Hello,
just a few remarks from the OC about this case.
2014-08-01 22:19 GMT+02:00 Russavia <russavia.wikipedia(a)gmail.com>om>:
Hi all,
On 27 May 2014 I received an email back from the OC which basically
said that because no personal information was divulged, there was no
breach of the WMF Privacy Policy. It also said that they would inform
the WMF about the case, and if I had any further information on who
"released such information" then I should contact them.
Confirmed.
On 6 June 2014 I heard back from the OC and they stated that my
complaint was being forwarded to the Wikimedia Foundation and that
they had been informed about the possible running of an unnecessary
CU, in addition to the possible release of CU logs. Additionally, I
was told that the OC would relay to me once they had it from the
Board.
Also confirmed.
1) There was indeed a leak of my CU data. An unknown Commons CU had
indeed leaked my CU data to another person who was NOT a CU on
Commons. The information given to this non-CU person included the very
name of the person who ran the CU on me; information which was so
sensitive to keep from me, but not sensitive enough that it was able
to be shared with every Tom, Dick and Harry that wasn't me.
I wonder why the OC never got any information about this from you. So would
you please write us where that information comes from and what exactly
happened? Thanks.
On 2 July 2014 I was contacted by someone within Legal informing me
that it was their understanding that "the Ombudsman Commission has
finished its investigation into this matter and has already
communicated its decision to you."
It had, on the basis of the information we got from you. We can obviously
not base our decision on information that is not relayed to us, like that
mentioned one section above.
Given this, I am asking very publicly the following questions:
* (1) on what grounds a CheckUser action was performed on my account
on Wikimedia Commons?
* (2) who requested that it be performed on Commons?
* (3) who fulfilled the request?
* (4) why is it acceptable for CUs to share actions related to my
account with non-CUs whilst at the same time actively keeping this
information from me?
* (5) why are complaints such as this actively ignored by the WMF Board?
(1) through (3) can only be answered by the Commons community. It is
completely outside the OC's remit to answer this. @ (4): You might want to
discuss this with the OC non-publicly. We are very interested in getting
any available information about this. In general, you are right that it is
not acceptable to share non-public information with non-CUs. However, it is
acceptable to give CU information to stewards (who might not be CU on
Commons), for example, under certain circumstances.
Best regards,
Thogo.
(current member of the OC)