The reading notes record thoughts from things I read. 這網誌是我的一些閱讀後的思考和摘要記錄。My website 我的網頁:

Symposium on RFID

I attended the Wireless and Mobile Symposium in July 2004 and picked the sessions on RFID and personal data privacy.

There are two sessions on RFID, one by Dr. CY Lee of HKUST and the other by Brian Eccles of IBM. Both are heavily dosed on the value of RFID on the supply chain, logistics management and inventory control. Personal data privacy was only briefly mentioned. In fact, Brian Eccles remarked that he was surprised at the little concern on the personal data privacy aspect on RFID in Asia, which was a hot debate topic in USA. Dr. Lee just mentioned that privacy concern, together with security and data integrity, would be an obstacle for RFID. Brian Eccles went a little deeper on the need of a privacy policy. His view on privacy was not on human right, but as an issue on the smooth implementation of RFID. Proposed considerations included transparancy on the use of RFID, use of killer switch for goods sold, data not kept without user knowledge, and not to use RFID in conjunction with spying.

Another session was delivered by Tony Lam, DC of PCO. Personal data privacy is his profession. He highlighted the use of RFID and LBS (location-based system) and their privacy concern: threat of building an individual movement profile, threat of being monitored and the potential loss of anonymity. Some guidelines to be proposed are: inform customers about the collection and use of such information, provide an opportunity to opt-out, ensure the security of information collected, provide uniform rules and privacy expectations.

The threats are real. Such information are actually those wanted by employers. They may want to have a movement profile of staff, monitor staff activities and know who is doing what, all for justified and good management of the organization. HR managers and IT managers will be asked to do just that. The proposed PCO guidelines will be a good basis on what we should bear in mind in developing the privacy policy and good privacy practices for the organization.