Privacy Starts Now for Supply Chain: IBM

By D'Anne Hotchkiss, Editor -- RFID News & Solutions, 6/15/2005

Those in the supply chain need to begin understanding privacy laws and consumer privacy concerns. And, from manufacturer through retailer, they need to start now. Doing so helps companies protect customers’ trust while using RFID technology to its best advantage. So says Cal Slemp, III, vice president of security and privacy services for IBM.

His remarks came in an interview following an IBM announcement that IBM has formed an RFID privacy consulting practice.

“Operations people today need to be aware there is a sensitivity not only on the part of the consumer, but reflected in law. Information that is personally identifiableneeds to be handled in a precise way and they need to think through what information they want to capture, what information should be on the tag, and make conscious decisions,” Slemp advises.

“You don’t ban technology, you ban bad behavior,” says Marc-Anthony Signorino.

He is the American Electronic Association’s counsel and director of technology policy, a high-tech advocacy association. Recently he helped defeat legislation in New Mexico mandating removal or disablement of all RFID tags at point of purchase, and in California, prohibiting use of RFID chips in all documents issued by governmental bodies in the state, including government employee security access cards.

“Americans really don’t care if people know our information, we’ll give it up for a free can of Coke, but the minute the government might be looking at you, there’s concern about ‘big brother’ and we don’t like that. In England, they trust the government but they don’t want businesses to know who they are,” notes Signorino.

As Dana Blankenhorn wrote in his column, “The World of Always-On” in the November/December 2004 issue, “privacy advocates fear RFID…And all this because we have yet to enshrine in our law the simple, easy-to-understand principle that the data you create belongs to you, and no one gets it without your consent.”

The answer is to institute best practices, Signorino says, such as access controls to the databases where information obtained from RFID chips is stored. “What matters is how you share the information and how it flows.”