Legal:Data retention guidelines

Add links
From Wikimedia Foundation Governance Wiki
Revision as of 12:31, 4 November 2016 by 174.45.158.247 (talk)
Other languages:

== Introduction ==

Data is important. It is one of the ways we can learn and grow as an organization and a movement, and how we can help make the projects better for those who use them to create, learn, and share. At the same time, we are committed to keeping your private data "for the shortest possible time that is consistent with the maintenance, understanding, and improvement of the Wikimedia Sites, and our obligations under applicable U.S. law" (quote from the Wikimedia Foundation Privacy Policy).

This document helps explain how we fulfill this commitment, by describing our guidelines for data retention, system design, and ongoing auditing and maintenance. These guidelines are meant to be a living document — they will be updated over time to reflect current retention practices.

To what data do these guidelines apply?

These guidelines apply to all non-public data we collect from Wikimedia Sites covered by the Privacy Policy.

How long do we retain non-public data?

Unless otherwise indicated, we retain the following types of data for no more than the following periods of time:

(*) For the purposes of this table, "user account" means username, user ID, or IP address; "reader" means visitor to a Wikimedia project.

Definitions

For the purposes of these guidelines:

  • "Personal information" means information you provide us or information we collect from you that could be used to personally identify you. To be clear, while we do not necessarily collect all of the following types of information, we consider at least the following to be "personal information" if it is otherwise nonpublic and can be used to identify you:
(a) your real name, address, phone number, email address, password, identification number on your government-issued identification, IP address, user-agent information, and your credit card number;
(b) when associated with one of the items in subsection (a), any sensitive data such as date of birth, gender, sexual orientation, racial or ethnic origins, marital or familial status, medical conditions or disabilities, political affiliation, and religion; or
Examples of identifying information that could be removed in order to anonymize data would include:
  • Real names, addresses, phone numbers, email addresses, password, identification number on government-issued ID, IP address, user-agent string, credit card number, unique device identifiers
Examples of changes that could be made to data so that it no longer directly identifies the user:
  • Encrypting or removing/masking the most specific portion of IP addresses
  • Sanitizing user-agent strings
  • Data is "aggregated" when the data associated with a specific user has been combined with data from others to show general trends or values without identifying specific users.
An example of how data can be aggregated includes:
  • inclusion of these data retention guidelines as requirements during the design process;
  • legal consultation during the design and development process; and
  • inclusion of privacy considerations in the code review process.

Ongoing handling of new information

Despite our best efforts in designing and deploying new systems, we may occasionally record personal information in a way that does not comply with these guidelines. When we discover such an oversight, we will promptly comply with the guidelines by deleting, aggregating, or anonymizing the information as appropriate.

Contact us

If you think that these guidelines have potentially been breached, or if you have questions or comments about compliance with the guidelines, please contact us at privacy@wikimedia.org.

Retrieved from "https://foundation.wikimedia.org/w/index.php?title=Legal:Data_retention_guidelines&oldid=172663"