Política d'accesu a información non-pública
|This policy was published on 6 November 2018 and came into effect on November 15, 2018. For the previous version please see the previous version|
Los sitios de Wikimedia (los "Sitios") son el productu d'una comunidá global de collaboradores y editores voluntarios. Esti grupu de persones dedicaes non solo escribe y caltien el conteníu de los Sitios, tamién nos ayuden a asegurar la seguridá de los Sitios y de los usuarios ya'l cumplimientu de les polítiques aplicables. Pa xestionar esta descomanada xera de manera efeutiva, dellos miembros de la comunidá reciben permisu d'accesu a cantidaes llindaes d'información non pública d'otros usuarios. Por casu, un miembru de la comunidá d'enfotu que tien derechos "CheckUser" podría utilizar estos derechos pa investigar si un solu usuariu ta utilizando delles cuentes de forma contradictoria coles polítiques de Wikimedia. La finalidá d'esta política de "Accesu a la información non pública" (la Política") ye:
- esplicar los requisitos mínimos que tien de cumplir tou miembru de la comunidá que tenga accesu a la información non pública;
- esplicar los derechos y responsabilidaes de los miembros de la comunidá con accesu a la información non pública;
- asegurase de que los miembros de la comunidá con accesu a información non pública entiendan y comprométanse a caltener secreta de la información non pública, y
- apurrir direutrices a los miembros de la comunidá con accesu a información non pública al respeutive de cuándo pueden aportar a la información non pública, cómo pueden utilizar esta información y cuándo y a quién pueden revelar esta información.
Miembros de la comunidá afeutaos por esta Política
Esta Política aplícase a cualquier usuariu que tenga accesu a información non pública cubierta pola política de protección de datos, incluyendo:
- Community members with access to any tool that permits them to view Nonpublic Personal Data about other users (such as the CheckUser tool) or members of the public (for example, through OTRS accounts);
- Community members with the ability to access content or Nonpublic Personal Data which has been removed from administrator view (such as the Suppression tool); and
- Volunteer developers with access to Nonpublic Personal Data.
For illustrative purposes only, some examples of Designated Community Members include: OTRS administrators, email response team members, and Stewards. This Policy does not apply to users whose rights only include the ability to view standard deleted revisions. This Policy also does not apply to Wikimedia Foundation employees or contractors who act in their professional capacity because they are already subject to other confidentiality agreements that are as or more protective than this Policy.
Minimum requirements for Designated Community Members applying for access to nonpublic information rights
The following conditions are minimum requirements that all Designated Community Members must meet before being granted access to Nonpublic Personal Data ("access rights"). These conditions should also be considered requirements to be a candidate for any community-run selection process for a role that would convey such access rights. The community may require candidates for access rights to meet additional community-specified criteria on a case-by-case or role-by-role basis.
(a) Minimum age. Access to nonpublic information requires maturity because of the significant responsibilities that come along with confidentiality obligations. For this reason, any community member who applies for access rights must:
- be at least eighteen (18) years of age, except email response team members who must be at least sixteen (16) years of age; and
- must certify to the Wikimedia Foundation that they meet the minimum age required for the rights they are applying for.
(b) Valid, linked email address. In order to ensure that we can contact the individuals who take on these important roles, any community member who applies for access rights must:
- submit to the Wikimedia Foundation a valid email address;
- have the account under which they are applying for rights linked to a valid email address;
- complete verification of the submitted and/or linked email address (such as responding to a confirmation email sent to their submitted email address), if requested to do so; and
- inform the Wikimedia Foundation of any change to their email address within one week of such change.
(c) Confidentiality. To ensure that community members with access rights understand and commit to keeping the Nonpublic Personal Data confidential, they will be required to read and certify that they agree to a short Confidentiality Agreement that outlines:
- what Designated Community Members should treat as confidential information;
- when they are allowed to access Nonpublic Personal Data;
- how Designated Community Members may use Nonpublic Personal Data about other users;
- when and to whom they may disclose the Nonpublic Personal Data and how they must otherwise refrain from disclosing Nonpublic Personal Data to anyone, except as permitted under applicable policies;
- how they must safeguard their accounts from unauthorized access; and
- when they must report disclosure of Nonpublic Personal Data to third parties or improper access, use, or disclosure of Nonpublic Personal Data.
(e) Submission timeline. Any community member who has been granted access rights at the time this Policy becomes effective must meet the requirements of Sections (a) - (c) of this Policy within ninety (90) calendar days of the date this Policy becomes effective. The Wikimedia Foundation may, at its sole discretion, extend the compliance period for individual community members as needed.
Any community member who has not met the requirements of Section (a) - (c) of this Policy by the deadline above should anticipate having their access rights revoked until they have submitted the required information.
Use and disclosure of nonpublic information
Designated Community Members provide valuable services to the Sites and its users – they fight vandalism, respond to helpdesk emails, ensure that improperly disclosed private data is removed from public view, confirm license permissions, investigate sockpuppets, improve and debug software, and much more. But Designated Community Members’ use of access rights is limited to certain circumstances and contexts. This section elucidates the situations in which access rights may be used and Nonpublic Personal Data may be disclosed to third parties.
(a) Use of access rights and Nonpublic Personal Data. All Designated Community Members may only use their access rights and the subsequent information they access in accordance with the policies that govern the tools they use to gain such access. For example, community members with access to the CheckUser tool must comply with the global CheckUser Policy, and, unless they are performing a cross-wiki check, they must also comply with the more restrictive local policies applicable to the relevant Site. Similarly, community members with access to the Suppression tool may only use the tool in accordance with the Suppression Policy. When a Designated Community Member’s access to a certain tool is revoked, for any reason, that member must destroy all Nonpublic Personal Data that they have as a result of that tool.
(b) Disclosure of nonpublic information. In the course of keeping the Sites and its users safe, Designated Community Members must sometimes disclose Nonpublic Personal Data to third parties. Disclosures of Nonpublic Personal Data are limited to:
- (i) other Designated Community Members with the same access rights, or who otherwise are permitted to access the same Nonpublic Personal Data, to fulfill the duties outlined in the applicable policy for the access tool used;
- (ii) service providers, carriers, or other third party vendors to assist in the targeting of IP blocks or the formulation of a complaint to relevant Internet Service Providers;
- (iii) law enforcement, in cases where there is an immediate and credible threat of serious bodily harm;
- (iv) authorized parties, with the express permission of the user whose nonpublic information is to be disclosed; or
- (v) the public, when it is a necessary and incidental consequence of blocking a sockpuppet or other abusive account.
Anque los miembros de la comunidá con derechos d'accesu pueden revelar información non pública a terceros según les circunstancies descrites enantes, nun tienen obligación pa faelo cola Fundación. Téngase en centra, sicasí, que si un miembru de la comunidá con derechos d'accesu escueye revelar nuna situación regulada por (ii), (iii), (iv) o (v) anteriores, tendrá de #echar# voz de a la Fundación Wikimedia per corréu electrónicu
check-disclosure wikimedia.org dándo-y una esplicación de la rewevelación nun
check-disclosure wikimedia.orgplazu de diez (10) díes arteros de faer dicha revelación.
In the event that a Designated Community Member receives a request for Personal Data from law enforcement regarding a immediate and credible threat of bodily harm, as described above in (iii), and the Designated Community Member chooses to disclose Personal Data, they are permitted to do so without pre-authorization however that Designated Community Member should immediately contact
check-disclosure wikimedia.org with an explanation of the disclosure. If the Designated Community Member chooses not to disclose Personal Data in response to an emergency request from law enforcement, that Designated Community Member should immediately email
emergency wikimedia.org with details of the request so that it can be evaluated for possible Foundation disclosure.
All other formal and informal requests for user Nonpublic Personal Data (i.e. those not covered by one of the situations described above or those not acted upon by a community member with access rights), including subpoenas, from law enforcement, government agencies, attorneys, or other third parties should be directed to the Wikimedia Foundation’s legal department at