Corporate Privacy and Information Technology: the Case of RFID
Corporate Privacy and Information Technology: the Case of RFID
Goizueta Business School,
Like every new information technology, Radio Frequency identification (RFID) has security
issues that could jeopardize corporate privacy. This paper explores the concept of corporate
privacy by looking at both the development of the philosophical concept of (individual) privacy
and the legal framework that governs corporate privacy. Further, it discusses the general
requirements of corporate privacy: protecting economically valuable information and instituting
appropriate security measures. The research model links Information Technology capabilities and
security issues with corporate privacy risks. It yields four important findings. As expected, the
perceived benefits of a new Information technology stem from the economic value of the gathered
information. However, there are three distinct factors that not only affect cost, but also that can
completely diminish the benefits. First, there are actual costs that derive from implementing the
different security measures. Second, competitors can gain profits from information that is
unprotected, which can harm the adopter’s competitive position and thus can be interpreted as
cost for the adopter. Third and most importantly, the introduction of unsecured information
technology can threaten corporate privacy. If the measures to protect data are not appropriate,
the information can be considered public and thus can be legally exploited by every entity that
that chooses to do so.
Keywords: Corporate Privacy, Economic value of information, IT security, RFID
The inevitable inclusion of Radio Frequency Identification technology (RFID)
into consumer goods has triggered a public discussion about its impact on consumer
privacy. Even though RFID is only in its test phase in the end consumer market (for
example, in the German Metro chain’s Future Store), many industry analysts have
voiced concerns over potential privacy intrusions (News.au.com, 2004). Opponents
argue that consumer data can now be collected anywhere, as long as the RFID tags are
not disabled after purchase. Without regulation or industry guidelines in place,
consumer advocates paint a grim picture in which personal consumer information
would be transmitted outside of the home and could be collected and exploited by
anyone who has a mobile transceiver (Schwartz, 2004). Although many of the
assumptions regarding the capabilities of RFID are exaggerated, companies should be
well aware of consumers’ fears for at least two important reasons. First, alarmed
consumers will take their business elsewhere, which will harm the sales of innovative
companies that introduce RFID. Second, and even more importantly, companies should
be aware that RFID tags might provide real-time information about product flows not
only to the designated company server but also to tech-savvy competitors. In other
words, the former is a concern regarding consumer privacy, while the latter regards
corporate privacy. In this paper, I explore the notion of corporate privacy in general
and, more specifically, how it will change with the introduction of RFID .
Like every new information technology, RFID has security issues that can
potentially jeopardize corporate privacy. The first part of this paper explores the
concept of corporate privacy by looking at both the development of the philosophical
concept of (individual) privacy and the legal framework that governs corporate privacy.
Further, the general requirements of corporate privacy–-economic value of information
and reasonable security measures—are introduced. In addition, the theoretical
framework and the historical practice of data protection are discussed in order to show
how capabilities of emerging technologies have influenced both the view and the
practice of corporate privacy.
The second part of the paper introduces RFID. After reviewing the basic
architecture of the technology, I point out security flaws that can threaten corporate
privacy. Further, I introduce the benefits of RFID, such as the kind of information that
can be gathered, and I weigh them against potential privacy threats. Those privacy
threats are then exemplified through privacy scenarios at different points in a supply
The last part of the paper introduces a theoretical model that links Information
Technology capabilities and security issues with corporate privacy risks. Moreover, the
assumptions and limitations of this model are discussed in order to provide an outlook
for future research. Overall, the paper’s analyses can be used to evaluate the impact of
corporate privacy risks on the adoption of new information technology. This paper
makes three important contributions to the existing literature. First, it defines the
concept of and specifies requirements and limitations for corporate privacy. Second, it
shows how RFID technology currently does not provide reasonable security measures
and thus compromises corporate privacy. Finally, it shows that RFID adoption
decisions are impacted by privacy risks that might even prevent its adoption altogether.
The Concept of Corporate Privacy
A conception of corporate privacy originates from universally accepted
notions of individual privacy. As early as 1890, Warren and Brandeis defined privacy
in legal terms as “the right [of individuals] to be left alone.” This early definition is
only concerned with the physical dimension of privacy: the protection of personal
space from others. Westin, a human rights activist, extended the term “privacy” in his
1966 definition: “Privacy is the claim of individuals, groups, or institutions to
determine for themselves when, how, and to what extent information about them is
communicated to others” (Westin 1966, p.7). His definition has two major
implications. Westin acknowledges that privacy is not only an individual right, but
also applies to institutions such as corporations. Further, the definition extends
privacy from the purely physical to informational; the idea of privacy thus extends to
personal/proprietary information and the control of its dissemination. Privacy, then,
has two basic dimensions: physical privacy and information privacy (Culnan, 1993).
In the past, the main body of the privacy law was phrased in terms of an
individual person's rights. However, businesses have rights analogous to the
individual’s right of privacy, which are stipulated in different laws. Trademark law
holds that a business can own a product name and prevent others from using the
same name, at least in the owner's territory. However, until 1996, the law did not
explicitly prohibit the unwanted dissemination of corporate information. Laws such
as the Interstate Transportation Act, the Mail Fraud Act or the Fraud by Wire Act
were applied to the proprietary information of companies, although they were
originally written for the protection of tangible goods (Department of Justice, 2001).
The Economic Espionage Act of 1996 (EEA) closed that gap by explicitly protecting
corporate information. The EEA is the first law that defines corporate information as
property of the corporation that is protected. As such, corporate privacy—defined as
control over access to and dissemination of economically valuable and secured
corporate information—is explicitly protected by U.S. law.
Westin (1966), however, also acknowledges limits to the claim of privacy. First,
privacy is not an absolute right. If privacy claims conflict with higher interests of the
community or society, privacy rights might have to be conceded. Laws usually govern
those exceptions to privacy. For example, an individual may not claim the solitude of
his or her home if a judge has signed a search warrant. While this exemplifies the lawful
intrusion of physical privacy, information privacy can also be limited. Although a social
security number constitutes personal information that is specific to an individual, an
employee has to provide his or her social security number to the employer so he or she
can pay benefits to the state. As such, the employee is not only forced to provide
personal information to a single party, but also has this personal information
disseminated to a third party (the state) for a higher purpose (social security of the labor
force). In sum, individual privacy is a relative right that concerns the protection of and
dissemination of personal information.
The same is true for corporate privacy. It is also a relative right that is governed
by the interests of the society and its stakeholders. The right of the investors and the
government to gain access to this proprietary information is another limit of corporate
privacy. The most important regulation for publicly traded companies is the mandatory
disclosure of periodical financial information. The disclosure system administered by
the U.S. Security and Exchange commission (SEC) was created specifically to serve the
information needs of stakeholders that are outside of the company. The basic objective
of the law is to “require that investors receive financial and other significant
information concerning securities being offered for public sale” (Securities Exchange
Commission, 2004). However, since all public companies are required to publish this
financial information, it is not a competitive disadvantage. With only a few limits to
corporate privacy, from a legal perspective companies are able to control the provision
and the dissemination of proprietary information, giving each company a high degree
of corporate privacy. The protection of corporate privacy that the law provides,
however, is only granted if the information meets certain requirements: it must have
independent economic value, and it must be protected by reasonable security measures.
Information has economic value if rents can be appropriated from its use. The
economic value of information derives from two attributes. First, the creation of
information requires financial and human resources to gather and record which incurs
cost. Further, knowledge has to be private in order to be economically valuable. It has
been suggested that firms have strong incentives to protect proprietary information in
order to exploit its economic value by disguising or distorting the information and by
disconnecting it from its context (Williamson, 1979). There are several reasons for this
behavior. First, there is the threat that competitors use proprietary information to
diminish a company’s competitive advantage. This information can range across all
capabilities of a firm. The publication of an internal telephone directory, for example,
yields the risk of recruiters contacting key personnel and luring them away to
competitors. In addition, competitors can use the disclosure of procurement data to
pressure their own suppliers to lower prices or to switch to the same supplier to
increase profits. Second, there might be a conflict of interest between stakeholders. The
company management might want to pursue a strategic course that is different from the
shareholders’ preferred strategy and thus may not want to release information about a
recent acquisition. Similarly, a company might want to hide profits in order to pay
lower taxes to the government. While these are not transparent and fair business
practices, they are nonetheless realistic reasons for management to protect corporate
Although there are different strategic advantages to corporate privacy, the
benefit of corporate privacy depends on the type of knowledge it protects. In general,
knowledge is embodied in the employees and the resulting knowledge products such as
plans or patterns (Cheung, 1982). If knowledge is only existent in the employees and is
not recorded, then it is tacit. In order to obtain this knowledge, a company has to recruit
a competitor’s employee. Codified knowledge, on the other hand, can be recorded.
Thus, it can easily be duplicated or transmitted. As such, codified knowledge improves
the knowledge transfer within a company but also increases the likelihood that
economically valuable information is leaked outside of the corporation. In order to
prevent leakage, the information has to be protected from unauthorized access. Besides
having independent economic value, information also needs to be stored in a secure
way. Information should be stored and transferred so that it remains private and
confidential. Apart from the threat of leakage of information from the inside of the
corporation, there is also the threat of outside attacks. Liebeskind (1997) notes that
structural isolation can protect the corporate environment from outside attacks. The
extreme case of structural isolation is geographic isolation. Building a research institute
in a remote area with no public access roads hinders outsiders to access or even to
locate corporate knowledge bases. Still, such isolation might not be feasible either, given
that employees are more likely to want to live within the corporate area and not to
commute long hours to reach their workplace. A more viable protection can be gained
from secure perimeters. Security devices can vary from simple fences to security
architecture that resembles that of military bases.
Overall, it becomes clear that companies must employ new security measures
that use the specific qualities of new technologies. Thus, only if security mechanisms are
embedded in the technology a company adopts can it protect its corporate privacy. This
also applies to RFID, which is the subject of the next section. After a brief introduction
to the technology, security issues of the technology are discussed.
Technology Evaluation of RFID
In order to evaluate RFID in terms of corporate privacy, I will focus on three
aspects of the technology. First, the RFID architecture is briefly discussed to understand
the basic functionality and potential security flaws. Thereafter, the capabilities and
benefits are introduced in order to comprehend the nature of the information that can
be gathered across a generic supply chain. Finally, I discuss the security flaws and
Radio Frequency Identification (RFID) systems are comprised of three main
components: the RFID tag, or transponder, which is located on the object to be
identified and is the data carrier in the RFID system; the RFID reader, or transceiver,
which may be able to both read data from and write data to a transponder; and the
data-processing subsystem that utilizes the data obtained from the transceiver in some
useful manner. The basic components of an RFID system combine in the same manner
for all applications and variations of RFID systems. All objects to be identified are
physically tagged with transponders. Transceivers are placed to interrogate tags where
their data is required. In sum, the transceivers and transponders provide the
mechanism for obtaining data (and storing data in the case of writable tags) associated
with physical objects. Today, passive RFID tags are the most widely used. Although
their performance in terms of readability is, lower than that of active tags, their
affordability makes them the prominent choice for current business applications.
The Auto-ID Center, a research center associated with MIT, has developed and
implemented a system that enables all physical objects to be connected in real-time to
the Internet by attaching an RFID tag to the object (Sarma, 1999). Given the constraints
of passive tags, the system minimizes the functionality on the tag by moving that
functionality to the network. The four key components of this system are the Electronic
Product Code (EPC), the Object Name Service (ONS), the Savant, and the RFID
transponders. The Electronic Product Code (EPC) is an identification scheme designed
to enable the unique identification of all physical objects. On passive RFID tags, the EPC
is stored on 96 bits and contain header, manufacturer, product and serial information.
The EPC acts like a trigger to the information stored in the network. The Object Name
Service (ONS) is a directory service that maps the EPC to an IP (Internet Protocol)
address where information about the associated object can be written and/or accessed.
The ONS is based entirely on the Domain Name Service (DNS) to map a domain name
to an IP address. The ONS reduces the burden on the transponders because it reduces
the memory and power requirements on the tag and thus minimizes the footprint of the
tag’s microchip, reducing the cost of the transponder. In addition, it protects most of the
economically valuable information that is linked to the product via the RFID tag. Thus,
through the complementary tag design and architecture, security protection does not
necessarily have to focus on the tag itself in order to protect information. The last
component, the Savant system, is concerned with the security of the network. It
provides automated control functionality and manages the large volumes of data
generated by the RFID readers. A Savant makes possible the creation of a reader
network by acting as a gateway to the next highest level in the Savant hierarchy,
effectively isolating the reader’s sub-network. The use of Savants enables distributed
security by providing convenient points for network isolation. The Savant network
further reduces the burden on the tags by reducing the memory and power
requirements on them, so transferring the computationally intensive functionality to a
powered system. Thus, the RFID architecture corresponds to the ISO OSI reference
model of network architecture. The tags and the readers are the physical layer, which is
the lowest layer in the model. The EPC code corresponds to the data-link layer, which is
responsible for proper communication between the readers and the tags. The next layer
in the ISO OSI model, the network layer, defines the standards of network
communications. The Savant serves this purpose by gathering the EPC and sending
them to the ONS. For purposes of this paper, I will restrict the discussion to those three
layers, since the TCP/IP (transport) and the ONS layers are duplicates of the Internet
architecture and thus are not RFID-specific. Figure 2 gives an overview over the
classification of the RFID architecture.
In theory, the OSI model warrants security of information transfer between the
different layers. As such, the separation of product code and product information seems
to be the most economical solution that ensures protection of the data. Although this
solution might be the most cost-effective, it creates security issues that derive from the
architecture of the physical layer. The following section will first identify the
capabilities and benefits of RFID and then focus on potential corporate privacy threats.
Capabilities and Benefits
The main capabilities of RFID are increased reader accuracy, the ability to gather
information at new points in the supply chain, and new methods of collaborative
sharing of information between different supply chain levels. Increased accuracy is
mainly achieved through the replacement of bar codes with RFID tags. Instead of
manual or semi-automatic scanning of bar codes, information that is contained on RFID
tags can be read without a line of sight. Thus, information can be gathered simply by
passing through a checkpoint. Further, items can be read simultaneously, which allows
unparalleled amounts of information to be read.
The business benefits of RFID follow the categorization of Dehning et al. (2003).
According to their IT strategic role construct, main benefits of IT are the automation of
business processes, information gathering, and transformation of business processes.
Automation usually replaces manual labor and thus provides timesaving and reduced
labor costs. Faster and more accurate reading of product information is the best
example for this benefit. Information benefits constitute better information distribution
throughout a company or supply chain. While RFID tags by themselves cannot provide
this benefit, a network infrastructure (such as EDI that transmits the information
gathered through the serialization of RFID tagged products) can provide this benefit. If,
for example, there is a need to track down a particular case or pallet of items that might
have been damaged during the packaging process, a quality manager can simply find
out the location in real-time on the network instead of waiting for a time- consuming
inventory count in physical locations. The ultimate strategic role of an information
technology is to transform a single business or an entire industry. In the coming years,
RFID can potentially provide this benefit by enabling new processes or new
collaborative information networks within the supply chain.
Security Flaws and Potential Solutions
As described in the previous sections, there are three general situations in which
data can potentially be unprotected: while being stored on the tag; while being stored in
the connected database; or while being transmitted between the two, which
corresponds to the first three layers of the OSI model. Unfortunately, current RFID tags,
being part of the physical layer, do not have secure protection. They, and the
information contained on them, can be altered and modified, which might lead to
unauthorized access of proprietary data. The first possible alteration of RFID tags is
physical attacks. However, physical alteration tends to demand time-consuming
techniques such as laser etching, and such techniques usually require a laboratory
setting and cannot be carried out unnoticed in public, e.g., in a store where merchandise
is tagged. Thus, there is no action necessary by the retailer except for looking out for
suspicious activity in a store.
Data can also be obtained during the transmission of the data between tag and
reader. It has been hypothesized that readers could be placed outside the property lines
of a warehouse or store. Weis et al. (2003) suggest two preventive measures to block
reading from far range. The first measure is to limit the sending signal range or
backward channel of the tag, which allows only short range. The second measure is to
install blockers or signal jammers that create a frequency firewall around the company’s
property. While those measures might prevent long-range access, short-range access is
still a major threat. To address this problem, Weis et al. (2003) suggest the
implementation of a hash function. The hash is a random encryption of the tag’s
MetaID. Once the MetaID has been assigned, it is encrypted and sent to the reader.
Upon the sending of the hash, the tag enters a locked state and responds to queries from
readers only with its MetaID. Only if the correct hash key is transmitted to the tag will it
unlock itself. The authors claim that this method only requires the implementation of
the hashing capability on the tag, which requires minimum storage space and thus
might soon be economical. The last possible point of vulnerability is the product
information database. With a whole supply chain connected to a central database,
chances are that there might be security leaks at the connected locations. There has to be
an access management in place that regulates which supply chain partner can access
different types of information. The main problem with such a data management system
involves network control and ownership of the information. Nonetheless, for purposes
of this paper I will assume that the network architecture is secured through the Savant
system and traditional security systems such as firewalls.
To bolster the Savant security, companies should install additional monitoring
mechanisms for possible intrusions. One possibility is reading detectors that can filter
out requests by unauthorized readers. Those detectors could also monitor the signal
strengths in order to determine if the reading was attempted by an unauthorized long-
range reader. Further, tags should incorporate a warning feature that alarms the system
if any attempts to alter, disable or remove the tags occur. Overall, several known RFID-
technology security issues must be addressed. There is a need to implement security
and monitor mechanisms to protect information that has been gathered and transmitted
through RFID. While security solutions only exist in theory, the Savant system is
comparatively a thoughtfully designed protection that seems rather easy to implement.
The protection of the RFID tags, on the other hand requires considerable work by the
tag manufacturers. The next section of this paper discusses how these security issues of
this technology could influence corporate privacy and how competitors might take
advantage of them at different stages of a supply chain.
Unauthorized readers may compromise corporate privacy by accessing
tags that lack adequate access control. Without access control, a third party could just
use a mobile reader and scan product flows. This section introduces privacy scenarios
for individual participants as well as for the supply chain as a whole and will describe
selected scenarios of how a competitor could take advantage of gathered information. .
It is safe to assume that at a factory and the respective warehouse there is no
physical access for third parties. Thus, information such as material flows or location
data cannot be gathered using a mobile reader inside the manufacturing location. Still,
there is a danger of long-range reading; and assuming that no preventive measures
against outside attacks such as a signal blocker are in place, a competitor might yet
extract valuable information. While a competitor cannot read actual assembly flows
within a factory, she might be able to read the stock levels of both incoming raw
materials and finished goods. With this information, a competitor can not only monitor
the current production schedule but also estimate current and future orders for
particular products. Armed thus, the competitor could change its own strategy either by
producing directly competitive goods or by focusing on different products that are not
currently in stock in order to avoid direct competition.
Transport / distribution centers
During transport, there is no secure perimeter. Unless trucks are equipped with
local blockers or are made of signal blocking materials, competitors with mobile readers
can track truckloads. As with the factory warehouse, products in distribution can also
be read from the outside. While it might appear that only stock-level information is at
stake at this stage of the supply chain, there is another privacy threat that arises from
the transport of good marked with distribution center data: destination information.
Through an analysis of product movement through a country and the stock levels of
local distribution centers, market data can be gathered. If, for example, a certain product
is shipped only to a single region, a competitor can assume that there is a particular
demand in this region and thus can adjust his/her own distribution strategy.
Although competitors can browse through competitors’ shelves while
pretending to be customers, the results of the data collection using RFID would differ
both in quality and in scale. Before the introduction of RFID, the spy would have to go
through shelves and would have to approximate the number of items in store. Using
RFID, he/she would simply walk through the store and analyze all SKUs that are
equipped with RFID tags. Although the data only consists of EPC codes and not of
pricing or status data, it would only be a matter of time to match a product with an EPC
code family. Assuming that individual items, and not only pallets and cases, are tagged,
even more crucial information could be gathered. If every product can be uniquely
identified, frequent scans could precisely monitor the product flow of individual
products within the store. Information could be dated and matched to location. A
possible product flow log could read as follows:
Product XYZ arrived in a delivery truck on Monday at 10 a.m. and was then moved
to the warehouse. At 2 p.m., it was shelved in the store. XYZ was bought on Tuesday at 8
p.m. (item outside of reader range).
That way, a competitor would get a good idea about the product flows and
product turnover of a particular retailer.
In addition to product information, other types of RFID-encoded information
might also be unsecured. Retailers are also toying with the idea of implementing RFID
tags into customer loyalty cards to ease the checkout process. Again, the customer
information is stored in a central database and is only triggered by the unique
identification number on the tag. Nonetheless, accessing the information could give
competitors clues about purchase patterns and consumer behavior within the store that
could be the basis of specific target marketing. Further, there are already applications
that use RFID tags to identify employees. Although employee location data might be
useful knowledge to assess workflows, access to the identification data might be more
valuable to competitors. With the data, competitors can try to spoof an ID tag and thus
gain access to insider information.
There are also other security flaws that do not threaten corporate privacy directly
but that could disrupt the operations of businesses. For example, in addition to threats
of passive eavesdropping and tracking, an infrastructure dependent on RFID tags may
be susceptible to denial of service attacks. Saboteurs could disrupt supply chains by
disabling or corrupting a large batch of tags. Moreover, thieves could rewrite or replace
tags on expensive items with spoofed data from cheaper items. Overall, the premature
introduction of the still-imperfect RFID technology poses considerable risks to
businesses. In the next section of this paper, I formulate propositions that identify those
elements that influence the components of corporate privacy and then propose an
adoption model for RFID that incorporates corporate privacy.
RFID and Corporate Privacy
The prior discussion has shown that the construct of corporate privacy has two
dimensions: the value of the information and the security measures taken to protect it.
Several factors determine the value of information that can be gathered through RFID.
From an economics perspective, information is valuable if it is complete (Lawrence
1999, p.26). Completeness of information is achieved if there is no uncertain decision
parameter. The economic concept the value of information is closely related to the
quality-of-information discussion of the Information Systems literature. Instead of
abstract descriptions of completeness, the discussion identifies information attributes
that can measure its quality. Based on DeLone and McLean’s (1992) model, Seddon
(1997) has identified three major attributes of information that contribute to data or
information quality: accuracy, timeliness, and relevance of information. Whereas the
first two attributes are directly derived from the information-gathering-technology
capability, the latter depends on the data-processing capabilities of both the decision
support system and the decision maker.
Traditionally, accuracy refers to the degree to which the reported value is in
conformance with the actual or true value (DeLeon and McLean 1992). Thus, accuracy is
one of the dimensions of data quality since it improves the value of information (Hilton
1981). Through the automated reading of inventory, for example, constant counts and
recounts can take place in order to know the exact number of units in single location.
Accuracy is further improved with the depth of RFID tagging. If only pallets are tagged,
the information does not have to be accurate since the cases or items on the palette
might have been rearranged or restocked at different times in the supply chain. Only if
individual items are tagged can the product distribution be accurately read. The last
aspect of information accuracy depends on the depth of the reader network. If only a
single location is equipped with readers, only static information such as stock levels can
be gathered. However, if there is a network of readers through out different locations of
the supply chain the actual product flow can be monitored and potential problems be
identified more easily. Proposition 1a summarizes the impact of information accuracy
on the adopter’s economic value of information:
Proposition 1a: Higher accuracy of information increases the information quality for the adopter.
Another attribute of the information gathered with RFID is the timeliness of the
information, which is defined as the “[t]he availability of the output information at a
time suitable for its use” (Bailey 1983, p. 541). If there is a reader network in place that
continuously updates information and if this information is available to decision
makers, there is virtually no delay in the transmission of the information. Thus, the
information gathered through is more valuable because managers can make decisions
based on real-time data. If for example a product is missing at a distribution center, it
can be immediately reordered in order to minimize the disruption of the product flow.
Further, damaged items can be located faster, which minimizes cost of manual searches.
The impact of timeliness of information is summarized in proposition 1b.
Proposition 1b: Higher timeliness of information increases the information quality for the
The third information attribute that influences the economic value of the
information is the relevance of the data. Although there is a good chance that the
information gathered from RFID is useful for the adopter, there might be an
information risk. Smith et al. (2001) and Peladeau (1995) have pointed out that the
collection of too much information as well as keeping of unneeded and outdated
material decrease the usefulness of information and thus the productivity of the
adopting entity. Moreover, there is a chance that information is misinterpreted
(Marshall et. al 1996) which can also decrease the original value of information. Since
both of these problems are caused by the cognitive boundaries of the deciding
individual, a potential remedy for reestablishing the value of information is to
implement a decision support system that can automatically analyze vast amounts of
data. Proposition 1c
Proposition 1c: Higher relevance of information increases the information quality for the adopter.
The prior propositions have summarized the impact of the RFID inherent
technology capabilities on information quality. However, information quality does not
necessarily translate into economic value for the organization. Economic value is only
created if better business decisions are made based on the gathered information.
Raghunathan (1999) proposed that decision quality is a result of both information
quality and quality of the decision maker or the decision making progress. Tallon et al.
(2000) also recognized that the management practices moderate the effect of
Information Technology on the created business value. The economic value of the
information gathered with RFID will also be dependent on the quality on the decision
process, since the information can only be a trigger for the management’s decision to
restock items or to implement new business policies. Although the quality of the
decision process is not the focus of this paper, it has to be included in the research
model, since it provides the causal link between information quality and current or
future economic value of the information.
Proposition 2: Higher quality of the decision-making process increases the adopter’s economic
value of the gathered information.
Reasonable measures to secure information are the second dimension of
corporate privacy. The security of the information depends on where the information is
stored and how this storage area is protected. First the, general location has to be
protected. In order to alter RFID tags close range proximity is necessary. Thus, physical
access to the company grounds has to be controlled. If the tags are physically secured
the information cannot be altered through spoofing or etching techniques, providing
basic security. The second level of security would be to prevent access to the tag reader
communications. Possible measures are blocker tags (for specific protection) or Faraday
cages (for structural isolation) (Juels et al. 2003). Such security measures that are not
technology inherent provide one dimension of security. As discussed before, the
physical layer of the RFID infrastructure is the most vulnerable to unauthorized access.
Consequences of this access include manipulation of data and denial of service. Because
there are numerous ways to obtain or manipulate the data that is stored at the physical
layer of the RFID architecture, there is a probability that information can be leaked
outside the company or supply chain. Higher-level layers, such as databases and those
levels that are protected through the Savant layer, are at a substantially lower security
risk. This is because the network architecture is similar to existing technologies such as
the Internet where the main security issues and protection mechanisms are already
standard procedure. Thus, security is also a function of the storage device. The last
security issue considered here is the supply chain length. With more partners and
locations involved, the probability increases that inadequate security measures are in
place at some point in the supply chain. One unsecured warehouse or an unconcerned
handling of access information by an employee can jeopardize the security of the
product flow information. In addition, there might be a conflicted-interest motivation
for a supplier supplying different customers; such a supplier could provide access to
competitors’ information networks. The effect of peripheral security measures, level of
network layer and supply chain length are summarized in the next set of propositions.
Proposition 3a: The higher peripheral security measures the higher the information security.
Proposition 3b: The higher the layer of the architecture on which information is stored the higher
the information security.
Proposition 3c: The higher the number of linked supply-chain participants on the lower the
With the two factors of corporate privacy identified—the economic value of the
information and the security of the device where this information is stored—we can
explore different levels of corporate privacy risk. If, for example, highly valuable
information is stored on the highly unsecured tags, then corporate privacy risk is the
highest because competitors can access and exploit this information relatively easily.
Yet, if both the security risk and the economic value are low, there is hardly any
corporate privacy risk. Thus, the more information available through the introduction
of RFID and the less security on the storage devices, the more corporate privacy can be
compromised. Table 1 below summarizes this relationship, while Proposition 4
summarizes the impact of the two dimensions.
Proposition 4: Higher probability of unauthorized access and higher economic value of the
information increases the corporate privacy risk
Economic Value of Information
Low Corporate Privacy Risk Medium Corporate Privacy Risk
High Medium Corporate Privacy Risk High Corporate Privacy Risk
Source: Aubert et al. 1998
Apart from the adopter’s economic value, the attributes of information gathered
through RFID are also attractive for competitors. Increased accuracy, timeliness and
relevance of the information can potentially increase the information quality on which a
competitor bases her decision. Nonetheless, as an outsider, she will only have restricted
access to the information sources. As discussed before, information that is gathered
from a single source can only provide limited benefits to competitors since such a
snapshot does not provide product flow information but mainly location and stock level
data. If, on the other hand, the whole supply chain is connected through a RFID
network, valuable information can be extracted, such as procurement or distribution
strategies that a competitor could exploit. The location of the RFID deployment within
the supply chain also determines the quality and thus the value of the information for
the competitor. At the manufacturer, only quantities of materials and products can be
observed while destination information and order quantities from specific customers
remain unknown. The closer the product moves to the consumer, the better the
destination information becomes. With information that is more complete a competitor
can better adjust its strategy.
Nonetheless, there is a tradeoff between the completeness of the information and
the time to react to new information (Ballou et al. 1995). If information is gathered at an
early stage in the supply chain, competitors have more time to adjust their strategy,
while at a late stage in the supply chain, only tactical adjustments can be made. Further,
the information quality is determined by the granularity of the tagging. If only pallets
are tagged, only a small amount of information can be gathered. If, however, individual
items are equipped with RFID, the information is more accurate. Besides the fact that
the type of information gathered has to fit the information her information needs, the
competitor also has to be able to process the gathered information. Like the adopter,
only a high quality decision-making process will yield economic value of the
information. In summary, the competitor does not automatically benefit from the fact
that information is available to her. The next proposition summarizes this relationship.
Proposition 5a: Better fit of the gathered information increases the competitor’s
economic value of the gathered information.
Proposition5b: Higher decision-making process quality increases the competitor’s economic value
of the gathered information.
With all the propositions in place that take the dimensions of corporate privacy
into account, an Information Technology evaluation paints an interesting picture. As
expected, the perceived benefits of a new Information Technology stem from the
economic value of the gathered information. However, there are three distinct factors
that not only result in cost, but also that can also completely diminish the benefits. First,
there are actual costs that derive from implementing the different security measures
that can be calculated before an actual adoption. Second, competitors can gain profits
from information that is not protected by the adopter, which can harm the adopter’s
competitive position and thus can be interpreted as cost for the adopter. Third and most
importantly, the introduction of unsecured information technology can threaten
corporate privacy. If the measures to protect data are not appropriate, the information
can be considered public and thus not only be exploited by a technology savvy
competitor, but by every entity that that chooses to do so. Figure 2 summarizes the
complete research model.
Figure 2 Research Model
Information attributes Security attributes
P1a: + P3a: +
Accuracy of information Security of technology layer
P1b: + P3b: +
Timeliness of information Security of physical access
P1c: + P3c: +
Relevance of information Supply chain security
Competitor’s quality of + organizational
decision process attributes
+ P2: + Adopter’s quality of
Information fit decision process
Competitor’s Adopter’s P4: -
Value of Value of + Corporate
Information Information Privacy Risk
Perceived Benefits Perceived Cost
Looking ahead, this evaluative model could be included in existing technology
adoption models. Chwelos et al. (2001) have modified the Technology Adoption Model
(TAM, Davis 1986, 1989) in order to explain the technology acceptance behavior of
organizations. In the context of EDI adoption, he developed three constructs that
explain the adoption of EDI: readiness, perceived benefits and external pressure.
Perceived benefits are the direct and indirect benefits that an organization hopes to
realize with the adoption of a technology. Direct benefits are cost- and time-savings that
arise from technology capabilities. In the context of RFID, those economic benefits of a
successful implementation would be automated data entry (error free) and
corresponding reduction of time and labor costs, better theft protection of the inventory
as well the reduction of under and overstocking costs. Indirect effects are defined as
opportunities that arise from a technology implementation. The implementation of
RFID can yield such effects, in the form of better system utilization and better data
management as well as better coordination of in store marketing activities.
Further, assuming that the RFID tags communicate the status of perishable
goods, automated dynamic pricing could be employed to discount those items before
they are spoiled. Moreover, there are benefits that arise from collaborative information
sharing across the supply chain. However, these perceived benefits identified in the
Chwelos model are only one side of the coin. The model fails to incorporate potential
costs and risks associated with the adoption of a new technology. It is exactly this gap of
the adoption model that the developed research model can fill. The costs of
unauthorized access to a company’s information are often neglected because they do
not arise until proprietary information is disseminated. Moreover, those costs are hard
to quantify because information as such does not have a set value. The value of the
information depends on who obtains the data and how it is used. In the context of
technology adoption, those costs are a direct function of the security flaws of a
technology. As described in the previous sections, RFID is still an imperfect technology.
Tags and readers are not secure and can provide unauthorized access to product,
customer and employee information. Any unauthorized access to stored or intercepted
data facilitated by flawed technology will decrease the perceived benefits of RFID.
Proprietary data provides a competitive advantage and thus needs to be
protected. This paper has defined corporate privacy as control over access to and
dissemination of corporate information and has emphasized the requirements that
businesses have to fulfill in order to have corporate information legally protected. The
requirements for legal protection of corporate privacy are economic value of
information and reasonable measures to protect this information. The paper made the
case that—through increased accuracy, timeliness and relevance of information that is
gathered through RFID information—the quality of that information is increased. This
corresponds to the economic value of the information if an adequate decision-making
process accompanies it. Further, the security of the current RFID architecture has been
reviewed and reasonable measures to patch security flaws have been proposed. While
the database of product information is secure through the implementation of the Savant
layer, RFID tags themselves are currently a security risk, even though there are already
theoretical solutions to this problem. As such, the introduction of the current RFID
technology can seriously compromise corporate privacy. The theoretical model I
propose has two major implications. First, it contributes to theory-building in the IS
field by theorizing how the economic value of information and the security of storage
devices affects corporate privacy. Further, it expands a current technology adoption
model by showing that corporate privacy risks are a cost factor in the technology
adoption decision. The model also suggests a few directions for future research.
First, the introduced model and the included constructs need to be refined and
be tested empirically. In particular, the constructs of economic value of information and
the degree of corporate privacy risk have to be confirmed. It is hard to estimate a
hierarchy of information value. Although it was assumed that location data is less
valuable than product flow data within a retail store, what information is valuable to
which market participants depends on the industry. With such a hierarchy of
information in place, the measure for corporate privacy risk could develop from the
crude measures depicted in Table 1 to a refined scale that can measure the impact on
technology adoption and technology use. Moreover, it would allow for a dynamic
model of technology adoption that could incorporate both improvements in and
increasing familiarity with a new technology into account. Such a longitudinal model of
technology adoption would allow for an analysis of first-mover benefits and costs,
which could result in the optimal point of adoption where the benefits outweigh the
costs and risks of adopting a new technology.
As for methodology, the first step will be to undertake a case study. An
appropriate site would be a company that recently has or will in the near future
introduce RFID to transmit economically valuable information. The target of the first
case study will be the Emory Health Care system. Emory Health Care has already
introduced RFID to track movement and location of medical equipment. Apart from
interviews with the responsible managers to extract the reasoning and considerations
behind the RFID adoption, it will also be a unique site to test the security of the system.
It is assumed that the hospital would welcome such an investigation, since security
breaches not only could reveal corporate information, but also could harm the privacy
of their customers. After this initial case study, health care-specific privacy concerns
will have been identified. To improve the model and the constructs further, those
findings have to be generalized across industries and Information technologies. To
achieve this objective a survey instrument will be developed and sent out to IT
managers in different industries. The last step in the research strategy would be to look
for archival evidence from secondary sources to further improve the model. An
appropriate start would be the analysis of newswire reports that identify security
breaches of information technologies and resulting stock market reactions to attach a
financial value to the loss or compromise of formerly protected corporate information.
Another important issue that needs to be addressed in future research is the
ownership of information. Although current law protects the information of a single
entity, ownership of data gathered throughout a supply chain is uncertain, as is the
question of which entity should have the rights to distribute it. Should the consumer
have the right to own all information that was gathered along the supply chain after he
or she purchased the product? As is suggested in this paper, that information has an
independent economic value, but that would mean that the ownership of the product
does not automatically imply ownership of the product information. This question is
crucial when one considers the competing claims of individual privacy and corporate
privacy. While these questions cannot be answered immediately, this paper suggests a
starting point is to think about technology from the point of view of information value
and furthermore to think about how technology is a means to create and protect such
information. A slightly different approach to information technology privacy would be
technological alignment to needs of stakeholders. This paper discusses the impact of
information technology on only one specific right (privacy) of one specific stakeholder
(corporation). However, as mentioned in the introduction, there are multiple
stakeholders with different rights that can be influenced by technology capabilities and
flaws. As such, technology mechanisms and architectures have to be identified to satisfy
those different needs without compromising the rights of the stakeholders. This paper’s
analysis of contributing factors to adoption decision is only a small piece of the
technological alignment discussion. Nevertheless, it poses a good starting point for
___ "Economic Espionage Act," in: TITLE 18, 1996.
Aubert, B., M. Patry, and Rivard, S. (1998). “Assessing the Risk of IT Outsourcing,”
Proceedings of the 31st Hawaii International Conference on Systems Sciences.
California: IEEE, 685 – 693.
Bailey, J.E., and Pearson, S.W. "Development of a tool for measuring and analyzing
computer user satisfaction," Management Science (29:4), May 1983, pp 530-546.
Ballou, D.P., and Pazer, H.L. "Designing Information Systems to Optimize the
Accuracy-timeliness Tradeoff," Information Systems Research (6:1) 1995, pp 51-73.
Cheung, S. "Property Rights and Trade Secrets," Economic Inquiry (20) 1982, pp 40-53.
Chwelos, P., Benbasat, I., and Dexter, A.S. "Research report: Empirical test of an EDI
adoption model," Information Systems Research (12:3), Sep 2001, pp 304-321.
Culnan, M.J. "How Did They Get My Name - an Exploratory Investigation of Consumer
Attitudes toward Secondary Information Use," MIS Quarterly (17:3), Sep 1993, pp
Culnan, M.J., and Armstrong, P.K. "Information privacy concerns, procedural fairness,
and impersonal trust: An empirical investigation," Organization Science (10:1),
Jan-Feb 1999, pp 104-115.
Davis, F. "Technology Acceptance Model for Empirically Testing New End-User
Information Systems: Theory and Results," Massachusetts Institute of
Technology, Boston, MA, 1986.
Davis, F.D., Bagozzi, R.P., and Warshaw, P.R. "User Acceptance of Computer-
Technology - a Comparison of Two Theoretical-Models," Management Science
(35:8), Aug 1989, pp 982-1003.
Dehning, B., Richardson, V.J., and Zmud, R.W. "The Value Relevance of
Announcements of Transformational Information Technology Investments," MIS
Quarterly (27:4) 2003.
Department of Justice "Theft of Commercial Trade Secrets," in: Computer Crime and
Intellectual Property Section (CCIPS), 2001.
Hilton, R.W. "The determinants of information value: Synthesizing some general
results," Management Science (27:1) 1981, pp 57-64.
Juels, A., Rivest, R.L., and Szydlo, M. "The Blocker Tag: Selective Blocking of RFID Tags
for Consumer Privacy," CCS’03, AMC, Washington, DC, USA, 2003.
Lawrence, D.B. The economic value of information Springer-Verlag, New York, 1999.
Lee, H.G., Clark, T., and Tam, K.Y. "Research report. Can EDI benefit adopters?,"
Information Systems Research (10:2), Jun 1999, pp 186-195.
Lee, H.L., Padmanabhan, V., and Whang, S. "Information distortion in a supply chain:
The bullwhip effect," Management Science (43) 1997, p 546–559.
Liebeskind, J.P. "Keeping Organizational Secrets: Protective Institutional Mechanisms
and their Costs," Industrial and Corporate Change (6) 1997, pp 623-663.
Loch, Karen D.; Carr, Houston H." Threats to information systems: Today's Reality,
Yesterday's Understanding," MIS Quarterly, Jun1992, 16(2), pp173-183
Matsura, J.H. Managing intellectual assets in the digital age Artech House, Boston, MA,
News.au.com "German chain kills RFID plan," 2004.
Pare´, G., and Raymond, L. "Measurement of information technology sophistication in
SMEs," Proc. Admin. Sci. Association of Canada) 1991, p 90–101.
Peladeau, P. “Principles of Personal Data Protection,” Risk Management, 42(12), 1995, pp
35 – 40.
Raghunathan, S. "Impact of information quality and decision-maker quality on decision
quality: a theoretical model and simulation analysis," Decision Support Systems
(26:4), 1999, pp 275-286.
Sarma, S., Ashton, K., and Brock, D. "The Networked Physical World,," in: Technical
Report MIT-AUTOID -WH-001, 1999.
Schwartz, E. "RFID may give "Tag, you're it!" a whole new meaning," in: InfoWorld,
Securities Exchange Comission "How the SEC Protects Investors, Maintains Market
Seddon, P. B. "A Respecification and Extension of the DeLeone and McLean model of IS
success," Information Systems Research (8:3), Sep 1997, pp 240-253
Smith, H. A., Mc,"Keen, J.D., and Staples, D. S. "Risk Management in Information
Systems: Problems and Potential," Communications of AIS (7), August 2001
Tallon, P. P., Kraemer, K.L., and Gurbaxani, V," Executives Perceptions of the Business
Value of Information Technology: A Process-Oriented Approach", Journal of
Management Information Systems (16:4), Spring 2000, pp 145-173.
Venkatesh, V., Morris, M.G., Davis, G.B., and Davis, F.D. "User Acceptance of
Information Technology: Toward a Unified View," MIS Quarterly (27:4) 2003, pp
Warren, and Brandeis "The Right to Privacy," Harvard Law Review (4:5), December 1890,
Weis, S.A., Sarma, S.E., Rivest, R.L., and Engels, D.W. "Security and Privacy Aspects of
Low-Cost Radio Frequency Identification Systems," Laboratory for Computer
Science, Auto-ID Center: Massachusetts Institute of Technology, 2003.
Westin, A.F. Privacy and Freedom Atheneum, New York, 1966.
Williamson, O.E. "Transaction Cost Economics: The Governance of Contractual
Relation," Journal of Law and Economics (22:October) 1979, pp 3-61.