Nameless data can still be personal

[Roland Perry]

In article <1822185328.20081107144721@originalthinktank.org.uk>, Chris 
Salter <ukcrypto@originalthinktank.org.uk> writes
>Taken at face value this means that standard Apache server logs are
>covered by Data Protection Laws?

They always were.

>So, for example, does this mean that all logs and associated traffic 
>analysis reports must stored/transported encrypted?

We haven't seen many cases of public criticism regarding data-loss where 
the data that was lost was as far removed from being able to facilitate 
identity theft as an Apache log would be.

It would be good practice to encrypt any such data that was taken off 
the premises, though.
-- 
Roland Perry