GS1 Launches New Tool Enabling Companies to Perform Privacy Impact Assessments (PIA) on RFID within their Organisations.

GS1 has recently announced the availability of a Privacy Impact Assessment (PIA) Tool, which companies can use to perform initial analyses and risk assessment on Radio Frequency Identification (RFID) technology and Electronic Product Code (EPC) implementations. The tool was developed in collaboration with GS1 Member Companies and Member Organisations, and provides an assessable and streamlined approach to meeting European Commission guidance on industry accountability for RFID applications.

"The year 2011 will remain etched in our memories as the most decisive year for turning the concept of Privacy Impact Assessment into a reality in Europe,” stated Gerald Santucci, Head of the Unit responsible or RFID in the European Commission DG Information Society. “Thanks to the outstanding collaborative work of companies, consumer organisations, privacy groups, and data protection and security legal experts, we have a comprehensive framework for conducting privacy impact assessments in the RFID field. GS1’s launch of a tool for privacy impact assessments undeniably constitutes a major step forward in the development of industry-based, sector-based and/or application-based PIAs in Europe and globally. This is a tremendous accomplishment that holds the promise of more successful developments in 2012 for incorporating privacy in RFID application design, thus building trust in RFID applications."

 The tool is based on the PIA Framework, which was endorsed in April 2011 by the EU Commission, the European Data Protection Authorities (also known as Article 29 Working Party), GS1 and several industry trade associations. The tool aims to help companies - particularly Small and Medium sized Enterprises (SMEs) - determine any potential privacy risks and the steps to take to address them. The tool is designed to structure a company’s ability to identify and evaluate key areas of potential privacy risk and offer control measures. Its aim is to be flexible enough to allow broad usability by organisations in different business sectors and of different sizes, while at the same time fostering a harmonized approach in the EU. Several companies have already announced they will be using the tool for new applications. They include retailers like Carrefour, Metro Group and Walmart/Asda, manufacturers like Procter & Gamble, logistic providers like Deutsche Post DHL and technology providers like Checkpoint Systems. On the SME front, Baxi, and Italian heating manufacturer has also announced they will use the tool for their new applications. GS1 will work closely with its Member Organisations throughout the European Union to ensure that the Privacy Impact Assessments are implemented in as harmonised a way as possible.  Use of the tool is not limited to the EU, GS1 encourages conducting such assessments as a best practice in other regions. The GS1 EPC/RFID Privacy Impact Assessment Tool is available at  http://www.gs1.org/epcglobal/pia