Privacy Advisor

Ontario's Privacy Chief Issues RFID Privacy Guidelines

August 1, 2006

Dr. Ann Cavoukian, Ontario's Information and Privacy Commissioner, this summer issued a report, "Privacy Guidelines for RFID Information Systems."

The document is intended to serve as privacy "best practices" for organizations designing and operating Radio Frequency Identification (RFID) information technologies and systems. Cavoukian has a mandate to educate the public and address privacy questions raised by new information technologies with a view to encouraging effective solutions. The guidelines were developed with industry and other stakeholders.

"We recognize that RFID tags are becoming more prevalent in our everyday lives, and offer many benefits and conveniences, such as from security access cards to ignition immobilizers to highway toll systems and other electronic pass systems," according to the report.

The report notes that RFID use in the supply chain process poses little threat to privacy because the tags are not linked to any individual.

"RFID tags, when linked to personally identifiable information, present the prospect of privacy-invasive practices relating to the tracking and surveillance of one's activities," according to the report. "The goal of these guidelines is to alleviate the privacy-related concerns associated with such data linkages, while increasing the openness and transparency associated with RFID systems."

The guidelines are comprised of accountability; identifying purposes for collection or linkage to personal information; consent; limiting collection; limiting use, disclosure and retention; accuracy; safeguards; openness; individual access; and challenging compliance.