Alphax (Wikipedia email) wrote:
From http://meta.wikimedia.org/wiki/Privacy_policy
It is the policy of Wikimedia that personally identifiable data collected in the server logs, or through records in the database via the CheckUser feature, may be released by the system administrators or users with CheckUser access, in the following situations:
- In response to a valid subpoena or other compulsory request from
law enforcement 2. With permission of the affected user 3. To the chair of Wikimedia Foundation, his legal counsel, or his designee, when necessary for investigation of abuse complaints. 4. Where the information pertains to page views generated by a spider or bot and its dissemination is necessary to illustrate or resolve technical issues. 5. Where the user has been vandalising articles or persistently behaving in a disruptive way, data may be released to assist in the targeting of IP blocks, or to assist in the formulation of a complaint to relevant Internet Service Providers 6. Where it is reasonably necessary to protect the rights, property or safety of the Wikimedia Foundation, its users or the public.
Wikimedia policy does not permit public distribution of such information under any circumstances, except as described above.
I'm glad that you reminded us of exactly what these said. The one glaring absence from these rules, except for Number 3 (which allows Anthere (but not Jimbo ;-) !?) to receive information), is that none identify "to whom". This is likely an area where the rules need to be tighter than most, because of the possible effects on a person's rights beyond Wikimedia. As the present issue shows, the rights in question may also include the rights of non-Wikimedians.