response mechanism

Wal-Mart's RFID Tags: A Privacy Expert's View

Posted by Barry Silverstein on August 9, 2010 12:00 PM

Our recent post on Wal-Mart's use of RFID tags for inventory control drew an interesting response from a privacy expert.

Richard Raysman, privacy and IP attorney for law firm Holland & Knight in New York, tells us that the tags, while initially applied to inventory control, could become "a legitimate privacy concern" when they become commonly used.

His reasoning: "the tags can be matched to personal information. Once the RFID technology is generally available, new applications will be developed which could extend to personal information."

Raysman adds that RFID technology can ultimately be used to track customers' purchases via shopper loyalty/rewards programs.

"This tracking could raise serious privacy concerns since many purchases are very private to the consumer. For example, prescription medicines can reveal the existence of certain embarrassing diseases — this is the type of information that is considered highly private under the HIPAA laws."

Raysman adds, "With respect to RFID, there are instances of nursing homes being able to track their patients with RFID technology, which seems like a noble cause for Alzheimer's patients. However, some of these institutions can then expand this use in the future so that their employees can also be tracked as well as patients. This would then be a very intrusive application for employees who can be tracked, even if they go to the bathroom."

The same privacy concerns hold true of online shopping, says Raysman. "Personal preferences, which are very private, can be identified. Much personal information outside financial and health information is not covered by any privacy laws. To an extent that is good, because overwhelming privacy laws would affect the ability to easily conduct business on the Internet. But the issue is, when does disclosure of private information cross over the line?"

We're interested in hearing what you think on the subject — post a comment below.

More about: ,


george ganak United States says:

Suppose that only works for folks paying cash?  Any using a credit/debit card can be tracked and traced.  So instead of a UPC bar code, which can also be tracked and traced by reading the cash register receipt... What is the hang up? pRFID tags contain no personal information until you relate it to a point of sales transaction.  Shame on the retail store owners if they don't provide the right level of security at cash register.  It is not the tags.

August 9, 2010 02:12 PM #

Barry United States says:

Thanks for the comment, George. It is true the RFID tags themselves do not contain personal information. However, I think attorney Raysman's point is that as the technology becomes more commonplace, retailers will figure out ways to draw a connection between tags and consumers, especially if those consumers use loyalty cards. Some retailers will no doubt be better than others in protecting shoppers' personal information, but it still could be a concern for consumers who don't like the idea of having their transactions tracked.

August 9, 2010 05:41 PM #

Robert Bagwell United States says:

It's a bad assumption to assume that RFID tags don't contain PII.  In fact an EPC tag can be considered PII because it's possible to link the tag via a data base directly to an individual.  It's more of a stretch to consider an IP address PII because there is no way to authenticate the user of the PC always but many legislative groups are now considering an IP address to be PII.  

Think about the definition of PII.  An RFID tag must be considered PII.

August 10, 2010 10:07 AM #

lucy chronicles United States says:

Does WalMart or anybody really need to know and track my Tampon preference bought along w/ Chocolate, Mexican meats for my spoiled furkids (tripe, chicken gizzards, beef liver) target ammo (usually the only ammo they have!) and cheap vitamins - bought w/ cash or not?  Come on....

August 11, 2010 02:55 AM #

LeChat United States says:

Everyone needs to assume responsibility for his own privacy. If you worry about being put in a database for buying something at Wal-Mart, pay cash. Find out where the RFID tags are and remove them. Don't have a cell phone unless you really need it. If you do have a cell phone, keep the battery out until you have occasion to use it. Wear broad-brimmed hats to defeat overhead video cameras. Don't get on Facebook, Myspace, or Twitter.
Security is as much an attitude as a way of life.

August 11, 2010 06:16 AM #

Bob Blackhat United States says:

It has been proven time and time again by security experts that RFID is not a secure place to store data, yet it seems we have it in US passports with PI.  Guess what, those passports have been hacked, and cloned.  There is ongoing competition amongst security professionals to see who can sniff RFID data from the furthest distance.  If you don't think RFID usage will move beyond tracking Cheerios, think again.  It is also used for toll road payment in your car, and an RFID that is implantable in humans was developed a number of years ago and is on the market.  Don't get me wrong, I think RFID is a great technology, but people often integrate new technologies without considering its impact on information security.

RFID tags are capable of storing much more information than a UPC barcode and the data can be read from much further away.  Great for tracking inventory, not so great for storing ANY personally identifiable information.

August 11, 2010 06:20 AM #

Ted Williams United States says:

You poor Chicken Little souls.  I always say, if you've got a lot to hide, then you should be worried about people tracking your life.  To date, RFID tags store an number similar to a car icense plate...and nothing more.  Now, if you can hack into Wal-Mart's database to understand what that number relates to....well, now you have some real juicy data...Calvin Klein underwear!!!  Jackpot!  My suggestion is that all of you privacy folks get rid of your cars, computers, credit cards and shack up somewhere in upstate Michigan.  You all deserve each other.

August 11, 2010 09:35 AM #

Scott Hoffmann United States says:

@Ted Williams:

That argument "why worry about privacy if you have nothing to hide" is misleading.

I assume that you wear clothing. If you truly have "nothing to hide" why do you bother wearing clothes??

So, given that you value your own privacy enough to wear clothing. Why denigrate others who may value privacy in other aspects of their personal lives?

If someone does not wish to broadcast their shopping habits to a roving RF reader, that is their right and privilege.

Generally, no one is harmed by the private affairs of others.

Yes, I know you can conjure lots of reasons for government and law enforcement to collect the information "just in case". Crime has been fought very successfully without such tools in the past, so why waste the time and money now?

August 11, 2010 11:15 AM #

Ted Williams United States says:

Nice analogy Scotty.  I hide my privates so as not to offend someone, so call me a prude, but not a privacy advocate.  I do, however believe that we should have our privacy.  However, to claim that an RFID tag is the beginning of the end of our privacy is just so alarmist.  If you'll remember back in the 70"s, Phil Donahue said the same thing about the bar code...even claimed it contained the dreaded 666 in it!  You fringe/conspiracy folks need to take major chill pill.  All retailers want with this is to make sure the right product is in the right stores at the right time...plain and simple.  If you don't want to be read, kill the tag, your credit cards, your internet connection, etc.

August 12, 2010 12:43 PM #

Dan United States says:

Does anyone think privacy really exists? I can cite many examples to show you that it does not. Companies do go under, and what do you think happens to all those customer records and files? Right, sold at auction along with the filing cabinet, or on a PC with a password taped to it Smile .

August 11, 2010 11:32 AM #

LiveFreeor United States says:

Very few Americans understand or appreciate liberty any more.  As long as we have our bread and circuses (and drugs), we think we are content.  We are like dumb sheep.  Our shepherd may as well be Satan, given the current morality of our Federal Government.  A "good" shepherd always wants to know where his sheep are!

August 11, 2010 11:32 AM #

Liber Tarian United States says:

The "nothing to hide" so "why should I worry" argument of Ted Williams, is naive and foolish.  You should protect your privacy, Mr Williams, because YOU are NOT the DECIDER of whether you've got "something to hide."  Somebody ELSE will make that decision, and regardless of what you are "not hiding," you can/will be prosecuted for what the Decider THINKS you are hiding.  You are not in control of your life anymore.  The 4th Amendment is stone, cold dead in America.

August 11, 2010 11:43 AM #

Ted Williams United States says:

...hey Mr. Tea Partyer (I assume).  My suggestion is that you unplug from this cold dead society in American.

August 12, 2010 12:35 PM #

LiveFreeor United States says:

"Hush now baby, baby, don't you cry
Momma's gonna make all of your nightmares come true
Momma's gonna put all of her fears into you
Momma's gonna keep you right here under her wing
She won't let you fly, but she might let you sing
Momma's will keep Baby cozy and warm
Oooo Babe
Oooo Babe
Ooo Babe, of course Momma's gonna help build the wall"  

August 11, 2010 12:23 PM #

1-stop United States says:

The way to go in the future is cash (while that still is an option), or creating multiple pseudonym identites (there are ways to create them) to use on the cards so there will be no identity to trace. Perhaps someone will invent RFID 'countermeasures' chips for consumers that can be attached to products you buy, so that info about you is blocked before being recorded.

August 11, 2010 12:24 PM #

ted roosevelt United States says:

see chips on web
chips in computers?
rumour: put item in m.wave to m.wave/wreck chip.
or remove it.
Are there now chips in computers etc. to i.d. the person who buys it?

August 11, 2010 01:15 PM #

kfreed United States says:

I'm not so much worried about the inventory tracking uses or companies snooping on what I buy. Ultimately my purchasing decisions are not guided by marketing efforts directed toward me based on personal preferences. I understand that signing up for a Safeway discount card allows Safeway to track my purchases at the supermarket and I don't much care about it... at the grocery store.

However, I am very concerned about personal and financial information being stored on RFID chips implanted in credit cards or ID cards and drivers licenses. As technology progresses so do the possibilities for abuse. I have zero faith in corporate America protecting my privacy judging by the prevalence of identity theft as it is now.

August 16, 2010 07:02 PM #

kfreed United States says:

P.S. I can also say that I won't be purchasing products with RFID chips implanted in them directly. If I can't leave the chip at the store, then no sale. The solution seems to be to use removable tags. If a truck with RFID tagged merchandise can be tracked along a shipping route, then I guess the jeans I'd be wearing or that box of cereal can also be tracked if RFID readers become a commonplace addition to our environment... it might not be a concrn at this precise moment, but I'd rather not go down that path.

August 16, 2010 07:10 PM #

Comments are closed

elsewhere on brandchannel

1 2 3 4 5 6 7 8 9
brandcameo2014 Product Placement Awards
Apple loses its crown to a new #1
Coca-ColaIt's the Journey That Matters:
Coca-Cola Opens Up With Story-Based Web Refresh
debateJoin the Debate
Is product placement a waste of money?
Arthur Chinski and Joshua Mizrahi
Model Behavior? Brands Beware
U.S. Legal Changes Impact Use of Brand Ambassadors
paperCorporate Citizenship in Canada
Fresh thinking from Interbrand
Sheryl Connelly
Sheryl Connelly

Meet Ford's Resident Futurist
Highlighting the Present—and Future—of Branding in Latin America and Iberia