Le 13/03/2016 03:09, Andreas Kolbe a écrit :
things like standard boilerplate language to be signed by
all employees doesn't strike me as something in and of itself to be kept private - there is a valid interest in showing that our policies are fair and humane for employees, responsible in terms of the privacy of personal information, etc.
Nothing appears to have happened since then – we seem to be no nearer to transparency about the non-disclosure agreements and non-disparagement clauses WMF staff have to sign than we were two weeks ago, when discussion around this topic kicked off in another thread.[2]
This seems to be a recurring (and daunting) pattern. People call for transparency about a particular issue. Eventually, someone in a leadership position responds that yes, demands for transparency about this issue are quite reasonable, and in fact more transparency would be absolutely desirable.
At this point, people relax, feeling they have been heard. The clamouring crowd disperses. But in fact, nothing happens, and the same questions arise again some weeks, months, years down the line.
Maggie, is this something your department could take on? It would be good to have one identified person at the Foundation who is responsible for tracking such queries and reporting back to the community, one way or the other.
Andreas
[1] https://lists.wikimedia.org/pipermail/wikimedia-l/2016-March/082852.html [2] http://www.gossamer-threads.com/lists/wiki/foundation/685183#685183
Hello Andreas,
I am a contractor to the WMF and have signed a wild range of legal documents. Both to protect my company, myself, the Wikimedia Foundation Organization and the end-users.
Among such documents, there is the Non Disclosure Agreement which is pretty much standard whenever an organization deal with any kind of sensitive informations. Wikimedia Foundation handles emails, passwords, email address, IP address and most probably payment information for the fundraising and shop.
To the best of my knowledge such agreements are not public, but honestly there is no conspiracy behind that. There are public clues though:
https://meta.wikimedia.org/wiki/Access_to_nonpublic_information_policy https://wikitech.wikimedia.org/wiki/Wikitech:Labs_Terms_of_use Others at: https://meta.wikimedia.org/wiki/Legal#Policies
Volunteers (ie neither staff or contractors) might have to sign a NDA whenever they get privileged access. The process is on: https://wikitech.wikimedia.org/wiki/Volunteer_NDA
What I suspect is granting public read access to the NDA would also disclose the list of signer and that might be a problem for people using a pseudonym. But do not quote me on that.
For access to the servers, there is another document. It is a mix of technical recommendations and again a remember about sensitive data. An example would be: https://www.debian.org/devel/dmup
The short version is: do not mess with the infrastructure or extract sensitive informations. You will be prosecuted.
As for why you haven't had anyone reply back, a few hints:
* ED has changed * folks are busy * not everyone monitor wikimedia-l
So I would assume good faith: probably nobody noticed the request hidden somewhere in a thread.
Since NDA is a legal document, I would highly recommend you to reach out directly to their Legal team:
https://meta.wikimedia.org/wiki/Legal , apparently the answers@ email would be a good entry point.
(I have read/signed the documents there is nothing any important for the end users to see beside what is already publicly available. They can probably be made public. In effect there is no conspiracy.)
Hope it helps.