The Privacy policy at http://wikimediafoundation.org/wiki/Privacy_policy is now out of date, since it precedes the large scale use of "CheckUser" and claims only "developers" have access to the IPs of logged in users.
I am suggested a revised version at http://meta.wikimedia.org/wiki/User:Angela/Privacy_policy (see http://tinyurl.com/nbguc for a diff from the current version).
The main changes are to these two paragraphs:
"IP addresses of users, derived either from those logs or from records in the database are frequently used to correlate usernames and network addresses of edits in investigating abuse of the wiki, including the suspected use of malicious "sockpuppets" (duplicate accounts), vandalism, harassment of other users, or disruption of the wiki."
"It is the policy of Wikimedia that personally identifiable data collected in the server logs, or through records in the database via the CheckUser feature, may be released by the system administrators or users with CheckUser access, in the following situations:"
I intend to propose that the Board accept the new draft as official policy, but would appreciate feedback or further improvements before then. Please comment on this list, or at http://meta.wikimedia.org/wiki/Talk:Privacy_policy
Thanks.
Angela.