I'm thinking of a policy that says anyone who asks whether they've been checkusered must be told whether, why, and by whom, if they make the request within six months of the check. The request must come from the e-mail address the editor has added to their Wikipedia preferences. They may only ask whether that particular account has been checked. They need not be told the results of the check, in case that inadvertently implicates someone else, though they may be told it if no one else is involved.
Sounds good to me. I'm not 100% it's necessary to be told who did, since that could cause checkusers to become targets. If you find out you've been checkusered and don't think the reason was good enough, you can file an ArbCom case (the checkuser in question can make an anonymous statement) and if it's decided the check wasn't warranted, then the checkuser is revealed (and de-checkusered). I don't know if that's really necessary, though, we don't allow anonymity for other privileged actions. I'm not sure if the reason is currently logged - if this policy is implemented, a reason should be required when the checkuser is performed. Giving a reason afterwards lends itself to abuse.
We could build in a grandfather clause so that this doesn't apply retroactively. That would protect current checkusers who had performed checks without knowing the information might become public.
The policy on when you can and can't run a checkuser hasn't changed, so I'm not sure a grandfather clause is necessary, but it could be included if it's necessary to get the policy accepted.