I'm thinking of a policy that says anyone who asks
whether they've
been checkusered must be told whether, why, and by whom, if they make
the request within six months of the check. The request must come from
the e-mail address the editor has added to their Wikipedia
preferences. They may only ask whether that particular account has
been checked. They need not be told the results of the check, in case
that inadvertently implicates someone else, though they may be told it
if no one else is involved.
Sounds good to me. I'm not 100% it's necessary to be told who did,
since that could cause checkusers to become targets. If you find out
you've been checkusered and don't think the reason was good enough,
you can file an ArbCom case (the checkuser in question can make an
anonymous statement) and if it's decided the check wasn't warranted,
then the checkuser is revealed (and de-checkusered). I don't know if
that's really necessary, though, we don't allow anonymity for other
privileged actions. I'm not sure if the reason is currently logged -
if this policy is implemented, a reason should be required when the
checkuser is performed. Giving a reason afterwards lends itself to
abuse.
We could build in a grandfather clause so that this
doesn't apply
retroactively. That would protect current checkusers who had performed
checks without knowing the information might become public.
The policy on when you can and can't run a checkuser hasn't changed,
so I'm not sure a grandfather clause is necessary, but it could be
included if it's necessary to get the policy accepted.