Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www.ipc.on.ca How Privacy Could Affect the Future Roll-Out of RFIDs: Take Note Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Symposium.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Www.ipc.on.ca How Privacy Could Affect the Future Roll-Out of RFIDs: Take Note Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Symposium."— Presentation transcript:

1 www.ipc.on.ca How Privacy Could Affect the Future Roll-Out of RFIDs: Take Note Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Symposium on Supply Chain Management September 30, 2004

2 www.ipc.on.ca Slide 2 Just What is an RFID?  Radio Frequency Identification (RFID)  Generic term for technologies that use radio waves to automatically identify individual items

3 www.ipc.on.ca Slide 3 RFIDs and Supply Chain Management  Products are embedded with an RFID tag, which includes a microchip and tiny radio antenna  The microchip may contain data about the product, including a unique identifier called an Electronic Product Code (EPC)  Cases and pallets of products may also include their own RFID tags

4 www.ipc.on.ca Slide 4 RFID Readers  RFID readers at various points in the supply chain (e.g., factory loading docks) “wake up” the tags, which transmit the EPC and other data to the readers at a short distance (passive RFIDs)

5 www.ipc.on.ca Slide 5 Benefits of RFIDs  RFID technology offers benefits for supply chain management: More efficient management and tracking of goods and inventory Reduced labour costs (e.g., no manual scanning of individual items is required)

6 www.ipc.on.ca Slide 6 EPCglobal  Non-profit organization that is leading the development of industry standards for the Electronic Product Code (EPC), including the use of RFID technology  Public Policy Steering Committee is responsible for setting privacy standards

7 www.ipc.on.ca Slide 7 Privacy and RFIDs  RFID tags contain information about a product, not an individual (e.g., EPC, price, size, colour, manufacture date, etc.)  But many consumers perceive a threat to privacy

8 www.ipc.on.ca Slide 8 Consumer Perceptions  Consumers perceive that RFIDs may facilitate: The merger and linking of product information and personal information without consent The ability to track consumers who have purchased a product The establishment of a widespread surveillance infrastructure

9 www.ipc.on.ca Slide 9 Implementing RFIDs  A failure to build privacy into the design and implementation of RFIDs can produce a consumer backlash  This can have an adverse impact on a company’s reputation and affect the bottom line

10 www.ipc.on.ca Slide 10 Consumer Backlash  How real is this?  Could privacy truly affect the roll-out of RFIDs?

11 www.ipc.on.ca Slide 11 Benetton  Italian clothier Benetton sparked a furor after it announced plans to implant RFID tags in its apparel (April 2003)  Public opposition forced the company to cancel its plans

12 www.ipc.on.ca Slide 12 Gillette: Keeping “Tags” on Customers  Privacy groups threatened a consumer boycott after the media reported that Gillette was testing a “smart shelf” at a Tesco store in the U.K., possibly for theft detection purposes (July 2003)  RFID tags embedded in Gillette razor packages triggered CCTV cameras that took a picture of a customer both when he or she removed a package from the shelf and at the check-out

13 www.ipc.on.ca Slide 13 Metro AG  Metro AG, a German company, announced plans to start using RFID chips in supermarket loyalty cards in one store  The purpose of this initiative was supposedly to allow the store to verify the age of shoppers wanting to view DVD movie trailers  Metro AG abandoned its plans after protests from privacy groups (March 2004)

14 www.ipc.on.ca Slide 14 Checkpoint: Tracking Individual Items  Checkpoint Systems Inc. announced earlier this month that it has developed new RFID solutions for tracking individual consumer items  CASPIAN, a U.S.-based consumer rights group, claimed that: Checkpoint was developing RFID “spychips” for three well-known clothing labels Consumers wearing the tagged clothing could potentially be identified and tracked by readers

15 www.ipc.on.ca Slide 15 Get Ready for a Good Fight  Checkpoint senior executive: “These RFID applications are prototype designs to demonstrate how the technology will fulfill a customer’s need for greater information and stock availability …”  CASPIAN: “[We] will be working with consumers on an aggressive response to this privacy threat. Roll up your sleeves and get ready for a good fight.”

16 www.ipc.on.ca Slide 16 Information Privacy Defined  Information Privacy/Data Protection Freedom of choice; control; informational self-determination Personal control over the collection, use and disclosure of any recorded information about an identifiable individual

17 www.ipc.on.ca Slide 17 Fair Information Practices: A Brief History  OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data  EU Directive on Data Protection  CSA Model Code for the Protection of Personal Information  Personal Information Protection and Electronic Documents Act (Canada)

18 www.ipc.on.ca Slide 18 Summary of Fair Information Practices  Accountability  Identifying Purposes  Consent  Limiting Collection  Limiting Use, Disclosure, Retention  Accuracy  Safeguards  Openness  Individual Access  Challenging Compliance

19 www.ipc.on.ca Slide 19 Federal Private-Sector Privacy Legislation  Personal Information Protection and Electronic Documents Act (PIPEDA)  Applies to personal information collected, used or disclosed in the course of commercial activities by all: federally regulated organizations and provincially regulated organizations, unless a substantially similar provincial privacy law is in force

20 www.ipc.on.ca Slide 20 Provincial Private-Sector Privacy Laws Québec: Act respecting the protection of personal information in the private sector B.C.: Personal Information Protection Act Alberta: Personal Information Protection Act Ontario: draft Privacy of Personal Information Act, 2002 – not introduced…so PIPEDA applies

21 www.ipc.on.ca Slide 21 How The Public Divides on Privacy The “Privacy Dynamic” - BattleDr. Alan Westin for the minds of the pragmatists

22 www.ipc.on.ca Slide 22 Importance of Consumer Trust  In the post-9/11 world: Consumers either as concerned or more concerned about online privacy Concerns focused on the business use of personal information, not new government surveillance powers  If consumers have confidence in a company’s privacy practices, they are more likely to: Increase volume of business with company……....91% Increase frequency of business……………….…...90% Stop doing business with company if PI misused…83% Harris/Westin Poll, Nov. 2001 & Feb. 2002

23 www.ipc.on.ca Slide 23 Damage Caused by Privacy Breaches  The Information Security Forum reported that a company’s privacy breaches can cause major damage to brand and reputation: 25% of companies surveyed experienced some adverse publicity due to privacy 1 in 10 had experienced civil litigation, lost business or broken contracts Robust privacy policies and staff training were viewed as keys to avoiding privacy problems The Information Security Forum, July 7, 2004

24 www.ipc.on.ca Slide 24 Building Privacy Safeguards into RFIDs  RFIDs will continue to produce a consumer backlash unless both RFID manufacturers and business users adopt privacy safeguards  Privacy is not a concern at most stages of the supply chain (e.g., tracking items in a warehouse)  However, privacy concerns are triggered at the point when a consumer comes into contact with a product with an RFID tag

25 www.ipc.on.ca Slide 25 The Privacy Solution  RFID tags should be de-activated at the point of sale  De-activation should be the default  Customers should be able to choose to have an RFID tag re-activated

26 www.ipc.on.ca Slide 26 Openness and Transparency  Businesses should be open and transparent with consumers about the use of RFID tags and readers  If RFIDs are embedded in a product that makes its way to the retail shelf, proper notice should be provided to consumers

27 www.ipc.on.ca Slide 27 Notice  Notice must be conspicuous to the consumer and explain what an RFID is in plain language (not technical language)  It must explain where RFIDs are being used and for what purposes  Proper notice could be in the form of signs, labels, brochures, etc.

28 www.ipc.on.ca Slide 28 Choice  Potential reasons for RFID tag re-activation: Facilitating product returns and warranty servicing Facilitating recovery of lost or stolen products to consumer Enabling interaction with “smart” appliances  Consumers should have the choice to have an RFID tag re-activated without cost

29 www.ipc.on.ca Slide 29 Use Limitation  Personal information must not be used for purposes other than those for which it was collected, except with the consent of the individual or as required by law

30 www.ipc.on.ca Slide 30 Consent  A business must not merge or link a consumer’s personal information with RFID information about a specific purchased product, without that individual’s knowledge and consent  Consent must be voluntary and informed, which means that the individual understands the nature and consequences of providing or withholding consent

31 www.ipc.on.ca Slide 31 Challenging Compliance  A business should have a clear process in place for resolving privacy complaints from its customers about RFIDs  A business’s chief privacy officer (CPO) and other privacy compliance staff must be key players in the design and launch of any RFID initiative

32 www.ipc.on.ca Slide 32 Staff Education and Training  Both managers and frontline employees must be provided with privacy training that includes information about RFIDs  They must be trained to provide clear, honest and informed answers to customers who have privacy concerns about the tracking potential of RFID tags

33 www.ipc.on.ca Slide 33 To Find out More …  The Information and Privacy Commissioner of Ontario has published two RFID papers: Tag, You’re It: Privacy Implications of Radio Frequency Identification (RFID) Technology (February 2004) www.ipc.on.ca/docs/rfid.pdf Guidelines for Using RFID Tags in Ontario Public Libraries (June 2004) www.ipc.on.ca/docs/rfid-lib.pdf

34 www.ipc.on.ca Slide 34 Final Thought “Anyone today who thinks the privacy issue has peaked is greatly mistaken…we are in the early stages of a sweeping change in attitudes that will fuel political battles and put once-routine business practices under the microscope.” Forrester Research, March 5, 2001

35 www.ipc.on.ca How to Contact Us Commissioner Ann Cavoukian Information & Privacy Commissioner/Ontario 2 Bloor Street East, Suite 1400 Toronto, Ontario M4W 1A8 Phone: (416) 326-3333 Web: www.ipc.on.ca E-mail: commissioner@ipc.on.ca

Download ppt "Www.ipc.on.ca How Privacy Could Affect the Future Roll-Out of RFIDs: Take Note Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Symposium."

Similar presentations

Office of the Information and Privacy Commissioner, Ontario, Canada

Office of the Information and Privacy Commissioner, Ontario, Canada
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
Www.ipc.on.ca National Security in a Post-9/11 World: The Rise of Surveillance, … the Demise of Privacy? Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario.

National Security in a Post-9/11 World: The Rise of Surveillance, … the Demise of Privacy? Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario.
PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.

PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.
Express Stores Reducing Shoplifting. The Problem What can Express #892 do to reduce shoplifting?

Express Stores Reducing Shoplifting. The Problem What can Express #892 do to reduce shoplifting?
RFID The consumers’ scenarios Emilie Barrau ANEC General Assembly Brussels 1 June 2007.

RFID The consumers’ scenarios Emilie Barrau ANEC General Assembly Brussels 1 June 2007.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
Www.ipc.on.ca The Privacy Imperative: Go Beyond Compliance to Competitive Advantage Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Bell.

The Privacy Imperative: Go Beyond Compliance to Competitive Advantage Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Bell.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
1 Ann Cavoukian, Ph.D. Information and Privacy Commissioner/Ontario Go Beyond Compliance to Competitive Advantage: Good Privacy is Good Business DaimlerChrysler.

1 Ann Cavoukian, Ph.D. Information and Privacy Commissioner/Ontario Go Beyond Compliance to Competitive Advantage: Good Privacy is Good Business DaimlerChrysler.
© 2003 IBM Corporation Privacy 12 th CACR Workshop Yim Y. Chan Chief Privacy Officer & CIO IBM Canada Ltd. w3.ibm.com/Privacy.

© 2003 IBM Corporation Privacy 12 th CACR Workshop Yim Y. Chan Chief Privacy Officer & CIO IBM Canada Ltd. w3.ibm.com/Privacy.
Groups 23 & 24. What is it? Radio frequency identification Small electronic device consisting of a microchip or antenna containing up to 2 KB of data.

Groups 23 & 24. What is it? Radio frequency identification Small electronic device consisting of a microchip or antenna containing up to 2 KB of data.
Seamless Customer Experience: What Will It Take? Offering Security and Privacy Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario The Access.

Seamless Customer Experience: What Will It Take? Offering Security and Privacy Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario The Access.
Information and Privacy Commissioner/Ontario, © 2005 Go Beyond Compliance to Competitive Advantage Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario.

Information and Privacy Commissioner/Ontario, © 2005 Go Beyond Compliance to Competitive Advantage Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario.
Www.ipc.on.ca Preserving Privacy in a Security-Centric World Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Canadian Information Processing.

Preserving Privacy in a Security-Centric World Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Canadian Information Processing.
The Consumer World of. You’ve seen it before…  Books  Digital Media  Computer Hardware  Other high value items.

The Consumer World of. You’ve seen it before…  Books  Digital Media  Computer Hardware  Other high value items.
Privacy in Ontario Brian Beamish Office of the Information and Privacy Commissioner/Ontario Presentation to Security Canada Central 2002 International.

Privacy in Ontario Brian Beamish Office of the Information and Privacy Commissioner/Ontario Presentation to Security Canada Central 2002 International.
Www.ipc.on.ca Biometrics & the Privacy Paradigm: Separating Fact from Fiction Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Security.

Biometrics & the Privacy Paradigm: Separating Fact from Fiction Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Security.
1 Privacy by Design: Don’t Make Privacy An Afterthought – Build It In Convergence Expo 2005 Calgary, Alberta May 17, 2005 Ann Cavoukian, Ph.D. Information.

1 Privacy by Design: Don’t Make Privacy An Afterthought – Build It In Convergence Expo 2005 Calgary, Alberta May 17, 2005 Ann Cavoukian, Ph.D. Information.
R adio F requency Id entification Ta’Tyana McElroy Jeffrey Tuma.

R adio F requency Id entification Ta’Tyana McElroy Jeffrey Tuma.

Similar presentations

Ads by Google