ISO/IEC TR 24729-4:2009 provides guidance to systems designers to help them determine potential threats to data security of the tag and tag-to-reader communication in an RFID system, and appropriate countermeasures to provide data security. Although important, it is beyond the scope of ISO/IEC TR 24729-4:2009 to address security aspects of the reader-to-host and back-end enterprise modules.

ISO/IEC TR 24729-4:2009 is not intended to specifically address consumer privacy concerns; however, since data and personal privacy depend on the use of appropriate security measures, privacy is addressed in general terms. Data access security provides a measure of personal privacy protection by mitigating the potential for unauthorized reading of data on a tag. However, not all data access security countermeasures provide the same level of protection.