy.

“We need to lift up the curtain and create transparency,” said ITG company Indala’s president, Marc Freundich, to SSI. “It’s time to put everything on the table and have a discussion about it.”

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Security Is Our Business, Too

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.

A FREE subscription to the top resource for security and integration industry will prove to be invaluable.

Subscribe Today!

Get Our Newsletters