Just as many businesses begin to seriously consider RFID (Radio Frequency IDentification) implementations, so too is the United States government. And perhaps just like your company, privacy issues are not high on the radar screen of many federal agencies evaluating RFID—and that's a big mistake, concludes a recent report by the Government Accountability Office.
Only one of twenty-three agencies polled by the GAO identified legal or privacy issues on their lists of implementation issues. “The use of the technology, however, raises several security and privacy considerations that may affect federal agencies’ decisions to implement the technology,” The GAO report said. “Key security issues include protecting the confidentiality, integrity, and availability of the data and information systems. The privacy issues include notifying consumers; tracking an individual’s movements.”
Those concerns can be addressed using tools and practices including “existing and proposed information security technologies and practices, and other practices required by law.”
Not all RFID technologies are created equally, however. The GAO said such concerns were lessened when devices were used simply to track pallets. But when RFID is to be used to track people—as three government agencies propose to do—the privacy risks increase dramatically. "Consumers have raised concerns about whether certain collected data might reveal personal information such as medical predispositions or personal health histories and that the use of this information could result in denial of insurance coverage or employment to the individual," the report said.
This report, in .pdf format, provides good background reading for both executives and IT professionals who are looking at adopting RFID technologies in the future.