The IIPA requires the California Research Bureau to conduct a study on RFID security and privacy issues and specifies interim rules for state agencies, including libraries, to follow if the technology is used before the CRB issues its report. The rules call for tamper-resistant authentication and encrypted information on the tags.
The bill also sets up a state RFID advisory board composed of government officials, privacy-rights groups, and business representatives.
Simitian said in the September 1 Oakland Tribune that the law is a “preventive measure. There were state agencies already starting to move in this direction” of issuing cards for various purposes, “and often enough without enough thought.”
The legislation is a follow-up to a bill he proposed last year that would have placed a three-year moratorium on state use of RFID technology. However, the bill stalled in the state Assembly through successive amendments.
Posted September 1, 2006.