EN 16571:2014
Current
The latest, up-to-date edition.
Information technology - RFID privacy impact assessment process
25-06-2014
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Symbols and abbreviations
5 Structure of this European Standard
6 Field of reference for this European Standard
7 RFID operator's organizational objectives of the
RFID PIA
8 Tools to simplify the process
9 RFID PIA - a process approach
10 Preparing the RFID functional statement
11 Preparing the description of the RFID applications
12 Risk Assessment
13 Worked example of the risk assessment process
14 The PIA summary report
15 Revision control
16 Monitoring and incident response
Annex A (normative) - Details of Registration Authority
Annex B (informative) - RFID manufacturer's product
privacy capability statements
Annex C (informative) - RFID Privacy Impact Assessment
flowchart
Annex D (informative) - Template development
Annex E (informative) - Flowchart to determine the RFID
PIA level
Annex F (informative) - RFID functional statement
Annex G (normative) - RFID application description
Annex H (informative) - Identification and valuation of
personal privacy assets
Annex I (informative) - RFID threats
Annex J (informative) - Countermeasures
Annex K (informative) - PIA risk assessment example
Annex L (informative) - RFID Privacy Impact Assessment summary
Bibliography
This European Standard has been prepared as part of the EU RFID Mandate M/436. It is based on the Privacy and Data Protection Impact Assessment Framework for RFID Applications, which was developed by industry, in collaboration with the civil society, endorsed by Article 29, Data Protection Working Party, and signed by all key stakeholders, including the European Commission, in 2011.It defines aspects of that framework as normative or informative procedures to enable a common European method for undertaking an RFID PIA.It provides a standardized set of procedures for developing PIA templates, including tools compatible with the RFID PIA methodology.In addition, it identifies the conditions that require an existing PIA to be revised, amended, or replaced by a new assessment process.
| Committee |
CEN/TC 225
|
| DevelopmentNote |
Supersedes PREN 16571. (07/2014)
|
| DocumentType |
Standard
|
| PublisherName |
Comite Europeen de Normalisation
|
| Status |
Current
|
| Standards | Relationship |
| NEN EN 16571 : 2014 | Identical |
| UNI EN 16571 : 2014 | Identical |
| NBN EN 16571 : 2014 | Identical |
| PN EN 16571 : 2014 | Identical |
| NS EN 16571 : 2014 | Identical |
| SN EN 16571 : 2014 | Identical |
| BS EN 16571:2014 | Identical |
| DIN EN 16571 E : 2014 | Identical |
| I.S. EN 16571:2014 | Identical |
| NF EN 16571 : 2014 | Identical |
| UNE-EN 16571:2014 | Identical |
| DIN EN 16571:2014-10 | Identical |
| PNE-prEN 16571 | Identical |
| UNI EN 16570 : 2014 | INFORMATION TECHNOLOGY - NOTIFICATION OF RFID - THE INFORMATION SIGN AND ADDITIONAL INFORMATION TO BE PROVIDED BY OPERATORS OF RFID APPLICATION SYSTEMS |
| UNI CEN/TS 16685 : 2014 | INFORMATION TECHNOLOGY - NOTIFICATION OF RFID - THE INFORMATION SIGN TO BE DISPLAYED IN AREAS WHERE RFID INTERROGATORS ARE DEPLOYED |
| DIN EN 16570:2014-09 | INFORMATION TECHNOLOGY - NOTIFICATION OF RFID - THE INFORMATION SIGN AND ADDITIONAL INFORMATION TO BE PROVIDED BY OPERATORS OF RFID APPLICATION SYSTEMS |
| S.R. CEN/TS 16685:2014 | INFORMATION TECHNOLOGY - NOTIFICATION OF RFID - THE INFORMATION SIGN TO BE DISPLAYED IN AREAS WHERE RFID INTERROGATORS ARE DEPLOYED |
| BS EN 16570:2014 | Information technology. Notification of RFID. The information sign and additional information to be provided by operators of RFID application systems |
| EN 16570:2014 | Information technology - Notification of RFID - The information sign and additional information to be provided by operators of RFID application systems |
| DIN EN 16570 E : 2014 | INFORMATION TECHNOLOGY - NOTIFICATION OF RFID - THE INFORMATION SIGN AND ADDITIONAL INFORMATION TO BE PROVIDED BY OPERATORS OF RFID APPLICATION SYSTEMS |
| I.S. EN 16570:2014 | INFORMATION TECHNOLOGY - NOTIFICATION OF RFID - THE INFORMATION SIGN AND ADDITIONAL INFORMATION TO BE PROVIDED BY OPERATORS OF RFID APPLICATION SYSTEMS |
| CEN/TR 16673:2014 | Information technology - RFID privacy impact assessment analysis for specific sectors |
| ISO/IEC 18000-6:2013 | Information technology — Radio frequency identification for item management — Part 6: Parameters for air interface communications at 860 MHz to 960 MHz General |
| CEN/TR 16674:2014 | Information technology - Analysis of privacy impact assessment methodologies relevant to RFID |
| CEN/TR 16672:2014 | Information technology - Privacy capability features of current RFID technologies |
| ISO/IEC 21481:2012 | Information technology Telecommunications and information exchange between systems Near Field Communication Interface and Protocol -2 (NFCIP-2) |
| ISO/IEC 18000-7:2014 | Information technology Radio frequency identification for item management Part 7: Parameters for active air interface communications at 433 MHz |
| ISO/IEC 18000-61:2012 | Information technology — Radio frequency identification for item management — Part 61: Parameters for air interface communications at 860 MHz to 960 MHz Type A |
| TR 187 020 : 1.1.1 | RADIO FREQUENCY IDENTIFICATION (RFID); COORDINATED ESO RESPONSE TO PHASE 1 OF EU MANDATE M436 |
| ISO/IEC 18092:2013 | Information technology — Telecommunications and information exchange between systems — Near Field Communication — Interface and Protocol (NFCIP-1) |
| ISO/IEC 27005:2011 | Information technology Security techniques Information security risk management |
| ISO/IEC 18000-2:2009 | Information technology — Radio frequency identification for item management — Part 2: Parameters for air interface communications below 135 kHz |
| ISO/IEC 18000-4:2015 | Information technology Radio frequency identification for item management Part 4: Parameters for air interface communications at 2,45 GHz |
| ISO 11785:1996 | Radio frequency identification of animals — Technical concept |
| ISO/IEC 18046-3:2012 | Information technology Radio frequency identification device performance test methods Part 3: Test methods for tag performance |
| CEN/TR 16670:2014 | Information technology - RFID threat and vulnerability analysis |
| ISO/IEC 18000-62:2012 | Information technology — Radio frequency identification for item management — Part 62: Parameters for air interface communications at 860 MHz to 960 MHz Type B |
| ISO 11784:1996 | Radio frequency identification of animals Code structure |
| ISO/IEC 18000-64:2012 | Information technology — Radio frequency identification for item management — Part 64: Parameters for air interface communications at 860 MHz to 960 MHz Type D |
| ISO/IEC 18000-63:2015 | Information technology Radio frequency identification for item management Part 63: Parameters for air interface communications at 860 MHz to 960 MHz Type C |
| ISO/IEC 18000-3:2010 | Information technology — Radio frequency identification for item management — Part 3: Parameters for air interface communications at 13,56 MHz |
| ISO/IEC 29100:2011 | Information technology — Security techniques — Privacy framework |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.