Data held by ISPs
D.M.Pick at qmul.ac.uk
Tue Dec 23 09:19:25 GMT 2014
On 22/12/14 22:45, Mark Harrison wrote:
> IP addresses (of the subscriber) are personal data.
> Although it's taken a long time for this to be nailed into law (rather
> than denied by the MRD brigade).
> I'm surprised. IP addresses from ISP's are shared. They are rarely given
> to end devices but rather routers that are also shared. How could they
> be classed as identifiable? To whom under the law?
To my mind it's not the IP address in isolation that's "Personal Data",
it's the relationship between the IP address and a person. It is *very*
important that it is acknowledged that this relationship exists because
if the relationship is not acknowledged the possibilities for miscreants
to identify people without the possibility of legal redress is enhanced.
There are many forms the relationship can take ranging from registration
in an Internet Registry database or the DNS through to logs from the
CGNAT service used by an ISP. For each of these to be handled with the
appropriate level of care the nature of the relationship to identifiable
people must be recognised.
Network Security Manager, IT Services
Queen Mary University of London
Tel: +44 (0) 20 7882 7079
Mob: +44 (0) 7973 379 161
E-Mail: D.M.Pick at qmul.ac.uk
More information about the ukcrypto