Hi Is it illegal to store IP address of visitors ? I want to retain location based info for statistics etc. I dont see how this can be illegal when analytics and the like store geo-information. Even though their solutions is Javascript based, what difference would it make if it were server-side ? Thanks
The reason for asking is, many websites mention in bold "We record your IP address for security purpose" or something like that - like as if its mentioned in their TOS and like it implies that its mandatory to include this in the website's TOS.
Most of the sites that display that text do so because they are doing payment processing and they want clients to feel safe and criminals to think twice (implying that credit card purchases that are refunded due to fraud could be tracked by your IP address). The truth is that almost every site records this data (in the webserver logs). You may not have access to this data and it wouldn't be linked to specific users in most cases (assuming you have a log in restricted area). If you want to store it in such a way that you link the IP address with specific usernames or email addresses I would put it in the ToS. It may not be required, but it is reasonable. If you are storing the IPs independent of other information, then I wouldn't worry about putting it in the ToS. [EDIT]Replace all my ToS with Privacy Policy (thanks Millar)[/EDIT]
Well, the thing is that by default your web server will log activities for stats purposes in their weblog. It should be alright to do so as long as you do not pry into any other details. Besides, I doubt you can really do much with their IP addresses to commit any crime or infringe on anyone's privacy.
My host, Blue Host, logs all the IP's of visitors to my websites. If it is illegal I doubt a big company like them would do it.
I think that a lot of online stores state this to scare off and prevent people from entering false information.
The above is exactly right - there is a lot of postering on ecom websites (as well as in off line companies) to deter fraud and other criminal activity which is why they make a big deal of it. As already stated, Apache and IIS (and probably other web servers) both record the IP of the visitor as standard in their weblogs.
Oh..good one - shouldnt have asked this in the first place - access.log contains IP for each request !
You can store it, but not publish it public ally without the consent and permission of its owner (IP owner)
Guess it would depend on the country but certainly in the UK it could be published, for one it isnt defined as personal information and secondly in the majority of cases it is the ISP that is the "owner" of the IP not the person visiting the site.