IBM Addresses RFID Privacy
Page 1 of 1
Radio frequency identification (RFID) technology promises to speed supply chain operations by automating the tracking of goods. But its potential to track people has privacy advocates crying foul.
IBM's privacy practice, launched on Tuesday, aims to help businesses avoid privacy fallout.
RFID uses electronic tags for storing data and identifying items. On Tuesday, IBM launched an RFID privacy consulting practice to help its clients take advantage of RFID while maintaining their customers privacy.
"RFID is a mechanism to capture information, so the issue becomes, 'What information are people capturing?'" said Cal Slemp, vice president of security and privacy services for IBM Global Services. "Are they sensitive to what they're capturing? Are they also sensitive to regulations around the world?"
IBM broadened its security practice to include privacy seven years ago; the company has a chief privacy officer and about 3,500 specialists in offices around the world. Practitioners provide information on local and international privacy laws, as well as the principles of the Organisation for Economic Co-operation and Development.
Now, the privacy practice specifically includes an RFID component, which is offered to customers as an option during RFID engagements.
IBM Global Services RFID clients don't see grave risks to privacy, Slemp said, but most are aware of the issues. Sometimes, organizations start gathering data through techniques like RFID, but they haven't thought of all the things they're capturing," Slemp said.
The privacy practice will help them plan and be conscious of the effects of tracking goods on those who ultimately buy those goods.
A privacy engagement might include assessment, design and implementation of RFID technology in a way that maximizes consumer privacy. Consultants also will help develop corporate policies and design principles for RFID, as well as communication, employee education and awareness programs.
Slemp said the RFID privacy issue is especially acute for global companies, because laws and standards differ from country to country.
"Engagements use our understanding of legislation around the world to create privacy policies that conform to those laws, as well as a set of practices to conform to the corporate policy," he said.
Privacy advocates have warned against the indiscriminate use of the tracking technology. The California State Senate held hearings on whether attaching RFID tags to consumer goods could invade citizens privacy. Last year, the Center for Democracy and Technology and the American Civil Liberties Union recommended national legislation.
Slemp said IBM prefers industry self-policing to legislation.
"In situations where RFID tagging might be advantageous, we'd like to work with industry to make sure we're doing the right things," he said.
IBM will participate in legislative fact-finding and hearings, he said, and, if laws are passed, the privacy practice will help customers make sure they stay within those laws.
One effort that could ease concerns is implementing methods to block or kill tags at the point of sale. IBM also has a lab in Zurich working on kill technology.
In September 004, IBM began a major push into RFID, saying it would spend $250 million in the next year and a half to become a major player.
As another part of this initiative, Big Blue said today that it would move into the RFID tag printer business. It will offer the Infoprint 6700 R40, an RFID-capable printer that also can produce traditional bar codes. The dual-purpose printer is designed to help smaller and mid-sized companies make the transition from bar codes to RFID.
Besides printing the actual tag-embedded labels, the printer can transmit supply chain information to a company's network to update the status of inventory, shipping and tracking details. The printer flags faulty tags as they pass through it.