Once again, Parry Aftab's regular column in Information Week is a must-read:
InformationWeek > RFID > The Privacy Lawyer: RFID May Be Risky Business > September 13, 2004:
"... Whenever privacy technology, laws, or best practices are implicated, there are four issues that always should be considered: notice, consent, access and security. If the data is personally identifiable or capable of becoming personally identifiable when combined with other data you have, have you given notice of what you're doing to those whose data is being collected (the 'notice' requirement)? Have you received the requisite consent for what you're doing (the 'consent' requirement)? How can people review what you've collected for accuracy or stop you from using it later on (the 'access' requirement)? And how well are you protecting the security of the data (the 'security' requirement)? "
No comments:
Post a Comment