RFID in Libraries: Privacy and Confidentiality Guidelines
Radio Frequency Identification (RFID) technology collects, uses, stores, and broadcasts data. Components of RFID systems include tags, tag readers, computer hardware (such as servers and security gates), and RFID-specific software (such as RFID system-administration programs, inventory software, etc.).
RFID technology can enable efficient and ergonomic inventory, security, and circulation operations in libraries. Like other technologies that enable self-checkout of library materials, RFID can enhance individual privacy by allowing users to check out materials without relying on library staff.
Because RFID tags may be read by unauthorized individuals using tag readers, there is the possibility that the improper implementation of RFID technology will compromise users' privacy in the library. Researchers have identified serious general concerns about the privacy implications of RFID use and particular privacy concerns about RFID use in libraries.1 Libraries implementing RFID should use and configure the technology to maintain the privacy of library users.
Basic Privacy and Confidentiality Principles
Protecting user privacy and confidentiality has long been an integral part of the intellectual freedom mission of libraries. The right to free inquiry as assured by the First Amendment depends upon the ability to read and access information free from scrutiny by the government or other third parties. Librarians have a professional and ethical obligation to preserve a user’s right to privacy and confidentiality, and to prevent any unauthorized use of personally identifiable information. This obligation is stated in the Library Bill of Rights, Article VII, and the Code of Ethics of the American Library Association, Article III. As always, librarians should follow these principles when adopting any new technology.
Policy Guidelines
When selecting and implementing RFID technology, librarians should:
- Use the RFID selection and procurement process as an opportunity to educate library users about RFID technology and its current and future use in the library and society as a whole. A transparent selection process allows a library to publicize its reasons for wanting to implement an RFID system while listening to its users and giving them a larger voice in the public debate over RFID technology.
- Consider selecting an "opt-in" system that allows library users who wish to use or carry an RFID-enabled borrower card to do so while allowing others to choose an alternative method to borrow materials. Because some members who share integrated library systems may not wish to implement RFID systems, this option also may be necessary for library consortia.
- Review and update appropriate privacy policies and procedures to continue protecting users' privacy, in accordance with Article VII of the Library Bill of Rights and Article III of the Code of Ethics of the American Library Association.
- Ensure that institutional privacy policies and practices addressing notice, access, use, disclosure, retention, enforcement, security, and disposal of records are reflected in the configuration of the RFID system. As with any new application of technology, librarians should ensure that RFID policies and procedures explain and clarify how RFID affects users' privacy. The ALA “Privacy Tool Kit” can assist libraries in drafting appropriate privacy policies. Also, there are specific guidelines available for drafting privacy policies, including the "Library Privacy Guidelines for Library Management Systems,” “Library Privacy Guidelines for Library Websites, OPACs, and Discovery Services,” and "Library Privacy Guidelines for Data Exchange Between Networked Devices and Services.”
- Delete personally identifiable information (PII) collected by RFID systems, just as libraries take reasonable steps to remove PII from aggregated, summary data.
- Notify the public about the library's use of RFID technology. Disclose any changes in the library's privacy policies that result from the adoption of an RFID system. Notices can be posted inside the library and in the library's print and online publications.
- Assure that all library staff continue to receive training on privacy issues, especially regarding those issues that arise due to the implementation and use of RFID technology.
- Be prepared to answer users' questions about the impact of RFID technology on their privacy. Either staff at all levels should be trained to address users' concerns, or one person should be designated to address them.
Best Practices
As with any new application of technology, librarians should strive to develop best practices to protect user privacy and confidentiality. With respect to RFID technology, librarians should do the following:
- Continue their longstanding commitment to securing bibliographic and user databases from unauthorized access and use.
- Use the most secure connection possible for all communications with the Integrated Library System (ILS) to prevent unauthorized monitoring and access to personally identifiable information. For example, SIP over HTTPS ensures the data between self-check or automated materials-handling systems and the ILS is encrypted.
- Protect the data on RFID tags by the most secure means available, including encryption or context-aware defenses to prevent RFID eavesdropping.
- Limit the bibliographic information stored on a tag to a unique identifier for the item (e.g., barcode number, record number, etc.). Use the security bit on the tag if it is applicable to your implementation.
- Block the public from searching the catalog by whatever unique identifier is used on RFID tags to avoid linking a specific item to information about its content.
- Train staff not to release information about an item's unique identifier in response to blind or casual inquiries.
- Store no personally identifiable information on any RFID tag. Limit the information stored on RFID-enabled borrower cards to a unique identifier.
- Label all RFID tag readers clearly so users know they are in use.
- Keep informed about changes in RFID technology and review policies and procedures in light of new information.
- Enable user barcode and PIN authentication for all self-service systems to prevent basic data breaches.
Talking to Vendors about RFID
When dealing with vendors, librarians should do the following:
- Assure that vendor agreements guarantee library control of all data and records and stipulate how the system will secure all information.
- Investigate closely vendors' assurances of library users' privacy.
- Evaluate vendor agreements in relationship with all library privacy policies and local, state, and federal laws.
- Influence the development of RFID technology by issuing Requests for Proposals requiring the use of security technology that preserves privacy and prevents monitoring.
The Request for Information developed by the San Francisco Public Library provides a helpful list of sample questions (Appendix B; PDF) to ask when talking to vendors about privacy and their RFID products and is linked in the web version of this document.
NOTES
1 Stuart Ferguson, Clare Thornley, and Forbes Gibb, “How Do Libraries Manage the Ethical and Privacy Issues of RFID Implementation? A Qualitative Investigation into the Decision-Making Processes of Ten Libraries,” Journal of Librarianship and Information Science 47, no. 2 (2015): 117-130. doi:10.1177/0961000613518572.
Approved June 27, 2006, by the ALA Intellectual Freedom Committee; amended June 24, 2019.