New EN 16571 – RFID Privacy Assessment

Back in 2009, the European Commission mandated the preparation of privacy impact assessments (PIA’s) for devices using RFID (Radio-frequency identification).  And as I learned from the news coverage of the latest hacker conventions, it’s becoming clear that as RFID applications expand into personal devices, privacy concerns are going to only increase.  So we’re pleased to let you know that standardization is moving into this area to provide guidance on the subject.  I’m referring to the new EN 16571, “Information technology – RFID privacy impact assessment process.”

Of course, this standard has been developed in support of trade and the IT applications that rely on RFID in support of transportation activities. It was developed as part of the EU RFID Mandate M/436.  The new document is intended to enable a common European method for undertaking an RFID PIA.

EN 16571 shows you the procedures for developing PIA templates, including tools compatible with the RFID PIA methodology.  And it identifies the conditions that require an existing PIA to be revised, amended, or replaced.

What will be the benefits of using the EN 16571?  First, you’ll have a structure to set up and maintain a process for insuring you meet privacy and data protection laws and regulations in Europe.  You’ll have a process to minimize the risks associated with breaches of your data infrastructure.  And you’ll have a methodology for implementing a privacy risk management process during the design phase, rather than as an after-thought.

What is the PIA process?  It’s a systematic way to approach the risks involved with the use of RFID devices.  It includes discovery of risks, assessment of the possibility of negative outcomes, and the documentation of the steps taken to minimize those risks.

If you use RFID in your products, you owe it to your organization to review this standard.  Document Center Inc. can help you get a copy.  It can be purchased in any number of national adoptions, but not as a stand-alone document.  We suggest that you review the following editions:

  • SIS EN 16571, Information technology – RFID privacy impact assessment process – Currently available, paper, pdf or subscription format, English language
  • BS EN 16571, Information technology. RFID privacy impact assessment process, Currently available, paper format only
  • DIN EN 16571, RFID privacy impact assessment process, Not yet available (currently in draft format, German language, paper and pdf format)

With our new contract with SIS, the first edition above (the SIS EN 16571) is your best bet, since it’s available in the most formats and at the lowest price (and it is in English!).

You can place your order on the Document Center website at www.document-center.com.  Or you can contact our staff by phone (650-591-7600), fax (650-591-7617) or email (info@document-center.com).  Your purchases always include our notification service.  We’ve been providing customers like you with standards since 1982.  Make us your Standards Experts!

Published by

Claudia Bach

Claudia Bach is the President of Document Center Inc. and a world-wide recognized expert on Standards and Standards Distribution. You can connect with her on Google+

Leave a Reply

Your email address will not be published. Required fields are marked *