What does it cost
EN 16571 is the European RFID Privacy Impact Assessment best practice standard that is the result of the European Commission mandate on RFID privacy. It is the result of years of work to address RFID privacy in a balanced manner.
Below we compare different ways to comply with EN 16571. Leverage the CNRFID-CSL EN 16571 expertise to produce a fully compliant cost effective Privacy Impact Assessment and provide with confidence the required information to your users.
|USE THE CNRFID-CSL SOFTWARE||USE THE CNRFID-CSL SOFTWARE + CONSULTING SERVICE||DO IT ALL YOURSELF||HIRE AN EXTERNAL CONSULTANT|
|Purchase EN 16571||Only if you need all the background details||Only if you need all the background details||Required||Only if you need all the background details|
|Read and understand EN 16571||Not necessary||Not necessary||Requires days to understand the 103 page document||No – but make sure the consultant understands EN 16571|
|Create spreadsheet or database to record decisions||Not necessary||Not necessary||Requires days||Probably still requires some internal document|
|Identify assets and data types||You select from lists provided by the software||You select from lists provided by the software||You have to identify these yourself||You might still need to provide this data to the consultant|
|Identify threats and vulnerabilities and assess the initial risks||The software does this automatically based on the RFID technology that you use||The software does this automatically based on the RFID technology that you use||You have to identify these yourself||The consultant will do this, but might not understand all the RFID technologies|
|Determine the Level of PIA required||The software does this automatically||The software does this automatically||You have to do this yourself||The consultant should do this|
|Identify the countermeasures||The software does this automatically, you just identify those that you apply||The software does this automatically, you just identify those that you apply||You have to identify these yourself||You have to do this with the consultant, because many countermeasures need your input|
|Calculate the residual risk||The software does this automatically||The software does this automatically||You do the calculation||The consultant should do this|
|Complete the PIA report||Created by the software from all the previous decisions||Created by the software from all the previous decisions||You have to develop the structure||The consultant might have a template|
|Complete the PIA summary||Created by the software from all the previous decisions||Created by the software from all the previous decisions||You have to develop the structure||The consultant might have a template|
|Monitor ongoing developments of threats, vulnerabilities, and countermeasures||We will continually research this and provide you with updates||We will continually research this and provide you with updates||Good luck!||There might be an added charge|
|Specific advice to improve the privacy of your RFID application||Sorry this is not included in the basic package||Provided as a off-site mentoring & consulting service||None||There might be an added charge|
|Review of your PIA prior to submission to a DPA||Sorry this is not included in the basic package||Provided as a off-site mentoring & consulting service||None||There might be an added charge|
|Privacy of your Privacy Impact Assessment data||We do not see any details of your RFID PIA, as it all resides on your computer system||We only see your PIA under strict non-disclosure agreements||It all belongs to you||Make sure you have a non-disclosure agreement|
|What does it cost?||Starting from 800€ for 2 users for a single application (1)||Starting from 2500€ for the consulting (2) and the software||Only you can work out how much effort and skills are required||When the EU started work on RFID privacy there were estimates of 10000€|
(1) Additional costs are: 50€ for each additional user, 200€ for each additional RFID application. Annual renewal is 20% of the previous year’s listed price.
(2) This covers a total of one day’s consulting plus half a day for reviewing the completed PIA. Additional consulting may be purchased on a day basis at 1200€.