Data held by ISPs

David Pick D.M.Pick at
Tue Dec 23 09:19:25 GMT 2014

On 22/12/14 22:45, Mark Harrison wrote:

> </snip>
> IP addresses (of the subscriber) are personal data.
> Although it's taken a long time for this to be nailed into law (rather
> than denied by the MRD brigade).
> </snip>
> I'm surprised. IP addresses from ISP's are shared. They are rarely given
> to end devices but rather routers that are also shared. How could they
> be classed as identifiable? To whom under the law?

To my mind it's not the IP address in isolation that's "Personal Data",
it's the relationship between the IP address and a person. It is *very*
important that it is acknowledged that this relationship exists because
if the relationship is not acknowledged the possibilities for miscreants
to identify people without the possibility of legal redress is enhanced.

There are many forms the relationship can take ranging from registration
in an Internet Registry database or the DNS through to logs from the
CGNAT service used by an ISP. For each of these to be handled with the
appropriate level of care the nature of the relationship to identifiable
people must be recognised.

David Pick
Network Security Manager, IT Services
Queen Mary University of London
Tel: +44 (0) 20 7882 7079
Mob: +44 (0) 7973 379 161
E-Mail: D.M.Pick at

More information about the ukcrypto mailing list