FAO admin

so he's laughing - so what - leave the guy alone.

 

here’s me thinking you might apologise for calling people bullies.

 

I agree yes it should have been.

 

The trouble with deleting a users account is that they can then rejoin with another user name and the forums software won't pick it up as an existing IP address. I'm assuming the BBS has this 'feature' to stop multiple accounts.

 

I agree to an extent about the way he's gone about expressing some views too, and even more reason to delete his account when he asks for it. Sounds like he needs it.

 

They could just use a different IP address to the one they signed up with though. And it sounds like Sunlighter genuinely wants to leave. The request should be honoured regardless.

 

Under GDPR that doesn't matter. All IP address records have to be deleted also as they're classed as identifying information.

 

Very true regards IP, if 'they' can be bothered.
I also agree that folk should be allowed to have their account removed if circumstances dictate.

 

With regards sunlighter himself(herself?) I think we should leave the person alone now. That thread the other day was disturbing and I may be totally out of order here but I wondered if there are some mental health issues involved. I'm not patronising I'm being serious. Lets just leave the guy alone now shall we and let him deal with things in his own way.
If I've called that wrong I apologise. Just thought it needed saying

 

Spot on. That would be the reasonable thing to do. It's clear that he is going through something as a result of the last 15 months. And his wish to leave should be granted.

 

As far as I remember from joining, the forum doesn’t hold any information that would be ‘personal information’.

 

Email address and IP address are both personal identifying information under GDPR, just off the top of my head. Username would also be classed as such I believe.

 

My understanding is that GDPR covers information that makes me identifiable, so my email address and ip address are only covered if they’re linked to my name. So if Sunlighter is his legal name he’s entitled to have that removed.
My guess is that it’s not his actual name.

 

I don’t believe this is true mate. I’ve done a fair amount of training on GDPR and I don’t remember any clause like this. A username, email address or IP address are PII on their own. I’m 99% sure.

This seems to confirm that my memory is correct.

https://ico.org.uk/for-organisation...ata/what-are-identifiers-and-related-factors/

 

So would an IP address with nothing attached to it be under GDPR? Which I assume would make a telephone number GDPR as well. So if I wrote 01226 886 576 on here then it's a GDPR breach? I've no idea who the number belongs to, it's just a random number. But that would be a breach because it's a number that belongs to someone?

I don't understand the GDPR stuff as you can tell

 

From the first paragraph
Often an individual’s name together with some other information will be sufficient to identify them.

As well as working with loads of data and getting involved in GDPR discussions for work I ran a photography business as GDPR came in. There were lots of discussions, particularly regarding a total lack of information re a photograph of a person.

But this is fairly irrelevant as I’m fairly sure site admins know the rules

 

A quick scan of the article BR linked will give you the answer.

 

It’s complicated (it’s also a couple of years since I did my training! So might not be 100% accurate), posting a number like that wouldn’t be a GRPR breach because nobody has given you that number to store.

As for the IP address, it would be classed as Personal Identifying information (PII) on its own in the context of running a system like the BBS, because it’s a record that the IP address accessed the system if that makes sense. That information could then be used in conjunction with other services to identify an individual more completely which is why such info is covered.

 

That line from the first paragraph doesn’t invalidate the rest of the document which says that a name isn’t always PII and also that other information can be PII without a name depending on the situation. I’m 99% sure that on the BBS username, email and IP address would all be PII and all have to be removed if asked.

 

The rest of the document discusses what other information linked to a name makes data PII.
I’m 99% certain that a username or IP address or email address without a name don’t constitute ‘identifiable’.

Your face, on its own is not ‘identifiable’ as covered by GDPR.