Consultation Results: RFID in the Workplace

Office of the Privacy Commissioner of Canada

March 2010


The Office of the Privacy Commissioner (OPC) would like to thank those individuals and groups who provided feedback on the consultation paper Radio Frequency Identification (RFID) in the Workplace: Recommendations for Good Practices for their time and considered comments.  The goal of this consultation report was to highlight areas of consensus and identify windows of opportunity to inform future discussion of RFID in the workplace.

We received 11 responses to our consultation paper from a variety of perspectives: academics, unions, RFID vendors, industry groups and private citizens.  All of the comments we received are helpful in advancing the debate around the appropriate use of RFID technologies in the workplace. 

We were pleased to find that overall the responses were very supportive of the recommendations outlined in our consultation paper in March 2008, which set out good practice rules for organizations contemplating the use of RFID technologies in the workplace. The Commissioner was commended for tackling the issue of RFID in the workplace and encouraged to continue her work in this area.

Consultation Responses

Accountability

With regard to ensuring accountability for data generated by RFID systems, a union noted: “No individual with direct supervisory control over an employee or from Human Resources should be in charge of any data generated by RFID technology”.   This observation highlights the importance of carefully determining who should have access to and be accountable for RFID and other data collection systems in the workplace.

Identifying Purposes

With regard to our recommendations on identifying purposes, overall, respondents supported the use of RFID systems that are used for legitimate business purposes and did not support RFID used for secondary purposes or employee surveillance.  An academic noted “RFIDs used for supply chain management are more likely to be reasonable than RFIDs used for workforce management.”  Another respondent echoed these observations when they commented “…the data collected from RFID technologies should not be used for performance assessment or disciplinary purposes.”

Several respondents were looking for the development of industry standards, policies or guidelines for implementing RFID systems that would help them ensure the data collected would be used and disclosed for identified purposes only.  An industry respondent stated “the use of RFID technology can provide numerous benefits to employers.  Some of those uses may also benefit employees (e.g., RFID technology may be used to improve workplace security and safety).  However, in the absence of strong public policy, there is a great likelihood that RFID technology will be deployed by some organizations in a manner detrimental to both the principles and legislation pertaining to employee privacy.”

Consent

OPC noted that it was necessary to ensure that meaningful consent is obtained before implementing an RFID system, as consent is a cornerstone of the Fair Information Principles.  We received a number of interesting comments around reasonable expectations of privacy versus reasonable management of RFID systems.

Reasonable Expectations and Reasonable Management: An academic who commented on this issue suggested that because the reasonable expectations of employees are subjective, it can be easy for employers to manipulate subjective expectations through notices of surveillance and other techniques.  He argued that the onus of ensuring the “reasonable management” of the RFID system (which includes protecting employee privacy) should be the responsibility of the employer.  Furthermore, he said that a workplace RFID system must be managed reasonably whether employees expect privacy in this area or not.  A union representative echoed this idea and noted that reasonable expectations of employees are not sufficient – they suggested that privacy is better protected when the responsibility for ensuring employee privacy rests with the person who is seeking to collect the information in the first place.   

We had asked whether certain employees would be at a disadvantage as a result of surveillance by RFID systems.  An advocacy group noted the conundrum of securing truly meaningful and voluntary consent in the workplace environment.  Employees working without direct supervision from management could be at risk where employers may be tempted to replace proper management with covert surveillance. 

Implanting employees with RFIDs: There was significant support by consultation respondents for the prohibition of RFID implants as a condition of employment.  One academic stated that “…the value of dignity requires that RFIDs will not be implanted in human beings for any work-related purposes, regardless of whether or not employees consent.” This respondent went on to state that “I therefore support the suggestion raised in the consultation paper to consider legislation to ban RFID implants.  Employees should not be offered the opportunity to consent to RFID implants in my opinion, just as they do not have the opportunity to consent to work for less than minimum wage or to consent to work under other substandard employment conditions.”

A union also noted that “…no employee should ever be required to implant an RFID tag, or any device, into their person as a condition of employment.  Requiring an employee to do so is a fundamental violation of personal autonomy and dignity.”  This respondent also highlighted several other issues with RFID implants such as monitoring conduct after work, at lunch, bathroom breaks, during vacation, and tracking physical movements.  The same respondent addressed the potential security issues posed by RFID implants.  For example, if the RFID implant is used to allow the employee access to sensitive or secure areas, the presence of such an implant may pose a legitimate safety and security threat to the employee in question.

Limiting Collection, Use, Disclosure and Retention

We had explained that an employer must limit the collection of personally identifiable information to that which is necessary for the identified purposes and we had referred to research which shows how organizations could configure the technology to recognize distinct collection practices.  Respondents generally supported limiting the collection of RFID-related data.  Several respondents observed that collection for purposes such as employee monitoring, disciplinary action and surveillance through RFID systems should be prohibited. 

A number of respondents noted that the data generated by RFID systems should not be linked to other databases unless there is a demonstrated need.  An academic argued that a “spoke and hub” data model be used where “control rests at the hub…and direct links between spokes (e.g. the RFID information and the health information) are not allowed.”  A union noted that RFID related information should not be linked to any other personal information possessed by the employer, such as medical records, personnel files or disciplinary history.  Another union stated “We believe that there can be no good reason to ever link RFID-related information with other personal information.  As with other workplace surveillance, it will most often be illegal unless justified by rare particular reasons such as a theft epidemic or the need to protect sensitive information or equipment….In short, all linkages should be forbidden.”

One industry stakeholder noted the connection between the data generated by RFID and traditional records management practices for other electronic data: “…RFID records constitute one type of record created by organizations and that those records should be managed in accordance with records management best practices…for records retention and disposition.”  The same respondent noted that with regard to retention and disposition, RFID data should be “…kept only as long as necessary to achieve the purpose for which the records were collected.”  A union respondent echoed this concern and suggested the employer “must develop clear guidelines as to the length of time such data will be retained and policies with respect to the destruction of such information.”  

Accuracy

We had said that employers must ensure that personal information is as accurate, complete and up-to-date as necessary for the purposes for which it is to be used.  An industry group noted the importance of maintaining an audit trail regarding the lifecycle of RFID data.  One respondent noted that data collected via RFID should be anonymized and remain unconnected with other personal data.  The same respondent recognized that RFID data anonomyzation presents a unique challenge for the principle of accuracy in that anonymizing the data makes ensuring accuracy and providing employees with an opportunity to correct any mistakes difficult.

Safeguards

We had said that organizations must protect personal information in a manner commensurate with its sensitivity.  We note that there have been many data breaches reported in the media and that RFID systems containing employee personal information have the potential to be compromised.  On this point, an individual stated Employers should be advised that they are responsible and should be made accountable for any breach in the use of this technology.”

Respondents recommended that protecting data in each distinct part of an RFID system was a good way to help safeguard employee privacy.  An industry respondent noted that there are products that can shield an access card embedded with an RFID chip from unauthorized use such as a sleeve or encryption technology.

Openness

We made various comments under this principle in the consultation, such as that there should be no hidden tags or readers.  Most respondents who commented on this issue agreed with our statements.

A number of respondents confirmed the importance of consulting with employees and/or unions before an RFID system is deployed. 

Respondents also said the visibility of tags was important. Respondents suggested that employers ensure RFID tags and readers are clearly labeled and are in plain sight.   One union noted the benefits of visible RFID readers and tags to employers as being “…respecting the employees privacy by letting them implicitly consent to the collection, helping protect the tags and readers from accidental damage, giving employees opportunity to help their employers to better manage their equipments and inventories, protecting freedom of association and reinforcing human dignity.”

Several commentators argued that RFID systems should not be used for covert surveillance.  One union took the position that “…covert use of RFID technology should be forbidden” and that “the onus is on the employer to demonstrate on an objective standard that the purpose for which RFID technology is introduced is a legitimate business objective.”

Individual Access

Consultation respondents who did comment on this issue generally supported our recommendations of ensuring individual access to any personally identifiable data generated by RFID systems in the workplace.

Challenging Compliance

We had said that employees must be able to challenge compliance with the other principles by making inquiries or lodging a complaint and most respondents agreed with this statement. 

Other Recommendations

Several respondents encouraged OPC to continue monitoring RFID issues and emerging technologies that have an impact on workplace privacy and we can eagerly commit to this and look forward to continuing dialogue on this issue.  One respondent noted that “the OPC will be most influential if it continues to maintain a balanced approach, which recognizes and supports the business advantages of new technologies such as RFID, while ensuring that legitimate and reasonable privacy concerns are addressed.”

The majority of participants also noted that the OPC should continue in its education and outreach efforts. One union respondent noted that “most employers have only a vague understanding of their rights and obligations in relation with their employees’ privacy rights.  OPC should continue to educate employers in every possible way…” and suggested the OPC specifically target employees and unions through direct mail outs, participation at conferences outside of privacy law such as labour law, union conventions and through the various bars and law societies.

The importance of developing industry standards and/or guidelines for RFID in the workplace was viewed as an important next step for RFID deployments by several industry respondents. 

RFID in the Workplace – Conclusion

OPC believes that, in the workplace, good privacy practice is not just about avoiding complaints, grievances, or lawsuits.  Whether or not privacy is protected by law or contract, fostering a workplace culture where privacy is valued and respected contributes to morale and mutual trust, and makes good sense. The values of autonomy and dignity are also enhanced by an implementation of technology that is respectful of employees. 

Employers who seek to introduce new technologies such as RFID into the workplace should take the time to educate and inform their employees about the technology, the particular system implemented, how it functions, and what information it is being used to collect.  In some circumstances, employers may rightly conclude that costs of some applications outweigh the benefits.

We were very pleased with the results of the consultation and we will continue to monitor RFID issues and other emerging technologies that have an impact on workplace privacy.

Date modified: