[LINK] RFID Tagging of Children

Karl Auer kauer at biplane.com.au
Mon Oct 23 00:55:56 AEST 2006 

> a) Organisation A - is running a large event with minors (mainly under 
> 18) (no parents, only supervisors)
> b) Organisation A - wants efficient system to ensure its duty of care 
> obligations are met
> In particular
> - Ensuring all Minors go and return from various day events
> - Ensuring "correct" parents pick up minors
> Also, system required to
> - Ensure food rations supplied
> - Any special dietary requirements noted and observed
> - Able to look up any health needs in case of emergency.
> 
> Our customer wanted to supply RFID tags to the minors for the duration 
> of the event.
> Would anyone have any issues in this provided the principles outlines in:
> http://www.privacy.gov.au/news/media/03_17.html
> were followed?

I have problems with the fact that there are only four principles, and
with their specificity. They appear to be the minimal set everyone could
agree on. I think there are several additional principles that should be
followed (you will note that there is nothing RFID-specific here):

- the source of data collected about a person must be noted and
maintained with the data itself.

- a mechanism to inform people about changes in the data held about them
must be implemented and people must be informed about its existence, so
that they can request it be used in their case.

- data relating to a person, including the source of the data, must be
made available to that person on request or when it changes (see above).

- corrections to data relating to a person must be accepted from that
person and actioned as soon as reasonably possible

- data relating to a person must be accessible to the smallest
reasonable number of administrators

- the holder of data relating to a person should be responsible in law
for its accuracy, including consequential damages arising from
inaccuracy.

- failing to destroy data when its purpose is served and transferring
data to third parties not involved in the purpose for which the data was
collected should be a criminal (NOT merely a civil) offence.

Relating to the system you described, some comments:

1: Data should encrypted in storage. Loss of storage to theft or
whatever does not expose the data.

2: Any network transfers of the data should also be encrypted, so that
data is not exposed in transit.

3: In many cases, not all data needs to be exposed to an operator or
administrator. For example, for ensuring that minors come to and retrn
from events, only an exception report is needed, and that needs to show
only identity - not, for example, dietary requirements.

4: While linking the data to identity is needed at the time the data is
collected, it is NOT needed at most other times. For example, at
mealtimes the person with the right number gets the special dish - there
is no need for him/her to reveal his/her identity. If there is any
actual physical risk (allergies etc) then you have the same data
integrity issues as in the next point.

5: For emergencies, you have huge problems of data integrity - how
exactly will these RFID chips be physically associated with particular
people? How do you know that the tag matches the kid - hasn't been
swapped or whatever? And what about the right of these kids to disable
or destroy the RFID chip (as given in the fourth Conference principle)?

6: In the unlikely event that the RFID tags themselves contain data,
what mechanisms are likely to exist to provide for the deletion of data
from the tags (fourth principle again).

I would see a BIG risk at this event of deliberate attempts to get
around the system, and a BIG risk that the response would be to fall
back to a lower-tech system in cases of doubt. I see no real benefit
here for RFID over a simple printed plastic card.

> As a parent, would you object to this?

If I could not see that the data would be protected and later destroyed,
I would have problems with it, yes.

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
http://www.biplane.com.au/~kauer/                  +61-428-957160 (mob)

More information about the Link mailing list