May 2009


The European Commission released its recommendations for implementing RFID applications in a privacy sensitive and protective way.

The recommendations come after years of open debate in Europe about the best way to address privacy concerns without hampering the innovative and beneficial use of RFID technology.

Premised on the idea that RFID has the potential to be both ubiquitous and practically invisible, the focus is on privacy and information security. Although not legally binding, the recommendations may serve as a blueprint for future legislative actions if industry in Europe does not voluntary adhere to them.

The Commission did point out that RFID applications are already subject to European Directives 95/46/EC and 2002/58/EC concerning the protection of personal data and the free movement of such data. Key recommendations from the Commission include:

1. The development of a framework for a privacy impact assessment (PIA). A PIA examines an RFID application before it is implemented to determine what, if any, effect it would have on privacy. I believe that conducting a comprehensive PIA would go a long way to alleviating most privacy concerns. An example of how to conduct a PIA can be found at the Department of Homeland Security’s Web site.

2. The development of a framework for a privacy impact assessment (PIA). A PIA examines an RFID application before it is implemented to determine what, if any, effect it would have on privacy. I believe that conducting a comprehensive PIA would go a long way to alleviating most privacy concerns. An example of how to conduct a PIA can be found at the Department of Homeland Security’s Web site.

3. In those instances where personally identifiable information (PII) is collected and stored, take appropriate technical and organizational measures to protect PII. The recommendations don’t define “appropriate measures” but the Federal Trade Commission (FTC) offers a guide for protecting personal information for businesses in the United States.

4. Assure an appropriate level of information security after conducting a risk assessment.

The following two recommendations, while troubling from a security perspective, come from the concern that RFID tags can be read remotely without an individual’s knowledge. This possibility violates several privacy principles - notice, choice and consent - hence the wording below:

1. Inform individuals of the presence of an RFID reader on the basis of a common European sign.

2. Inform individuals of the presence of RFID tags that are placed or embedded in products.

There are also recommendations specific to retailers in Europe such as offering tag deactivation and removal at point-of-sale. Though the recommendations have been issued to the European Commission’s 27 member states, other countries, including the United States, have been paying close attention.

And, in three years time, the Commission will issue a report on whether the recommendations have been effective and their impact on operators and consumers. RFID manufacturers, implementers and end users world wide have a choice - take the recommendations seriously or expect future regulation.


For several years, HID Global has implemented “Customer First” initiatives to ensure that we stay focused on our most critical stakeholders. “Customer First” is probably not unique to HID, but it is a mantra that we have adopted.

Corporate leadership is adamant on reiterating to us that our customers are why we exist, and that we should never forget that.

As Frank Haley, the Deputy Director of Public Safety and Technology of Houston Airport System, said:

“The measure of a company is not by the problems they have, but what they do and how they resolve the problems.”

In this context, it is particularly satisfying when an employee receives recognition directly from the customer. In the case of Mark Rivoli, VP of Customer Service, the customer did not send his praise to Mark, but rather, to our president and CEO, Denis Hébert.

Mark Rivoli and his Customer Service Team

It is on behalf of Denis and HID Global that I am pleased to focus this week’s BLOG on the importance of customer value. To illustrate this, I’d like to draw on a recent letter Denis received from Frank Haley, Deputy Director, Public Safety and Technology of Houston Airport System (HAS). The letter praises HID Global, and particularly Mark Rivoli and his team, for the A-1 service they have extended to Houston International Airport.

Mr. Haley notes in his letter that there are times when projects don’t always work out. Circumstances such as ordering product to be delivered on-time or migrating new technology can become quite complicated. In the case of Mark Rivoli’s dealings with the airport, Mark and his team were recognized for working closely with the customer to ensure a smooth transition and a seamless project execution.

As Mr. Haley notes in the quote preceding this article, a company’s response to problems is a key measure of value for customers. I couldn’t agree more with Mr Haley, and I would like to commend him for taking the time to write this letter and bringing attention to the hard work HID’s customer service department delivers.

In today’s challenging times, where employees are doing more with less due to the economic climate, it is that much more significant to go the extra mile for customers like Houston International Airport. In the case of Mark and team, it clearly made the difference.

Therefore, on behalf of HID Global, I would like to thank Mark Rivoli and the Customer Service Department for their dedication and hard work. Thanks also to Houston International Airport for their acknowledgment and thoughtfulness in sending Denis this much appreciated letter of positive feedback.


As member of the ASSA ABLOY Group, HID Global is unique in that we are part of a much larger organization that is able to do things that smaller independent companies may not have the resources or capacity to achieve.

The sustainability program is seen as a bridge from risk to opportunity and increased focus on product innovation within the Group provides an opening for exploring market opportunities for environmentally friendly products.

The recently published ASSA ALBOY Sustainability Report highlights some significant accomplishments within the Group in 2008.

    • Total energy consumption was reduced by 8 percent compared to 2007


    • CO2 emissions were reduced by 10 percent compared to 2007.


    • Consumption of specific organic solvents was reduced by 55 percent compared to 2007


    • A global employee survey was carried out, with improved performance when compared with the results for 2006


    • Internal supplier sustainability audit training programs were completed.


Click here to learn more about sustainability at ASSA ABLOY and download the 2008 ASSA ABLOY Sustainability Report.

You can also copy and paste this URL into your browser window:


Healthcare has been in the news a lot lately, with the government promising healthcare reform and setting aside $20 billion for healthcare IT in the HITECH Act portion of the American Recovery and Reinvestment Act.

A key provision in the HITECH Act is the development of a nationwide health information technology infrastructure that allows for the electronic use and exchange of patient information. Policy makers and healthcare industry stakeholders agree that creating such a network will create efficiencies and contribute to higher quality health outcomes for patients nationwide.

But the promise of electronic health records also creates security and privacy risks. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) addresses health information security and privacy issues and the HITECH Act expands HIPAA Security and Privacy Rules to address the risks inherent in proliferating online medical records. The Act also adds a security breach notification provision.

We have all seen the stories in the news about celebrity health information privacy breaches. Just ask Britney Spears and George Clooney or most recently the “Octomom.” Some industry experts suggest that such breaches are most often the work of insiders in as many as 90 percent of the cases, as noted in a recent article in Healthcare IT News.

For such insider breaches of privacy, hospitals that use HID Global’s technology for physical access control have a cost-effective solution at their fingertips - literally. The card that employees are carrying to access the hospital and areas within the hospital can also be used to control access to a hospital’s operating system.

Combining physical and logical access control can help hospitals protect patient privacy and comply with the HIPAA Security and Privacy Rule. And the infrastructure is already in place at many hospitals. With the move toward a nationwide network of electronic medical records in a constrained economic environment, it’s an obvious and easy solution.