The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Sunday, January 29, 2006
Adam Fields' blog has a good post about the "big fuss" over IP addresses, which is particularly relevant in light of the fight over search logs and subpoenas from the US Department of Justice:
Adam Fields (weblog) - What's the big fuss about IP addresses?:Given the recent fuss about the government asking for search terms and what qualifies as personally identifiable information, I want to explain why IP address logging is a big deal. This explanation is somewhat simplified to make the cases easier to understand without going into complete detail of all of the possible configurations, of which there are many. I think I've kept the important stuff without dwelling on the boundary cases, and be aware that your setup may differ somewhat. If you feel I've glossed over something important, please leave a comment.
First, a brief discussion of what IP addresses are and how they work. Slightly simplified, every device that is connected to the Internet has a unique number that identifies it, and this number is called an IP address. Whenever you send any normal network traffic to any other computer on the network (request a web page, send an email, etc...), it is marked with your IP address....
I don't think there can be much doubt that an IP address is "personal information" for the purposes of PIPEDA or the Personal Information Protection Acts of BC and Alberta, particularly as it appears in a server log. The information does not have to "identify" an individual, but must be "information about an identifiable individual". George Radwanski, when he was federal Privacy Commissioner held, in Case Summary #25, that a PC's NetBIOS information is "personal information" for the purposes of PIPEDA because it can lead to iformation that is traceable to an identifiable individual. Whether that interpretation would hold up in court is debateable, but any business in Canada should proceed on the assumption that a user's IP address is their personal information.
Labels: alberta, information breaches, ip address, privacy, retention
The Canadian Privacy Law Blog is licensed under a
Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.