An Exciting New Service
Do you know that there are new European Standards that define rules for undertaking an RFID privacy impact assessment (PIA), and for notifying users that RFID data capture is taking place? Are you aware that the new European General Data Protection Regulation (GDPR) will call for privacy impact assessments to be undertaken?
CNRFID (the French National RFID Center) has partnered with Convergent Software Ltd to develop and market RFID Privacy Impact Assessment software. The European Commission has made it clear that the scope of the RFID PIA covers all radio frequency technologies, including smart cards and contactless payment using RF frequencies.
The European Standard EN 16571, Information technology – RFID privacy impact assessment process, has to be published by European Standards bodies by the end of December. So far 20 countries have published the standard in their choice of English, French or German. The standard defines a process that should be implemented by organisations that operate RFID applications in Europe. The core to the process is a risk assessment based on the particular RFID technology being used in an application. The quantified risk assessment comprises:
1) identifying and assigning values to data on the RFID tag and application associated with an individual’s privacy;
2) identifying threats to the RFID system and providing a means of assessing the threat level;
3) identifying vulnerabilities and enumerating the associated risk levels;
4) arriving at an initial risk level, before considering any countermeasures;
5) considering the countermeasures that can be used to reduce the threat level, which results in the residual risks associated with each asset in the RFID application.
We have launched of a website entirely devoted to the European Union’s work on RFID privacy: www.rfid-pia-en16571.eu. The website and future newsletters will keep you informed of the developments about the RFID PIA process and other relevant information. The website is open to anyone and will be progressively populated with documents that may be downloaded.
The software that we are launching will eventually cover all RFID technologies, but we are starting with the most commonly used protocols. If you operate an RFID system, visit the website to learn more and see how we can help you achieve high standards of governance of your RFID application.
If you are a vendor of RFID products and solutions, or just providing advice about RFID, you might still need to know about this new RFID PIA approach.
We have sent this newsletter to people that are not based in Europe. You might think that this is not relevant to you either because you do not operate in Europe, or don’t have a requirement for undertaking an RFID PIA. The standard is European, but the issue of RFID privacy is universal. So keep
Future newsletters will come to you with the logo above, and will provide on-going advice about the RFID PIA process, together with relevant news items that you are unlikely to get from a single source. You won’t be bombarded with newsletters. We plan to publish a newsletter every few weeks, so look out for the distinctive logo in a few weeks.
As we are concerned about promoting privacy for RFID applications, we need to follow that same principle for the new e-mail newsletter. French law also requires this. So if you want to opt-out of receiving further e-mails about RFID PIA then you can unsubscribe here. Please note you are unsubscribing to the RFID Privacy Impact Assessment newsletter and not any other newsletter from CNRFID or Convergent Software.
In case you don’t want to receive a regular newsletter, but still want to keep in touch with developments, then bookmark the www.rfid-pia-en16571.eu website. It already has a wealth of information and more will follow over the next few weeks and months.