Issues & Research » Telecommunications & Information Technology » Radio Frequency Identification (RFID) and Privacy

Go 13442

State Statutes Relating to Radio Frequency Identification (RFID) and Privacy

As of January 14, 2010

Radio Frequency Identification (RFID) technology can be thought of as a next-generation bar code. A simple RFID tag consists of a microchip and antenna, which when stimulated by a remote reader, sends back information via radio waves. The use of RFID has raised privacy concerns in some states, particularly with regard to linking personal information with RFID tags.

(See also 2009 legislation, 2008 legislation, 2007 legislation, 2006 legislation, 2005 legislation, and additional background information with 2004 legislation.)

State	Year Enacted	Statutory Citation and Bill Number	Prohibits Requiring Implantation of a RFID Microchip	Prohibits Unauthorized "Skimming" of RFID in ID Cards	Relates to Use of RFID in Driver's Licenses or Vehicles	Creates Study Commission or Task Force	Other
Arkansas	2009	Ark. Code § 27-16-1206 (H.B. 1308)			Prohibits the Office of Driver Services of the Department of Finance and Administration from including an electronic chip or any type of radio frequency identification (RFID) tag or chip in any driver's license or identification cards.
California	2008	Cal. Civil Code § 52.7 (S.B. 31)	X
California	2007 2009	Cal. Civil Code §§ 1798.79, 1798.795 (2005 S.B. 362 and 2009 S.B. 544)		X
California	2005	Cal. Fin. Code § 13082(a)(2) (A.B. 1489)					Relates to automated teller machines. Requires any technology used, such as RFID, that enables a visually impaired person to access an ATM, to provide the same degree of privacy available to all individuals.
Michigan	2008	Mich. Comp. Laws § 28.304 (H.B. 5535)			Requires an enhanced driver's license or state identification card to include RFID technology, limited to a randomly assigned number that is encrypted, if agreed to by the Department of Homeland Security. Requires the secretary of state to ensure that the RFID technology is secure from unauthorized access and includes reasonable security measures to protect against unauthorized disclosure of personal information. An applicant is required to sign a declaration acknowledging his or her understanding of the RFID technology before he or she is issued an enhanced driver's license or enhanced state ID card.
Nevada	2009	Nev. Rev. Stat. §§ 205.461 to 205.4675 (S.B. 125)		X			Prohibits capturing, storing, or reading information from a person's RFID document for the purpose of knowingly or intentionally committing fraud, identity theft or any other unlawful act, without that person's prior knowledge and consent. An RFID document is a document containing data that are issued to an individual for the primary purpose of establishing identity.
New Hampshire	2006	H.B. 203				Creates a commission to study the use of RFID in the private and public sectors, including its benefits and potential privacy implications. (Final Report, Nov. 24, 2008.)
New Hampshire	2006	N.H. Rev. Stat. § 236:130 (H.B. 1738)			Prohibits the use of surveillance devices on New Hampshire highways unless authorized by statute or under certain circumstances.
North Dakota	2007	N.D. Cent. Code, § 12.1-15-06 (S.B. 2415)	X
Oklahoma	2008	Okla. Stat. § 63-1-1430 (S.B. 47)	X
Rhode Island	2009	2009 H.B. 6094/S.B. 211 Chapter 09-380/09-371					Prohibits the use of RFID for the purpose of tracking the movement or identity of any student on school grounds, at school functions, or while being transported to or from school grounds or school functions.
Texas	2007	Tex. Trans. Code § 521.032 (c) (S.B. 11 F)			Requires the Department of Transportation to ensure that any enhanced driver's license or personal identification that includes a RFID chip or similar technology is encrypted or otherwise secure from unauthorized access. Prohibits the sale or disclosure of any information from an enhanced driver's license RFI chip or similar technology.
Vermont	2008	23 V.S.A. §7 23 V.S.A. §8 (S.B. 358)			Prohibits compiling or maintaining a database of electronically readable information derived from an identification card. Requires personal RFID chip numbers be given protections as codified in 18 U.S.C. § 2721 et seq. (Drivers Privacy Protection Act).
Virginia	2009	Code of Virginia § 46.2-323.01 (S.B. 1046)			States that the Department willl not comply with any federal law or regulation that would require the use any type of computer chip or RFID tag or other similar device on or in a driver.
Washington	2007	Rev. Code Wash. § 46.20.202 (c) (H.B. 1289)			Requires that if an enhanced driver's license or identicard includes a RFID chip, or similar technology, that it be encrypted or otherwise secure from unauthorized access.
Washington	2008	Rev. Code Wash. § 9A.58.020 (H.B. 1031)		X
Washington	2008	Rev. Code Wash. §§ 42.56.230(5), 42.56.330(8) (H.B. 2729)			Requires that personally identifying information on a driver's license or identicard that includes an RFID chip or similar technology (to facilitate border crossings) may be disclosed in aggregate form as long as it does not contain any personally identifying information.
Washington	2009	Rev. Code Wash §§ 19.300.010, 19.300.020, 19.300.030 (HB 1011 - Ch. No. 66)		X			Prohibits the scanning of an RFID card by anyone except the business or agency that issued the tag with the following exceptions: When scanning is part of a sales transaction initiated by the tag holder; when data are remotely read or stored in the course of an act of good-faith security research, experimentation or scientific inquiry; when the use of RFID is for triage or medial care in the case of a public disaster; when a court orders electronic monitoring; when it is used for incarcerated individuals; and when police need to read a lost identification document.
Wisconsin	2006	Wis. Stats. § 146.25 (A.B. 290)	X

Contact: Pam Greenberg, NCSL Denver Office, 303-364-7700 ext. 1413, pam.greenberg@ncsl.org