[LINK] RFID guide launch - the report link

Jan Whitaker jwhit at melbpc.org.au
Mon Jul 31 13:32:04 AEST 2006 

From: Fwd: [highered_update] Higher Education Update - an EdNA Online 
newsletter,  Issue 22 2006  ISSN 1449-0552

>Coonan Launches RFID Guide
>http://www.computerworld.com.au/index.php/id;497073536;fp;16;fpid;0
>The Minister for the Department of Information Technology,
>Communications and the Arts, Senator Helen Coonan used her opening
>address at the GSI Impetus 2006 conference in Melbourne this week to
>launch a guide to RFID adoption for Australian business. GS1 Australia
>allocates barcodes and numbering systems for e-commerce, promoting
>international standards for item identification, data capture and data
>synchronization with trading partners via the GS1 pool. The guide is at
>http://tinyurl.com/zfkny.
>Computerworld, 27 July 2006

I think it's interesting that DCITA is preparing reports to promote a 
specific business technology like this. Why? Is there a revenue generation 
from the licensed spectrum assigned?

from the report:

PRIVACY
Perhaps the biggest issue of a public policy nature associated with the 
growing use of RFID technology is privacy. There is concern in some 
quarters that the monitoring capabilities of RFID tags will be used to 
invade the privacy of individuals. The possibility of an RFID tag on a 
consumer item being used to track the movements of an individual subsequent 
to a purchase, for example, has generated discussion. This concern may be 
especially significant if that tracking information can be associated with 
identity and credit card details, or other personal information.

It is often suggested that RFID technology is ‘unregulated’, meaning that 
there are no restrictions on the use of RFID to invade the privacy of 
individuals or misuse personal information. While there is no specific 
privacy regulation of RFID systems by governments in Australia, there is 
general legislation applying to all forms of business including the 
commercial use of RFID.

For example, the Commonwealth Privacy Act 1988 sets out 10 National Privacy 
Principles (NPPs), which place obligations on many businesses in relation 
to how they collect, handle, store, use and disclose personal information. 
The NPPs have general applicability to businesses with a turnover of more 
than $3 million per annum. Businesses
with a lesser turnover are generally exempt from the NPPs, with the 
exception of health service providers and some others.6

Businesses can address the privacy concerns that arise in connection with 
RFID technology by considering the privacy implications early. One example 
is through the use of a privacy impact assessment process. If there is any 
potential to link RFID data to information that may identify an individual, 
or in some other way link RFID data to individuals (including staff and 
customers), then there are likely to be privacy implications that will 
require careful consideration.7

Privacy commissioners from around the world have recommended that basic 
principles of privacy law be adopted when designing, implementing and using 
RFID technology. These include the following:
• RFID tags should only be linked to personal information or used to 
profile customers if there is no other way of achieving the goal sought;
• individuals should be fully informed if personal information is collected 
using RFID tags;
• personal information collected using RFID tags should only be used for 
the specific purpose for which it is first collected, and destroyed after 
that purpose is achieved; and
• individuals should be able to disable or destroy any RFID tag that they 
have in their possession.

As noted, the spectrum licensing arrangements by ACMA for RFID equipment 
specify the power at which equipment can be used, and as a consequence the 
read range. This effectively prevents the tracking of tags and the objects 
or people carrying them over wide areas.

In addition, the Trade Practices Act 1974 regulates the potential use of 
unfair practices by traders, some of which may involve the abuse of RFID 
technology.

The prospect of widespread item-level tagging in the retail sector appears 
to be a source of concern from the point of view of customers being unaware 
that items they are carrying around may be subject to tracking. Based on 
current market and technology trends, large scale item-level tagging in the 
retail sector in Australia is still some years away, but businesses looking 
to adopt RFID technology need to be aware that these issues and concerns 
exist and need to be addressed.

An indication of the types of issue of concern to privacy advocate groups 
can be found on the website of the Electronic Privacy Information Center 
(www.epic.org/privacy/rfid).

footnotes:
6 For more information on the coverage of the Privacy Act, see Information 
Sheet 12 on the Office of the Privacy Commissioner’s website 
(www.privacy.gov.au/publications).
7 Standards body GS1 Australia in conjunction with the Australian Retailers 
Association is currently developing a privacy code of practice for RFID use 
in the Australian retail industry. EPCglobal has also published privacy 
principles. More information is available from the website of GS1 Australia 
(www.gs1au.org).



Jan Whitaker
JLWhitaker Associates, Melbourne Victoria
jwhit at janwhitaker.com
business: http://www.janwhitaker.com
personal: http://www.janwhitaker.com/personal/
commentary: http://janwhitaker.com/jansblog/

'Seed planting is often the most important step. Without the seed, there is 
no plant.' - JW, April 2005
_ __________________ _

More information about the Link mailing list