from Cynthia O’Donoghue, Pillsbury Winthrop Shaw Pittman, solicitors

Sir; Dr Hosein’s observations about the data security threat posed by RFID technology (‘RFID spy threat is looming’, The Grocer, August 20, p10) reflect only part of the challenge facing retailers.
Where RFID is used on merchandise, loyalty cards or shopping trolleys that could provide personal information about consumers’ habits, retailers will need to address a number of legal issues on the use of personal data or risk financial penalties.
The European Data Protection Directive applies wherever personal data is processed. Under the terms of the directive, RFID users will need to get the consent of individuals whose personal data they intend to collect.
They will also be required to ensure personal data is kept secure and is not retained for longer than necessary - after all tags can have a lifespan of more than 10 years.
Also, establishing robust security to shield data from third parties is not just a commercial imperative. It is also a legal one.