BrochuresCartoon

Amberhawk
COURSES (BCS/ISEB)
follow link for detail

Data Protection Training

London: Foundation
4, 5 & 6 July

Leeds: Practitioner
Starts June 6

London: Practitioner
Starts July 11

FOI Training
London: Practitioner
Starts Oct 11

Information Security Management Training (CISMP)
London: Foundation
Starts Nov 27

Training/Update/Events
Update: Nov 20
GDPR: July 24
PIA: Sept 11
DP Audit: Sept 18

Amberhawk

« CCTV images are accessible on subject access (or is it Durant misses the Dublin Bus?) | Main | What is wrong with the Data Protection Act? FOI Infraction saga hits the buffers »

19/10/2011

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

If we replace the term "IP address" with "home address":

1) Is this a reasonable analogy? I would think so, since a home address and an IP address are used as identifying pieces of information (both refer to an address tied to specific internet/residential "sessions").

2) Is a home address considered "personal information" for copyright purposes, and if so, is it always considered personal information? Consider the case where a person changes addresses numerous times a year, since this is the closet analogy I can think of.


The banking rules in Switzerland state very clearly IP address is PII and must be removed, masked or protected from logs or other data streams if those logs leave the country. A few other countries treat ip address as PII as well.

Swiss Role for the UK?

Firstly IP addresses are not always personal data. The IP address that www.google.com resolves to for instance, is not personal data, it is the TCP/IP address of a piece of electronics. So an IP address is only personal in that it identifies a piece of electronic equipment that is owned or used by an individual. Every Email I receive has such an item of information. If I did a SAR to a company should they trawl every email for an IP address in case it is mine? If it is personal information then yes. Ah but wait, the email may have passed through my server but not actually sent by me. It has my (personal) IP address embedded in the message but it is personal information of mine?

IP addresses are personal information in some circumstances i.e. when it is intrinsically linked to it's owner. Even then you can often look these up via a WHOIS or DIG. Where an ISP (or phone company, or WiFi hotspot) can identify a customer who has been allocated an IP over a specific period, then it is personal information, if not, it is no more personal information than 'J6 on M8' is personal information.

The comments to this entry are closed.

All materials on this website are the copyright of Amberhawk Training Limited, except where otherwise stated. If you want to use the information on the blog, all we ask is that you do so in an attributable manner.