1、October 2014 Translation by DIN-Sprachendienst.English price group 31No part of this translation may be reproduced without prior permission ofDIN Deutsches Institut fr Normung e. V., Berlin. Beuth Verlag GmbH, 10772 Berlin, Germany,has the exclusive right of sale for German Standards (DIN-Normen).IC
2、S 35.240.60!%;s2“2248015www.din.deDDIN EN 16571Information technology RFID privacy impact assessment process;English version EN 16571:2014,English translation of DIN EN 16571:2014-10Informationstechnik Verfahren zur Datenschutzfolgenabschtzung (PIA) von RFID;Englische Fassung EN 16571:2014,Englische
3、 bersetzung von DIN EN 16571:2014-10Technologies de linformation Processus dvaluation dimpact sur la vie prive des applications RFID;Version anglaise EN 16571:2014,Traduction anglaise de DIN EN 16571:2014-10www.beuth.deIn case of doubt, the German-language original shall be considered authoritative.
4、Document comprises 105 pages 09.14 DIN EN 16571:2014-10 2 A comma is used as the decimal marker. National foreword This document (EN 16571:2014) has been prepared by Technical Committee CEN/TC 225 “AIDC technologies” (Secretariat: NEN, Netherlands). The responsible German body involved in its prepar
5、ation was the DIN-Normenausschuss Informationstechnik und Anwendungen (DIN Standards Committee Information Technology and selected IT Applications), Working Committee NA 043-01-31 AA Automatische Identifikation und Datenerfassungsverfahren. This European Standard provides a standardized set of proce
6、dures for developing PIA templates, including tools compatible with the RFID PIA methodology. In addition, it identifies the conditions that require an existing PIA to be revised, amended, or replaced by a new assessment process. DIN EN 16571 defines aspects of the Privacy Impact Assessment (PIA) Fr
7、amework for RFID as normative or informative procedures to enable a common European method for undertaking an RFID PIA. This framework was developed by European data protection authorities and was endorsed by the “Article 29 Data Protection Working Party” and signed by all key stakeholders, includin
8、g the European Commission, in 2011. In March 2009 the European standards organizations CEN, CENELEC and ETSI accepted the European Commissions Mandate M/436 to draw up and execute a standardization work programme for the sector-specific implementation of RFID applications. The focus of the Mandate i
9、s the data protection, privacy and information aspects of RFID. It is being executed in two phases. In Phase 1 a roadmap was drawn up analysing the current situation in Europe, identifying gaps in standardization, and identifying the necessary standardization work programme. This phase was completed
10、 in 2011. Phase 2 is concerned with the execution of the work programme identified in the first phase, with the aim of filling the above-mentioned gaps. This European Standard is one of 11 standardization deliverables to be drawn up in Phase 2. EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN 16
11、571 June 2014 ICS 35.240.60 English Version Information technology - RFID privacy impact assessment process Technologies de linformation - Processus dvaluation dimpact sur la vie prive des applications RFID Verfahren zur Datenschutzfolgenabschtzung (PIA) vonRFID This European Standard was approved b
12、y CEN on 14 May 2014. CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standard
13、s may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN member into its own language and notif
14、ied to the CEN-CENELEC Management Centre has the same status as the official versions. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Ice
15、land, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Mana
16、gement Centre: Avenue Marnix 17, B-1000 Brussels 2014 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. EN 16571:2014 E-Informationstechnik - EN 16571:2014 (E) 2 Contents Page Foreword 5 Introduction .6 1 Scope 7 2 Normative references
17、7 3 Terms and definitions .7 4 Symbols and abbreviations . 11 5 Structure of this European Standard 12 6 Field of reference for this European Standard 12 6.1 RFID as defined by the EU RFID Recommendation 12 6.2 RFID application as defined by the EU RFID Recommendation 13 6.3 RFID operator as defined
18、 by the EU RFID Recommendation . 13 6.4 Relationship between the RFID PIA and data protection and security . 14 6.5 Relevant inputs for the PIA process . 17 6.5.1 General . 17 6.5.2 The privacy capability statement 17 6.5.3 The Registration Authority 17 6.5.4 RFID PIA templates . 17 7 RFID operators
19、 organizational objectives of the RFID PIA . 17 7.1 Overview 17 7.2 Meeting and exceeding legal requirements . 18 7.3 When to undertake the RFID PIA . 19 7.3.1 General . 19 7.3.2 Undertaking a PIA at the design stage before the RFID system becomes operational 19 7.3.3 Undertaking a PIA at a review a
20、nd update the design-based PIA . 19 7.3.4 Undertaking a PIA to contribute to the development of a template 19 7.3.5 Undertaking a PIA with an established template . 20 7.3.6 Undertaking a PIA at the introduction of a new function within the RFID application 20 7.3.7 Undertaking a PIA based on change
21、s in RFID technology 20 7.3.8 Undertaking a PIA when a privacy breach has been reported . 20 8 Tools to simplify the process 21 8.1 RFID operator responsibility . 21 8.2 RFID technology privacy capability tools - overview 21 8.3 Registration of RFID privacy capability statements by RFID product manu
22、facturers 21 8.3.1 General . 21 8.3.2 Obligations of the Registration Authority 21 8.3.3 Appointment 22 8.3.4 Resignation . 22 8.3.5 Responsibilities of the RFID product manufacturers . 22 8.4 RFID technology privacy capability tools - details 23 8.4.1 RFID integrated circuit privacy capabilities .
23、23 8.4.2 RFID tag privacy capabilities . 23 8.4.3 RFID interrogator privacy capabilities 23 8.4.4 The default privacy capability statement . 23 8.4.5 Using CEN/TR 16672 to construct privacy capabilities for products using proprietary protocols 24 8.5 Templates 24 8.5.1 General . 24 DINEN 16571:2014-
24、10EN 16571:2014 (E) 3 8.5.2 Developing a template 24 8.5.3 Who should prepare the templates? . 25 8.5.4 The role of stakeholders in template development . 25 9 RFID PIA - a process approach 26 9.1 Introduction 26 9.2 Process Steps 26 9.3 Achieving the correct level of detail 27 9.3.1 General . 27 9.
25、3.2 Level 0 no PIA . 27 9.3.3 Level 1 small scale PIA 27 9.3.4 Level 2 PIA focussed on the controlled domain of the application 27 9.3.5 Level 3 Full scale (complete) PIA of the application . 28 9.3.6 Reducing the effort for the SME organization 28 9.4 Process methodology . 29 10 Preparing the RFID
26、functional statement 30 11 Preparing the description of the RFID applications 31 11.1 Introduction 31 11.2 Multiple applications . 31 11.3 RFID application overview 32 11.3.1 General . 32 11.3.2 Determine which RFID technology is intended or being used . 32 11.3.3 Determine the RFID components used
27、in the application 33 11.3.4 RFID applications on portable devices . 34 11.4 Data on the RFID tag . 36 11.4.1 General . 36 11.4.2 Determine what inherent identifiable features are possessed by the RFID tag 36 11.4.3 Listing the data elements encoded on the RFID tag 37 11.4.4 Determine whether encode
28、d data can be considered identifiable . 37 11.4.5 Determine whether personal data is encoded on the tag . 38 11.5 Additional data on the application . 38 11.6 RFID data processing 38 11.7 Internal transfer of RFID data . 39 11.8 External transfer of RFID data 39 11.9 RFID application description sig
29、n off 39 12 Risk Assessment . 40 12.1 Procedural requirements derived from the RFID Recommendation 40 12.1.1 Common procedure requirements for all RFID operators 40 12.1.2 Requirements for retailers that are RFID operators 41 12.1.3 Procedure requirements for manufacturers of products eventually sol
30、d to consumers 42 12.2 Asset identification and valuation . 42 12.2.1 General . 42 12.2.2 Identification of assets 43 12.2.3 Valuing assets . 44 12.3 Threat identification and evaluation 47 12.3.1 General . 47 12.3.2 Identification and classification of threats . 48 12.3.3 Evaluating threats . 49 12
31、.3.4 The process for the SME organization 50 12.4 Identifying vulnerabilities and enumerating the associated risk levels 50 12.4.1 Basic procedure 50 12.4.2 Procedure to account for exposure time 51 12.5 Initial risk level . 51 12.6 Countermeasures 53 12.6.1 General . 53 12.6.2 Identifying counterme
32、asures . 53 DIN EN 16571:2014-10 EN 16571:2014(E)4 12.6.3 Reassessing risk levels . 55 12.7 Residual risks 55 12.8 RFID PIA endorsement . 56 13 Worked example of the risk assessment process 56 14 The PIA summary report 56 14.1 PIA report date 56 14.2 RFID application operator 56 14.3 RFID applicatio
33、n overview . 56 14.4 Data on the RFID tag 56 14.5 RFID Privacy Impact Assessment score 57 14.6 RFID countermeasures 57 15 Revision control 57 16 Monitoring and incident response 58 Annex A (normative) Details of Registration Authority 59 Annex B (informative) RFID manufacturers product privacy capab
34、ility statements 60 B.1 RFID integrated circuit (chip) privacy features 60 B.2 RFID interrogator privacy features . 62 Annex C (informative) RFID Privacy Impact Assessment flowchart . 65 Annex D (informative) Template development 67 Annex E (informative) Flowchart to determine the RFID PIA level 68
35、Annex F (informative) RFID functional statement . 69 Annex G (normative) RFID application description 70 Annex H (informative) Identification and valuation of personal privacy assets 71 H.1 Individually held personal privacy asset 71 H.2 Assets that apply to the organization . 76 Annex I (informativ
36、e) RFID threats . 77 I.1 Threats associated with the data encoded on the RFID tag and the RFID tag (or RF card) itself 77 I.2 Threats associated with the air interface or the device interface communication 80 I.3 Threats associated with the interrogator (or reader) 85 I.4 Threats associated with the
37、 host application 85 Annex J (informative) Countermeasures . 88 J.1 List of countermeasures 88 J.2 Threat and countermeasure mappings 90 Annex K (informative) PIA risk assessment example . 94 K.1 Introduction . 94 K.2 Ranking the assets . 94 K.3 Considering threats at the tag layer and air interface
38、 layer . 95 K.4 Considering threats at the interrogator layer 96 K.5 Considering threats at the device interface layer . 97 K.6 Considering threats at the application layer 97 K.7 Considering vulnerabilities 98 K.8 Risk scores after considering all the threats and vulnerabilities 98 K.9 Applying cou
39、ntermeasures . 99 K.10 Overall risk 99 Annex L (informative) RFID Privacy Impact Assessment summary . 101 Bibliography . 102 DINEN 16571:2014-10EN 16571:2014(E)5 Foreword This document (EN 16571:2014) has been prepared by Technical Committee CEN/TC 225 “AIDC technologies”, the secretariat of which i
40、s held by NEN. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by December 2014, and conflicting national standards shall be withdrawn at the latest by December 2014. Attention is drawn to the possib
41、ility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. This document has been prepared under a mandate given to CEN by the European Commission and the European Free Trade As
42、sociation. This European Standard is one of a series of related deliverables, which together comprise M/436 Phase 2. The other deliverables are: EN 16570, Information technology Notification of RFID The information sign and additional information to be provided by operators of RFID application syste
43、ms; EN 16656, Information technology Radio frequency identification for item management RFID Emblem (ISO/IEC 29160:2012, modified); CEN/TR 16669, Information technology Device interface to support ISO/IEC 18000-3; CEN/TR 16670, Information technology RFID threat and vulnerability analysis; CEN/TR 16
44、671, Information technology Authorisation of mobile phones when used as RFID interrogators; CEN/TR 16672, Information technology Privacy capability features of current RFID technologies; CEN/TR 166731), Information technology RFID privacy impact assessment analysis for specific sectors; CEN/TR 16674
45、, Information technology Analysis of privacy impact assessment methodologies relevant to RFID; CEN/TR 166842), Information technology Notification of RFID Additional information to be provided by operators; CEN/TS 16685, Information technology Notification of RFID The information sign to be displaye
46、d in areas where RFID interrogators are deployed. According to the CEN/CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland,
47、Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. 1) CEN/TR 16673 contains practical ex
48、amples of PIA systems. 2) CEN/TR 16684 contains practical examples of notification signage systems. DIN EN 16571:2014-10 EN 16571:2014(E)6 Introduction In response to the growing deployment of RFID systems in Europe, the European Commission published in 2007 the Communication COM (2007) 96 RFID in Europe: steps towards a policy framework. This Communication proposed steps which needed to be taken to reduce barriers to adoption of RFID whilst respecting the basic legal framework sa
