Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« Crooks Don't Need to Steal SSNs If They Can Create Valid SSNs Themselves | Main | What is PII? How About Groups Of Otherwise Non-PII? »

What is PII? How About IP Addresses?

This week I want to look at the concept of personally identifiable information (PII), and what types of items, in particular, are considered as such...

Last week the news of the Seattle judge ruling that IP addresses were not considered to be personally identifiable information (PII) hit numerous blogs and filled the twitterverse.

According to the judge

""In order for 'personally identifiable information' to be personally identifiable, it must identify a person. But an IP address identifies a computer," U.S. District Court Judge Richard Jones said in a written decision."

Using this logic, then, a cell phone number would not be considered as PII either, because it really identifies a phone, not a person. But, this is generally not the case.

However, this is just one ruling, and it goes against multiple laws that clearly list IP addresses as being PII. For example, the U.S. Health Insurance Portability and Accountability Act (HIPAA) explicitly lists "IP address" as one of the PII items, referenced as "Protected Health Information," that must be protected under the law.

This ruling also goes against other court decisions. And this is nothing new. For example, in June 2005, the Swedish Data Inspection Board ruled that an IP address was PII under the Personal Data Act.

In my next blog post I'll discuss how you PII is created by the ways in which pieces of information are used, even though each on their own are not considered as PII.

Tags:                    
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on July 13, 2009 2:35 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/1016

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold, CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for the past two decades. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the world's best privacy experts and on their list of the best privacy consulting firms in both 2007 and 2008. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 13th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.