Jump to content

Archive:Access to nonpublic data policy

From Wikimedia Foundation Governance Wiki

The intent of this policy is to ensure that volunteers who have access to nonpublic data covered by the Wikimedia Foundation privacy policy are personally and legally accountable.

  1. Only persons whose identity is known to the Wikimedia Foundation shall be permitted to have access to any nonpublic data or other nonpublic information produced, collected, or otherwise held by the Wikimedia Foundation, where that data or other information is restricted from public disclosure by the Wikimedia Privacy Policy.
  2. Any volunteer who is chosen by any community process to be granted access rights to restricted data shall not be granted that access until that volunteer has satisfactorily identified himself or herself to the Foundation, which may include proof that such user is at least 18 and explicitly over the age at which they are capable to act without the consent of their parent in the jurisdiction in which they reside.
  3. Any volunteer who holds such access rights at the time of the adoption of this resolution must satisfactorily identify himself or herself to the Foundation within 60 days of the adoption of this resolution, or have any and all such access rights revoked. Volunteers otherwise in good standing whose access is revoked for failure to identify may have those access rights restored after providing identification, at the discretion of the Foundation.
  4. Volunteer positions covered by this resolution include, without limitation, all stewards, all holders of the "checkuser" and "oversight" rights, and all developers with access to any electronic records which contains nonpublic information (such as the IP addresses of readers or contributors).
  5. The access policies for OTRS e-mail queues or other communication systems of the Wikimedia Foundation are defined by WMF office staff in accordance with the intent of this policy.
  6. Access to deleted revisions on a publicly editable project, such as that held by administrators, is not sufficient to require identification under this policy.
  7. Identifying information disclosed to the Foundation by a volunteer in compliance with this policy shall be treated as confidential, nonpublic information and shall not be released except consistent with the Wikimedia Privacy Policy.
  8. Exceptions to this policy may be made only by resolution of the Board of Trustees.

Policy last updated: June 2, 2007