Policy:Access to nonpublic personal data policy

Purpose

Wikimedia Sites (the “Sites”) are the product of a global community of volunteer contributors and editors. This dedicated group of individuals not only writes and curates content on the Sites; they also help ensure the safety of the Sites and its users as well as compliance with applicable policies. To manage this immense task effectively, certain community members are entrusted with access to limited amounts of nonpublic information regarding other users, such as investigating if a single user is using multiple accounts in a manner inconsistent with policy. The purpose of this “Access to nonpublic information” policy (the “Policy”) is to:

• explain the minimum requirements that must be met by any community member who has access to nonpublic information;
• explain the personal and legal accountability that accompanies the rights and responsibilities of community members with access to nonpublic information;
• ensure that community members with access to nonpublic information understand and commit to maintaining the confidentiality of nonpublic information; and
• provide guidelines to community members with access to nonpublic information as to when they may access nonpublic information, how they may use such information, and when and to whom they may disclose such information.

Community members covered by this Policy

This Policy applies to any user who has access to nonpublic information covered by the privacy policy, including:

• Community members with access to any tool that permits them to view nonpublic information about other users (such as the CheckUser tool);
• Community members with the ability to access content or user information which has been removed from administrator view (such as the Suppression tool); and
• Volunteer developers with access to nonpublic information.

Some examples of groups of community members to which this Policy applies include: OTRS administrators, Stewards, and members of the Election Committee. This Policy does not cover Wikimedia Foundation employees or contractors who act in their professional capacity since they are already subject to other confidentiality agreements that are as or more protective than this Policy.

Minimum requirements for community members applying for access to nonpublic information rights

All community members who are granted access to nonpublic information rights (“access rights”), except volunteer developers, are typically chosen by the community of contributors and editors to the Wikimedia Sites through processes developed and implemented by the community. The following conditions are minimum requirements that all community members, including volunteer developers, must meet to qualify as a candidate. The community may require candidates for access rights to meet additional community-specified criteria on a case-by-case or role-by-role basis.

(a) Minimum age. We value our community members, no matter what their age. However, access to nonpublic information requires legal accountability in part because of the need to ensure confidentiality with respect to others’ nonpublic information. For this reason, any community member who applies for access rights must be at least eighteen (18) years of age and must be at least the age of legal majority under the laws of the jurisdiction in which they reside.

(b) Identification. The privacy of all of our users is important to us. Our users expect that we know who has access to their nonpublic information. This helps increase accountability and ensure against misuse of information entrusted to community members with access to nonpublic information. For this reason, only those whose identity is known may have access to nonpublic information. Community members with access rights must meet the following identification requirements:

• submit to the Wikimedia Foundation a government-issued form of photo identification containing their name, date of birth, and the issuing agency number (although alternate forms of identification may be accepted on a case-by-case basis);
• attest to the fact that the identification and email address given is theirs;
• provide a current address of residence; and
• have an account linked to a valid e-mail address.

(c) Confidentiality. To ensure that community members with access rights understand and commit to keeping the nonpublic information confidential, they will be required to read and agree to a short Confidentiality Pledge that outlines

• what community members should treat as confidential information;
• when they are allowed to access nonpublic information;
• how community members may use nonpublic information about other users; and
• when and to whom they may disclose the nonpublic information.

(d) Submission & retention of submitted documents.

(i) Secure & confidential storage. In consideration of the privacy of the community members with access rights, the materials, documents, and identifications submitted to the Wikimedia Foundation under this Policy (collectively “submitted materials”) will be kept confidential, and access to these materials will be limited to a “need to know” basis. Physical copies of submitted materials will be kept in locked cabinets designated for this purpose. Electronic copies of submitted materials will be protected by passwords or other electronic protections in files designated for this purpose. The Wikimedia Foundation will not share submitted materials with third parties, unless such disclosure is (A) permitted by a non-disclosure agreement approved by the Wikimedia Foundation’s legal department; (B) required by law; (C) needed to protect against immediate threat to life or limb; or (D) needed to protect the rights, property, or safety of the Wikimedia Foundation, its employees, or contractors.

(ii) Retention of submitted materials. Sometimes, the Wikimedia Foundation or a user community committee will need to contact a community member who formerly had access rights about his or her usage of those rights. For example, the Arbitration Committee may need to complete an ongoing case they are examining or the Wikimedia Foundation may need to notify you of receipt of a legal document involving that community member.

For this reason, the Wikimedia Foundation retains submitted materials for a period after the community member ceases to have access rights. Submitted materials will be maintained as long as the community member who submitted the materials has access rights, plus up to an additional three (3) years. If a community member ceases to have access rights, he or she should notify the Stewards. The Stewards will inform the Wikimedia Foundation and the submitted materials will be destroyed by the Wikimedia Foundation in a timely manner following the three (3) year period.

If a community member provides new submitted materials, the Wikimedia Foundation's copy of the old submitted materials will be discarded. However, if a community member provides new submitted materials that do not include an identification document, both the newly submitted materials and the old identification document will be retained until a new identification document is submitted, if ever, or the retention period expires. Please note that providing new submitted materials will not reset the retention period if submitted materials were previously provided to the Wikimedia Foundation.

(iii) Submission methods. Community members with access rights may submit the required Identification and Confidentiality materials to the Wikimedia Foundation electronically. Hard copies may be submitted on a case-by-case basis.

(iv) Submission timeline. Users with access rights at the time this Policy becomes effective should submit identification as follows:

• Any community member who has been granted access rights and has not previously identified under the previous “Access to nonpublic data” policy (adopted 2007) has sixty (60) days to meet the Identification Requirements of Section 2(b) and the Confidentiality Requirements of Section 2(c) of this Policy.
• Any community member who has been granted access rights and has previously identified under the previous “Access to nonpublic data” policy (adopted 2007) has ninety (90) days from the date of the adoption of this Policy to meet the Identification Requirements of Section 2(b) and the Confidentiality Requirements of Section 2(c) of this Policy.

Any community member who has not met the Identification Requirements of Section 2(b) and the Confidentiality Requirements of Section 2(c) of this Policy by the deadlines above should anticipate having their access rights revoked until they have submitted the required information.

Use and disclosure of nonpublic information

Community members with access rights provide valuable services to the Sites and its users -- they fight vandalism, investigate sockpuppets, ensure that improperly disclosed private data is removed from public view, and much more. But community members’ use of access rights is limited to certain circumstances and contexts. This section elucidates the situations in which access rights may be used and nonpublic information may be disclosed to third parties.

(a) Use of access rights & nonpublic information. Community members with access rights may use those rights solely for activities that help prevent, stop, or minimize damage to the Sites and its users. All community members with access to nonpublic information may only use their access rights and the subsequent information they access in accordance with the policies that govern the tools they use to gain such access. For example, community members with access to the CheckUser Tool must comply with the global CheckUser Policy, and, unless they are performing a cross-wiki check, they must also comply with the more restrictive local policies applicable to the relevant Site. Similarly, community members with access to a suppression tool may only use the tool in accordance with the Suppression Policy. When a community member’s access is revoked, for any reason, that member must destroy all nonpublic information that they have.

(b) Disclosure of nonpublic information. In the course of keeping the Sites and its users safe, community members with access rights must sometimes disclose nonpublic information to third parties. Disclosures of nonpublic information may be made to:

(i) other community members with the equivalent or greater access rights to fulfill the duties outlined in the applicable policy for the access tool used;

(ii) service providers, carriers, or other third parties to assist in the targeting of IP blocks or the formulation of a complaint to relevant Internet Service Providers;

(iii) law enforcement in cases where there is an immediate and credible threat to life or limb;

(iv) authorized parties with the express permission of the user whose nonpublic information is to be disclosed; or

(v) law enforcement, administrative bodies, or other governmental agencies if required by law, provided that the community member notifies the Wikimedia Foundation unless restricted by law from doing so.

While community members with access rights may disclose nonpublic information to third parties under the circumstances described above, they are under no obligation to do so and may refuse any request to do at their sole discretion.

All formal and informal requests for user information, including subpoenas, from law enforcement, government agencies, attorneys, or other third parties should be directed to the Wikimedia Foundation’s legal department at legal@wikimedia.org.

Back to top