> There are reasons that are useful to users to keep their IP addresses in a database, and there are risks with keeping their IP addresses in a database. This is why the ICO also recommends you blank out the last octet of the IP address.
Note: If you are going to use that IP address for determining location (which is common when dealing with the EU, because that is one of the things the EU considers acceptable evidence to justify your choice of which country's VAT to collect for an online sale), do the location lookup before blanking the last octet.
I had hoped that the first 24 would be sufficient to determine country, but that is not the case. For example, here are current results from MaxMind's GeoIP service:
5.62.58.243 US
5.62.58.244 US
5.62.58.245 DE
5.62.58.246 DE
5.62.58.247 DE
5.62.58.248 US
5.62.58.249 US
5.62.58.250 US
A couple weeks ago, BTW, 5.62.58.244 was identified as DE. This suggests that it might be a good idea to keep the full IP address around at least until you file your quarterly VAT MOSS documents, so that you can do another lookup then and possibly get a more clear picture of who you owe VAT to for the sale.
PS: I have no relationship with whoever owns those IP addresses, as far as I know. A few weeks ago I did GeoIP lookups on all 4 billion IPv4 addresses to find all the ranges of US IP addresses (there were 22029 ranges) as part of optimizing a filter that is supposed to reject non-US traffic from certain reports. To get an example for this comment I looked through those ranges looking for one where there were two different US ranges overlapping the same /24, and 5.62.58.0/24 was the first one I noticed.
Those IP addresses belong to the same AS, have the same announcement[1], and have very similar traceroute outputs (both have final hops around miami). The only thing different is their reverse DNS, which I think is throwing maxmind's algorithms off.
Note: If you are going to use that IP address for determining location (which is common when dealing with the EU, because that is one of the things the EU considers acceptable evidence to justify your choice of which country's VAT to collect for an online sale), do the location lookup before blanking the last octet.
I had hoped that the first 24 would be sufficient to determine country, but that is not the case. For example, here are current results from MaxMind's GeoIP service:
A couple weeks ago, BTW, 5.62.58.244 was identified as DE. This suggests that it might be a good idea to keep the full IP address around at least until you file your quarterly VAT MOSS documents, so that you can do another lookup then and possibly get a more clear picture of who you owe VAT to for the sale.PS: I have no relationship with whoever owns those IP addresses, as far as I know. A few weeks ago I did GeoIP lookups on all 4 billion IPv4 addresses to find all the ranges of US IP addresses (there were 22029 ranges) as part of optimizing a filter that is supposed to reject non-US traffic from certain reports. To get an example for this comment I looked through those ranges looking for one where there were two different US ranges overlapping the same /24, and 5.62.58.0/24 was the first one I noticed.