Hi,
I think there is need for a brief explanation how Checkuser's interface is like (after looking at some posts): * CheckUser ability status is granted to an account either via CheckUser rights in local projects or via global Steward status (any steward can give himself local CheckUser rights). * So checking a user works only in the project you have the right to do so. * However the CheckUser log file is globally visible to *all* CheckUser people in any project. For example I am CheckUser in Wikimedia Commons only but I can see for example all Checkuser request of en.wikipedia as well (timestamp, wiki, executing person and target person are stored).
The board regularly receives some complaints about checkuser activity and what happened is either that no one look at the case, or look at them poorly. In 95% of case, the "abuse" is imaginary; but we can not be sure that one day there will not be a problem.
Well by far the most CheckUser requests are done in en.wikipedia (> 50% of all project). The total number is ~100 requests daily just in order to give non-CheckUsers an impression of the general usage. de.wikipedia has the most conservative CheckUser use of all large Wikipedia projects (most IP sock puppets are so obvious that there's no point making a CheckUser) and thus has only perfomed a few Checkuser requests. de.wikipedia even doesn't have an own CheckUser person.
So, what I suggest is a sort of ombuds-wo-man for checkuser, who will offer a sympathetic ear to complainers, take charge of investigating cases for the board in an official manner, mediate between the checkuser and the complainer when the case is litigious, educate checkuser if necessary, and will report to the board in case where there IS a problem.
As the logfile is visible to all Checkusers there is already some review of each other and I was more than once talking in private communication that I personally do not feel comfortable with the regular use of Checkuser in en.wikipedia (although I admit that have zero insight in the single cases).
Don't get me wrong: For example regarding the nl.wikipedia-checkuser-abuse-thread I would say this was a perfect valid application doing a Checkuser there.
So I think there's need not to have so many policies with strict automatic application (and I think this is the main reason why en.wikipedia has so many CheckUser requests) but just some trust that an admin blocking somebody as sock puppet did the right thing (TM) and that people go ahead writing an encyclopedia and not creating a wiki-nation.
So data security is very important and it should be made clear to all ckeckusers but creating yet another ombudsman creates IMHO more avoidable meta-work (= work that does not improve a wikipedia article). IMHO "CheckUser-abuse" is mainly an en.wikipedia problem and should be adressed there locally in the main line.
Arnomane