I just read Karen Coyle's analysis of the newly reintroduced RFID bill in California. As always, she makes very good points. The one that most got me thinking was her question as to why a bank account number is considered a personal identifier, but a library card number is not. Think about it: both are unique numbers that get assigned to us as individuals. In fact it may be easier to get your ex-boyfriend's library card number than his bank account number. Once you have that unique identifier embedded in a chip, you're on your way to stalking that special someone with the right equipment and know-how. I saw a demonstration by David Molnar last week -- he showed us the hidden numbers embedded RFID chips in audience members' ID badges. He used an inexpensive reader and a laptop. CHILLING.
As with any statement about what is personally identifiable, however, it comes down to the fact that the right context can link almost any information to you. Your library card number becomes you when combined with the library's patron database. Your credit card number identifies you if one has access to the bank's records. Quibbling over what is and what isn't personally identifiable just doesn't jive with the reality of our data mined world, and it is unclear to me why a bank card number is personally identifiable but a library card number is not (if it isn't, by this definition).
I don't know of any libraries that put patron ID numbers onto RFID chips, but if blog readers are aware of any, please comment.