Title: On considering enforcement while establishing RFID privacy policies

Authors: Shi-Cho Cha; Ya-Ping Fu; Ren-Ting Ku; Hao-Ping Lin

Addresses: Department of Information Management, National Taiwan University of Science and Technology, No. 43, Sec. 4, Keelung Rd., Da an Dist., Taipei City 106, Taiwan. ' Department of Information Management, National Taiwan University of Science and Technology, No. 43, Sec. 4, Keelung Rd., Da an Dist., Taipei City 106, Taiwan. ' Department of Information Management, National Taiwan University of Science and Technology, No. 43, Sec. 4, Keelung Rd., Da an Dist., Taipei City 106, Taiwan. ' Department of Information Management, National Taiwan University of Science and Technology, No. 43, Sec. 4, Keelung Rd., Da an Dist., Taipei City 106, Taiwan

Abstract: To enable users to know privacy practices about RFID applications, several consumer protection groups and authorities in different countries request RFID application providers to publish their privacy policies. Although several guidelines outline the primary components of privacy policies, few guideline addresses how RFID application providers can establish privacy policies. This work proposes a scheme, which is adopted by the RFID applications for campus security and safety enhancement project in Taiwan, to help RFID application providers establish RFID privacy policies in consideration of enforcement of the policies. By using the proposed scheme, RFID application providers can clarify privacy practices for their applications in RFID privacy policies and communicate these policies with application users. Moreover, application providers can provide evidence to third parties trusted by both application providers and users to ensure that the application providers follow their disclosed policies. As more and more countries have started requesting that RFID application providers publish their privacy policies, this work will help countries develop guidelines and regulations for RFID application providers to establish application-based privacy policies.

Keywords: radio frequency identification; RFID privacy policy; privacy impact analysis; campus security; safety enhancement; Taiwan; trust; trustworthiness.

DOI: 10.1504/IJIPSI.2012.046134

International Journal of Information Privacy, Security and Integrity, 2012 Vol.1 No.2/3, pp.234 - 252

Available online: 21 Mar 2012 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article