[LINK] RFID Tagging of Children

Geoffrey Ramadan gramadan at umd.com.au
Tue Oct 24 23:53:08 AEST 2006 

Karl Auer wrote:
>> a) Organisation A - is running a large event with minors (mainly under 
>> 18) (no parents, only supervisors)
>> b) Organisation A - wants efficient system to ensure its duty of care 
>> obligations are met
>> In particular
>> - Ensuring all Minors go and return from various day events
>> - Ensuring "correct" parents pick up minors
>> Also, system required to
>> - Ensure food rations supplied
>> - Any special dietary requirements noted and observed
>> - Able to look up any health needs in case of emergency.
>>
>> Our customer wanted to supply RFID tags to the minors for the duration 
>> of the event.
>> Would anyone have any issues in this provided the principles outlines in:
>> http://www.privacy.gov.au/news/media/03_17.html
>> were followed?
>>     
>
> I have problems with the fact that there are only four principles, and
> with their specificity. They appear to be the minimal set everyone could
> agree on. I think there are several additional principles that should be
> followed (you will note that there is nothing RFID-specific here):
>
> - the source of data collected about a person must be noted and
> maintained with the data itself.
>
> - a mechanism to inform people about changes in the data held about them
> must be implemented and people must be informed about its existence, so
> that they can request it be used in their case.
>
> - data relating to a person, including the source of the data, must be
> made available to that person on request or when it changes (see above).
>
> - corrections to data relating to a person must be accepted from that
> person and actioned as soon as reasonably possible
>
> - data relating to a person must be accessible to the smallest
> reasonable number of administrators
>
> - the holder of data relating to a person should be responsible in law
> for its accuracy, including consequential damages arising from
> inaccuracy.
>   
How does this work in this case, where the actual data is entered by the 
participants (via web)
> - failing to destroy data when its purpose is served and transferring
> data to third parties not involved in the purpose for which the data was
> collected should be a criminal (NOT merely a civil) offence.
>   
As they are collecting personal information, I would assume that they 
would also be subject to the normal privacy laws and would need to 
include an appropriate statement which would cover these aspects.

In regards to the RFID guidelines, these would be in additional to such 
privacy statement and would not need to be regurgitated. However, in  
our guideline will will probably make reference to it to remind them of 
such points.


> Relating to the system you described, some comments:
>
> 1: Data should encrypted in storage. Loss of storage to theft or
> whatever does not expose the data.
>
> 2: Any network transfers of the data should also be encrypted, so that
> data is not exposed in transit.
>
> 3: In many cases, not all data needs to be exposed to an operator or
> administrator. For example, for ensuring that minors come to and retrn
> from events, only an exception report is needed, and that needs to show
> only identity - not, for example, dietary requirements.
>
> 4: While linking the data to identity is needed at the time the data is
> collected, it is NOT needed at most other times. For example, at
> mealtimes the person with the right number gets the special dish - there
> is no need for him/her to reveal his/her identity. If there is any
> actual physical risk (allergies etc) then you have the same data
> integrity issues as in the next point.
>
> 5: For emergencies, you have huge problems of data integrity - how
> exactly will these RFID chips be physically associated with particular
> people? 
Was thinking of a waterproof wristband they would wear all the time.

> How do you know that the tag matches the kid - hasn't been
> swapped or whatever? 
You don't. You minimise the risk by having it been worn all the time. 
Also if this was real issue, you could include a photograph in the 
database.

He also has a name, which others around him hopefully also know.

> And what about the right of these kids to disable
> or destroy the RFID chip (as given in the fourth Conference principle)?
>   
The principle applies to the "end of use" of the tag... not during. At 
the end of the conference,  which concludes the purpose for which the 
RFID tag and data was collected, the wristband would be returned.
> 6: In the unlikely event that the RFID tags themselves contain data,
> what mechanisms are likely to exist to provide for the deletion of data
> from the tags (fourth principle again).
>   
The tag only has a ID number.
> I would see a BIG risk at this event of deliberate attempts to get
> around the system, and a BIG risk that the response would be to fall
> back to a lower-tech system in cases of doubt. I see no real benefit
> here for RFID over a simple printed plastic card.
>   
No really, as you can easily loose, misplace or forget the plastic card.

The key purpose of using RFID is simply one of efficiency. You can 
process lots of people very quickly.


>   
>> As a parent, would you object to this?
>>     
>
> If I could not see that the data would be protected and later destroyed,
> I would have problems with it, yes.
>   
Would it be fair to say that in this case that your concerns revolve 
more around the data collected and its policy, more so than the RFID tag 
itself.

Reg

Geoffrey Ramadan B.E.(Elec)
Chairman, Automatic Data Capture Association (www.adca.com.au)
and
Managing Director, Unique Micro Design (www.umd.com.au)



> Regards, K.
>
>

More information about the Link mailing list