Adam Fields' blog has a good post about the "big fuss" over IP addresses, which is particularly relevant in light of the fight over search logs and subpoenas from the US Department of Justice:
Adam Fields (weblog) - What's the big fuss about IP addresses?:
Given the recent fuss about the government asking for search terms and what qualifies as personally identifiable information, I want to explain why IP address logging is a big deal. This explanation is somewhat simplified to make the cases easier to understand without going into complete detail of all of the possible configurations, of which there are many. I think I've kept the important stuff without dwelling on the boundary cases, and be aware that your setup may differ somewhat. If you feel I've glossed over something important, please leave a comment.
First, a brief discussion of what IP addresses are and how they work. Slightly simplified, every device that is connected to the Internet has a unique number that identifies it, and this number is called an IP address. Whenever you send any normal network traffic to any other computer on the network (request a web page, send an email, etc...), it is marked with your IP address....
I don't think there can be much doubt that an IP address is "personal information" for the purposes of PIPEDA or the Personal Information Protection Acts of BC and Alberta, particularly as it appears in a server log. The information does not have to "identify" an individual, but must be "information about an identifiable individual". George Radwanski, when he was federal Privacy Commissioner held, in Case Summary #25, that a PC's NetBIOS information is "personal information" for the purposes of PIPEDA because it can lead to iformation that is traceable to an identifiable individual. Whether that interpretation would hold up in court is debateable, but any business in Canada should proceed on the assumption that a user's IP address is their personal information.