Unfortunately, not very often in the systems to which consumers are likely to be exposed. Anyone with an appropriately equipped scanner and close access to the RFID device can activate it and read its contents. Obviously, some concerns are greater than others. If someone walks by your bag of books from the bookstore with a 13.56 Mhz “sniffer” with an RF field that will activate the RFID devices in the books you bought, that person can get a complete list of what you just bought. That’s certainly an invasion of your privacy, but it could be worse. Another scenario involves a military situation in which the other side scans vehicles going by, looking for tags that are associated with items that only high-ranking officers can have, and targeting accordingly.
Companies are more concerned with the increasing use of RFID devices in company badges. An appropriate RF field will cause the RFID chip in the badge to “spill the beans” to whomever activates it. This information can then be stored and replayed to company scanners, allowing the thief access – and your badge is the one that is “credited” with the access.
The smallest tags that will likely be used for consumer items don’t have enough computing power to do data encryption to protect your privacy. The most they can do is PIN-style or password-based protection.