Washington State

House of Representatives

Office of Program Research

BILL

ANALYSIS

Technology, Energy & Communications Committee

HB 1044

This analysis was prepared by non-partisan legislative staff for the use of legislative members in their deliberations. This analysis is not a part of the legislation nor does it constitute a statement of legislative intent.

Brief Description: Developing state standards for radio frequency identification.

Sponsors: Representatives Morris, Wood, Upthegrove, Chase, Hudgins and Moeller.

Brief Summary of Bill

  • Directs the Information Services Board (Board) to develop privacy standards for state agency use of radio frequency identification (RFID).

  • Requires state agencies deploying RFID to certify to the Department of Information Services their compliance with the Board's privacy standards.

Hearing Date: 1/14/09

Staff: Kara Durbin (786-7133)

Background:

Radio Frequency Identification

Radio Frequency Identification (RFID) is a tagging and tracking technology that uses tiny electronic devices, called tags or chips, that are equipped with antennae. Passive RFID chips receive power from the electromagnetic field emitted by a reader in order to send the information contained on the chip to the reader. Active RFID chips have their own power source. Both active and passive RFID chips uses radio waves to transmit and receive information.

Readers are devices that also have antennae. These reader-antennae receive information from the tag. The information gathered by the reader can be stored or matched to an existing record in a database. Most RFID chips can be read at a distance and often without the knowledge of the person who carries the item containing the RFID chip.

In 2008, the Legislature passed two laws related to RFID. It is a class C felony to either:

(1) scan another person's identification device remotely for the purpose of fraud or identity theft, if accomplished without that person's knowledge and consent; or

(2) read or capture information contained on another person's identification document using radio waves without that person's knowledge or consent.

Federal law does not regulate the use of RFID.

Information Services Board

The Information Services Board (Board) provides authorization and oversight for managing large information technology projects administered by executive branch agency staff. Board members develop state information technology standards, govern acquisitions, review and approve the statewide information technology strategic plans, develop statewide or inter-agency technical policies, and provide oversight on large information technology projects.

Summary of Bill:

The Information Services Board (Board) is required to develop privacy standards for state agencies that use radio frequency identification (RFID) for external or internal purposes.

These privacy standards must ensure that:

(1) An assessment of the impact on privacy and the protection of personal data is conducted prior to acquisition;

(2) Technical and organizational measures are being taken by state agencies to mitigate privacy or data protection risks; and

(3) The type of RFID technology being used has an appropriate level of security for its intended application.

Any state agency intending to deploy RFID for external or internal purposes must certify to the Department of Information Services that the intended use of RFID is in compliance with the most recent privacy standards adopted by the Board.

Appropriation: None.

Fiscal Note: Requested on January 8, 2009.

Effective Date: The bill takes effect 90 days after adjournment of the session in which the bill is passed.