Nameless data can still be personal

[Roland Perry]

In article <9D53C16A-2D39-4D3A-A966-FB33C68593D7@googlemail.com>, Joel 
Harrison <joeldharrison@googlemail.com> writes
>> In the EU we say "some IP addresses identify people, so we should 
>>treat  all of them as personal data",

>It's worth noting that the UK is out of step with much of the rest of 
>the EU on this point.  In the UK an IP address will usually not be 
>personal data, other than in the hands of the user's ISP or law 
>enforcement officials, because the person processing the data lacks the 
>necessary information to identify the user.

The law only applies to "Data Controllers", and these are exactly the 
ISPs, website operators, and law enforcement agencies in receipt of 
logs, who *do* have the means to identify the individual.

Meanwhile, I don't think that personal data should be treated any less 
carefully once it's "escaped" from the hands of a data controller.
-- 
Roland Perry