Book Industry Communication Ltd (BIC) to Prepare Guidance
for Librarians in Meeting EU Requirements on RFID Privacy
Early in 2014, the EU published its long awaited Mandate 436 (Privacy and RFID). The mandate is an instruction to standards and data protection agencies in member nations to take whatever steps they consider appropriate to meet the requirements of the mandate over the use of Radio Frequency Identification (RFID) in a number of business and service sectors – including libraries.
The focus of the EU is to ensure that the privacy of EU citizens is safeguarded. There may be privacy risks involved in RFID, for example an RFID tagged object could potentially be tracked by an agency or read by an NFC capable smartphone. Even if the risk in libraries is very small, the EU has mandated two precautionary measures which may in time be enforced in the UK.
The Two Measures are:
Locations using RFID technology are required to display a notice to this effect.
Privacy Impact Statement from the Operator (to accompany the signage)
In the case of a library, the EU’s current view is that the operator will be the librarian or senior officer responsible for the service. The Privacy Impact Statement needs to give details on how RFID is being used and will provide library users with information on the operation of the library RFID system: data stored, frequencies in use, any known vulnerabilities etc. Preparation of the Privacy Impact Assessment (PIA) required to create the statement is subject to a number of regulations, most notably EN 16571 (Information technology RFID privacy impact assessment process) – published in June 2014.
At the present time the UK Information Commissioner’s Office has advised BIC that it has no immediate plans to introduce compulsory measures to support the mandate but that this position could change. Most EU mandates become best practice – even law – through a gradual voluntary process of adoption. The law is only used as a last resort.
There is therefore some time for UK libraries to respond to this EU Mandate and BIC has formed a special working group comprising interested parties from all sides of the library market to draw up an independent set of guidelines for meeting the requirements of the mandate. These guidelines will be made freely available to all sectors of the library community.
What do Librarians Need to do Now?
BIC's current advice is that action or expenditure to comply with these EU regulations is not necessary at the moment and that if it should become necessary, BIC will be in a position to advise on the best action to take to comply with UK Law. (Note that BIC cannot give legal advice but can let members know when these EU Regulations become UK Law)
If Librarians are concerned about this, are BIC members, and would like to register their details with BIC so that BIC can communicate advice on any future developments in this area, please supply name, email address and organisation contact details to BIC:Alaina-Marie@bic.org.uk
Non-BIC members are advised to visit BIC's website for more information and updates: www.bic.org.uk
Minutes from all the working group meetings relating to this EU Mandate can also be found on the BIC website.
About Book Industry Communication Ltd (BIC)
BIC is the book industry's independent supply chain organisation, committed to improving the efficiency of the trade and library supply chains, reducing cost and automating processes. BIC is committed to creating an efficient supply chain for both physical and digital products across the entire book industry, working with all relevant stakeholders to eliminate wasteful and time-consuming practices and implement solutions acceptable to all. BIC's unique position of trust with all parties in the supply chain makes it possible to reach agreement on dependable standards. BIC manages the use of Tradacoms and EDIFACT standards in library EDI, BIC created and maintains the UKSLC library subject categories, and the Library Communication Framework (LCF), and BIC manages the e4libraries accreditation scheme which recognises library organisations' commitment to the implementation of beneficial technologies and the adoption of industry standards. Training is also at the heart of BIC’s activities and BIC strongly believes that successful supply chains start with people. Find out more: www.bic.org.uk