In message <[log in to unmask]>, at 12:48:03
on Sat, 31 Jan 2015, Michael Bacon - Grimbaldus
<[log in to unmask]> writes
>Some real scenarios from retail clients:
>
>1) An account customer (#1) places an order online from home. The
>retailer's firewall captures the IP address. The stored account
>details include the customer's name, address, home and mobile telephone
>numbers and email address. It is easily arguable that the IP address
>is the customer's Personal Data.
>
>2) The customer's partner, also an account customer (#2), places an
>order online from home. The retailer's firewall captures the IP
>address. The stored account details include customer #2's name,
>address, home and mobile telephone numbers and email address. Whose PD
>is the IP address now? Both of them or neither of them? It cannot be
>used as a unique identifier of either one of them, as it will point to
>both of them.
This is a classic case of the "excluded middle". Sometimes an IP address
will be clearly one individual's PD, sometimes it will clearly not be.
Then there's all the cases in the middle which "might be". But the only
practical way to run your organisation is treat all IP addresses with
the same respect and sort out the "who's PD" issue later on a case by
case basis.
[snip - more examples]
>These are everyday issues for online and large retailers. I know that
>they are less of an issue for utilities, and local and central
>government - where one is more commonly dealing with a *uniquely*
>identifiable individual assocated with a single address.
For the Internet industry it's an issue of "public" (in published logs,
WHOIS databases and so on, where in many cases there might be some
mileage in getting informed consent) IP addresses are, and whether they
need to be treated under DPA law when requested by law enforcement etc.
I note, for example, that my previous posting included the following in
one of the header lines (in a sense "logged by my email provider
Gradwell and then published by the JISCMAIL system"):
Received: from 5751e95f.skybroadband.com (HELO perry.co.uk)
(87.81.233.95)
The latter of course being my static IP address which certainly
identifies the household, if not myself. It also reveals who my
connectivity ISP is, but knowing that doesn't really help identify me,
but just might say something about my choice of supplier (which
stretching the analogy a bit is for some almost a religious matter).
--
Roland Perry
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|