ALA
RFID in Libraries: Privacy and Confidentiality Guidelines

RFID in Libraries: Privacy and Confidentiality Guidelines

Radio Frequency Identification (RFID) technology collects, uses, stores, and broadcasts data. Components of RFID systems include tags, tag readers, computer hardware (such as servers and security gates) and RFID-specific software (such as RFID system administration programs, inventory software, etc.).

RFID technology can enable efficient and ergonomic inventory, security, and circulation operations in libraries. Like other technologies that enable self-checkout of library materials, RFID can enhance individual privacy by allowing users to checkout materials without relying on library staff.

Because RFID tags may be read by unauthorized individuals using tag readers, there are concerns that the improper implementation of RFID technology will compromise users' privacy in the library.1 Researchers have identified serious general concerns about the privacy implications of RFID use, and particular privacy concerns about RFID use in libraries.2 Libraries implementing RFID should use and configure the technology to maintain the privacy of library users.

The Council of the American Library Association adopted the "Resolution on Radio Frequency Identification (RFID) Technology and Privacy Principles" (Appendix A) and requested the development of guidelines for the implementation of RFID technology in libraries.

Basic Privacy & Confidentiality Principles

Protecting user privacy and confidentiality has long been an integral part of the intellectual freedom mission of libraries.3 The right to free inquiry as assured by the First Amendment  depends upon the ability to read and access information free from scrutiny by the government or other third parties. In their provision of services to library users, librarians have an ethical obligation, expressed in the ALA Code of Ethics,4 to preserve users' right to privacy and to prevent any unauthorized use of personally identifiable information. As always, librarians should follow these principles when adopting any new technology.

Policy Guidelines

When selecting and implementing RFID technology, librarians should:

Best Practices

As with any new application of technology, librarians should strive to develop best practices to protect user privacy and confidentiality. With respect to RFID technology, librarians should:

Talking to Vendors about RFID

When dealing with vendors, librarians should:

The Request For Information developed by the San Francisco Public Library provides a helpful list of sample questions (Appendix B; PDF) to ask when talking to vendors about privacy and their RFID products.

1Lori Bowen Ayre, “Wireless Tracking in the Library: Benefits, Threats, and Responsibilities,” RFID: Applications, Security, and Privacy, Garfinkle and Rosenberg, eds. (Addison-Wesley, 2006)

2David Molnar and David Wagner, Privacy and Security in Library RFID: Issues, Practices, and Architectures, CCS’04, October 25-29, 2004 Washington, D.C.

3http://www.ala.org/ala/oif/iftoolkits/toolkitsprivacy/introduction/introduction.htm

4http://www.ala.org/oif/policies/codeofethics 

5http://www.ala.org/oif/policies/interpretations/privacy

6http://www.ala.org/oif/iftoolkits/privacy/guidelines

Appendix A: Resolution on Radio Frequency Identification (RFID) Technology and Privacy Principles

Appendix B: Security and Privacy Sample Questions (PDF)


Adopted by the Intellectual Freedom Committee, June 27, 2006



Related Files

RFID in Libraries: Privacy and Confidentiality Guidelines (PDF File)
Appendix B: Security and Privacy Sample Questions (PDF File)