Nameless data can still be personal

[Chris Salter]

Hello Peter and UKCrypto,

Friday, November 7, 2008, 9:52:25 AM, you wrote:

> "A person does not have to be identifiable by name for details of their
> computer usage to be protected by data protection laws, a senior 
> European privacy watchdog has warned."

> "Companies which are unsure whether information such as activity or 
> server logs or a record of internet protocol (IP) addresses are personal
> data or not should treat it all as personal data, the European Union's
> Data Protection Supervisor Peter Hustinx has said."

> Full article at http://www.out-law.com/page-9563

Taken at face value this means that standard Apache server logs are
covered by Data Protection Laws? So, for example, does this mean that
all logs and associated traffic analysis reports must
stored/transported encrypted?

Chris

-- 
 Chris Salter                      mailto:ukcrypto@originalthinktank.org.uk
 Cornwall United Kingdom        http://www.originalthinktank.org.uk/