State Statutes Relating to Radio Frequency Identification (RFID) and Privacy
As of June 18, 2009
Radio Frequency Identification (RFID) technology can be thought of as a next-generation bar code. A simple RFID tag consists of a microchip and antenna, which when stimulated by a remote reader, sends back information via radio waves. The use of RFID has raised privacy concerns in some states, particularly with regard to the potential linking of personal information with RFID tags.
(See also 2008 legislation, 2007 legislation, 2006 legislation, 2005 legislation, and additional background information with 2004 legislation.)
|
State
|
Year Enacted
|
Statutory Citation and Bill Number
|
Prohibits Requiring Implantation of a RFID Microchip
|
Prohibits Unauthorized "Skimming" of RFID in ID Cards
|
Relates to Use of RFID in Driver Licenses or Vehicles
|
Creates Study Commission or Task Force
|
Other
|
|
California
|
2008
|
Cal. Civil Code § 52.7 (S.B. 31)
|
|
X
|
|
|
|
|
California
|
2007
|
Cal. Civil Code §§ 1798.79, 1798.795 (S.B. 362)
|
X
|
|
|
|
|
|
California
|
2005
|
Cal Fin Code §13082 (A.B. 1489)
|
|
|
|
|
Relates to automated teller machines. Requires any technology used, such as RFID, to enables a visually impaired person to access an ATM, to provide the same degree of privacy available to all individuals.
|
|
Michigan
|
2008
|
Mich. Comp. Laws § 28.304, (H.B. 5535)
|
|
|
Provides for an enhanced driver license or state identification card to include RFID technology that is limited to a randomly assigned number which shall be encrypted if agreed to by the department of homeland security. Requires the secretary of state to ensure that the RFID technology is secure from unauthorized data access and includes reasonable security measures to protect against unauthorized disclosure of personal information. An applicant shall be required to sign a declaration acknowledging his or her understanding of the RFID technology before he or she is issued an enhanced driver license or enhanced state ID card.
|
|
|
| Nevada |
2009 |
2009 S.B. 125
(Nev. Rev. Stat. § 205.461 to 205.4675, eff. 10/1/09)
|
|
X |
|
|
Prohibits capturing, storing, or reading information from a person's RFID document for the purpose of knowingly or intentionally committing fraud, identity theft or any other unlawful act, without that person's prior knowledge and consent. An RFID document is a document containing data which is issued to an individual is used alone or in conjunction with any other information for the primary purpose of establishing identity.
|
|
New Hampshire
|
2006
|
H.B. 203
|
|
|
|
Provides for a commission to study the use of RFID in private and public sectors, including its benefits, and potential privacy implications. (Final Report, November 24, 2008)
|
|
|
New Hampshire
|
2006
|
N.H. Rev. Stat. § 236:130 (H.B. 1738)
|
|
|
Prohibits the use of surveillance devices on New Hampshire highways unless authorized by statute or under certain other circumstances.
|
|
|
|
North Dakota
|
2007
|
N.D. Cent. Code, § 12.1-15-06
(S.B. 2415)
|
X
|
|
|
|
|
|
Oklahoma
|
2008
|
Okla. Stat. § 1-1430 (S.B. 47)
|
X
|
|
|
|
|
|
Texas
|
2007
|
Tex. Trans. Code §521.032 (c) (S.B. 11 F)
|
|
|
Requires the Department of Transportation to ensure that any enhanced driver's license or personal identification that includes a radio frequency identification chip or similar technology is encrypted or otherwise secure from unauthorized information access.
Prohibits the sale or disclosure of any information from an enhanced driver's license radio frequency identification chip or similar technology.
|
|
|
|
Vermont
|
2008
|
23 V.S.A. §7
23 V.S.A. §8 (S.B. 358)
|
|
|
Prohibits compiling or maintaining a database of electronically readable information derived from an identification card.
Provides for personal radio frequency identification chip numbers to be given protections as codified in 18 U.S.C. § 2721 et seq. (Drivers Privacy Protection Act).
|
|
|
|
Washington
|
2008
|
Rev. Code Wash. § 9A.58.020 (H.B. 1031)
|
|
X
|
|
|
|
|
Washington
|
2008
|
Rev. Code Wash. §§ 42.56.230(5), 42.56.330(8) (H.B. 2729)
|
|
|
Provides that personally identifying information of persons who acquire and use a driver's license or identicard that includes an RFID chip or similar technology to facilitate border crossing may be disclosed in aggregate form as long as the data does not contain any personally identifying information.
|
|
|
| Washington |
2009 |
HB 1011 - Ch. No. 66 |
|
X |
|
|
Prohibits the scanning of an RFID card by anyone except the business or agency that issued the tag with certain exceptions.
Exceptions: when the scanning is part of a sales transaction initiated by the tag holder; when data is remotely read or stored in the course of an act of good-faith security research, experimentation or scientific inquiry; the use of RFID for triage or medial care in the case of a public disaster; court-ordered electronic monitoring; incarcerated individuals; and the reading of a lost identification document by police. |
|
Wisconsin
|
2006
|
Wis. Stats. § 146.25 (A.B. 290)
|
X
|
|
|
|
|
Contact: Pam Greenberg, NCSL Denver Office, 303-364-7700 ext. 1413, pam.greenberg@ncsl.org
|