Política de acceso a la información no pública/noiddraft

This page is a translated version of the page Access to nonpublic personal data policy/noiddraft and the translation is 29% complete.
Outdated translations are marked like this.

Finalidad

Los sitios de Wikimedia (los «sitios») son el producto de una comunidad global de colaboradores y editores voluntarios. Este grupo dedicado de individuos no solo escribe y edita el contenido en los sitios, también ayuda a garantizar la seguridad de los sitios y de sus usuarios así como el cumplimiento con las políticas aplicables. Para administrar esta inmensa tarea efectivamente, a ciertos miembros de la comunidad se les confía acceso a cantidades limitadas de información no pública sobre otros usuarios. Por ejemplo, un miembro respetado de la comunidad que tiene privilegios de verificador de usuarios podría usar esos accesos para investigar si un único usuario está usando múltiples cuentas de una forma inconsistente con las políticas de Wikimedia. El propósito de esta política de «Acceso a información no pública» (la «política») es:

  • Explicar los requisitos mínimos que debe cumplir cualquier miembro de la comunidad que tiene acceso a información no pública.
  • Explicar los derechos y responsabilidades de los miembros de la comunidad con acceso a información no pública.
  • Garantizar que los miembros de la comunidad con acceso a información no pública comprenden y se comprometen a mantener la confidencialidad de la información no pública.
  • Proporcionar directrices a los miembros de la comunidad con acceso a información no pública sobre la forma en la que pueden usar esa información y cuando y con quién pueden compartir esa información.

Miembros de la comunidad cubiertos por esta política

Esta Política se aplica a cualquier usuario que tenga acceso a información no pública cubierta por la política de privacidad, incluyendo:

  • Miembros de la comunidad con acceso a cualquier herramienta que permita ver información no pública sobre otros usuarios (tales como la herramienta de verificador de usuarios) o miembros del público (por ejemplo a través de cuentas OTRS).
  • Miembros de la comunidad con la habilidad de acceder contenido o información de usuarios que ha sido eliminado de la vista de los administradores (por ejemplo usando la herramienta de supresiones).
  • Programadores voluntarios con acceso a información no pública.

Para fines ilustrativos únicamente, algunos ejemplos de grupos de miembros de la comunidad a los que se aplica esta política incluyen: administradores del sistema OTRS, miembros del equipo de respuesta de correo electrónico y stewards. Esta política no se aplica a los usuarios cuyos permisos sólo les permiten ver revisiones borradas de modo normal. Esta política tampoco aplica a los empleados de la Fundación Wikimedia o sus contratistas que actúen en su capacidad profesional en tanto que ya se encuentran sujetos a otros acuerdos de confidencialidad que son tanto o más protectores que esta política.

Requisitos mínimos para los miembros de la comunidad que soliciten permisos para acceder a información no pública

The following conditions are minimum requirements that all community members, including volunteer developers, who are granted access to nonpublic information rights ("access rights") must meet. These conditions should also be considered requirements to be a candidate for any community-run selection process for a role that would convey such access rights. The community may require candidates for access rights to meet additional community-specified criteria on a case-by-case or role-by-role basis.

(a) Minimum age. We value our community members, no matter what their age. However, access to nonpublic information requires maturity because of the significant responsibilities that come along with confidentiality obligations. For this reason, any community member who applies for access rights must:

  • be at least eighteen (18) years of age, except email response team members who must be at least sixteen (16) years of age; and
  • must certify to the Wikimedia Foundation that they meet the minimum age required for the rights they are applying for.

(b) Valid, linked email address. In order to ensure that we can contact the individuals who take on these important roles, any community who applies for access rights must:

  • submit to the Wikimedia Foundation a valid email address;
  • have the account under which they are applying for rights linked to a valid email address;
  • complete verification of the submitted and/or linked email address (such as responding to a confirmation email sent to their submitted email address), if requested to do so; and
  • inform the Wikimedia Foundation of any change to their email address within a reasonable time following such change.

(c) Confidentiality. To ensure that community members with access rights understand and commit to keeping the nonpublic information confidential, they will be required to read and certify that they agree to a short Confidentiality Agreement that outlines:

  • what community members should treat as confidential information;
  • when they are allowed to access nonpublic information;
  • how community members may use nonpublic information about other users;
  • when and to whom they may disclose the nonpublic information and how they must otherwise refrain from disclosing nonpublic information to anyone, except as permitted under applicable policies;
  • how they must safeguard their accounts from unauthorized access; and
  • when they must report disclosure of nonpublic information to third parties or improper access, use, or disclosure of nonpublic information.

(d) Privacy. In consideration of the privacy of the community members with access rights, any personal information submitted to the Wikipedia Foundation under this Policy is subject to the Wikimedia Foundation's Privacy Policy and Data Retention Guidelines.

(e) Submission timeline. Any community member who has been granted access rights at the time this Policy becomes effective must meet the requirements of Sections (a) – (c) of this Policy within ninety (90) calendar days from either (i) the date that a request to comply with this Policy is sent to that community member from the Wikimedia Foundation or (ii) the date that such notice is posted prominently on Meta, whichever occurs first. The Wikimedia Foundation may, at its sole discretion, extend the compliance period for individual community members as needed.

Any community member who has not met the requirements of Section (a) – (c) of this Policy by the deadline above should anticipate having their access rights revoked until they have submitted the required information.

Utilización y revelación de la información no pública

Community members with access rights provide valuable services to the Sites and its users -- they fight vandalism, respond to helpdesk emails, ensure that improperly disclosed private data is removed from public view, confirm license permissions, investigate sockpuppets, improve and debug software, and much more. But community members’ use of access rights is limited to certain circumstances and contexts. This section elucidates the situations in which access rights may be used and nonpublic information may be disclosed to third parties.

(a) Use of access rights and nonpublic information.

All community members with access to nonpublic information may only use their access rights and the subsequent information they access in accordance with the policies that govern the tools they use to gain such access. For example, community members with access to the CheckUser tool must comply with the global CheckUser Policy, and, unless they are performing a cross-wiki check, they must also comply with the more restrictive local policies applicable to the relevant Site. Similarly, community members with access to the Suppression tool may only use the tool in accordance with the Suppression Policy. When a community member’s access to a certain tool is revoked, for any reason, that member must destroy all nonpublic information that they have as a result of that tool.

(b) Disclosure of nonpublic information.

In the course of keeping the Sites and its users safe, community members with access rights must sometimes disclose nonpublic information to third parties. Disclosures of nonpublic information may be made to:

(i) other community members with the same access rights, or who otherwise are permitted to access the same information, to fulfill the duties outlined in the applicable policy for the access tool used;

(ii) service providers, carriers, or other third parties to assist in the targeting of IP blocks or the formulation of a complaint to relevant Internet Service Providers;

(iii) law enforcement, in cases where there is an immediate and credible threat to life or limb;

(iv) authorized parties, with the express permission of the user whose nonpublic information is to be disclosed;

(v) law enforcement, administrative bodies, or other governmental agencies, if required by law, provided that the community member notifies the Wikimedia Foundation unless restricted by law from doing so; or

(vi) the public, when it is a necessary and incidental consequence of blocking a sockpuppet or other abusive account.

While community members with access rights may disclose nonpublic information to third parties under the circumstances described above, they are under no obligation by the Foundation to do so. Please note, however, if a community member with access rights chooses to disclose in a situation covered by (ii), (iii), (iv), or (v) above, they must notify the Wikimedia Foundation by emailing check-disclosure wikimedia.org an explanation of the disclosure within ten (10) business days of such disclosure.

All other formal and informal requests for user information (i.e. those not covered by one of the situations described above or those not acted upon by a community member with access rights), including subpoenas, from law enforcement, government agencies, attorneys, or other third parties should be directed to the Wikimedia Foundation’s legal department at legal wikimedia.org.

Superscript text